Problem Symptoms
When trying to signup an IMAP account it returns the error message below in the dashboard Authentication logs:
Provider: Custom
LoginError('[AUTHENTICATIONFAILED] LOGIN Invalid credentials',)
Description
Most of the time the problem relates to:
- Wrong port number
- Server does not have a valid SSL/TLS connection.
Resolution
1. Make sure the port number & username password is correct:
- Try connecting via https://testconnectivity.microsoft.com/tests/O365Imap/input
- Ensure Authentication is set to Basic
- This only tests the IMAP side not the SMTP side, nor does it test the SSL certificates
- Confirmed: We now know the username / password and port 993 are correct.
2. Confirm the IMAP server is running IMAP4rev1
- Run openssl s_client -connect mail.therebepirate.com:993 -crlf
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
- Confirmed: We now know we will not have issues with UID validity
3. Confirm SMTP port details and confirm that SSL/TLS certificate (=>1.2) is installed correctly.
- Within a terminal window run openssl s_client -connect imap.server.name:465 -crlf
- Make sure you get a response that does not look like this: This has NO services running on it.
CONNECTED(00000006)
4514381420:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/ssl/ssl_pkt.c:386:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1652458116
Timeout : 7200 (sec)
Verify return code: 0 (ok)
- This an example of a working SMTP server with a signed certificate, it doesn't have to be signed be a Certificate Authority. NOTE: The server name at the bottom.
CONNECTED(00000005)
depth=3 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
verify return:1
depth=0 CN = hp281.hostpapa.com
verify return:1
---
Certificate chain
0 s:/CN=hp281.hostpapa.com
i:/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
1 s:/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgIRAMRGsEwzUmnzdPrcOaftv7wwDQYJKoZIhvcNAQELBQAw
......
owoLaOB+3xWEViraMIXh2SF5
-----END CERTIFICATE-----
subject=/CN=hp281.hostpapa.com
issuer=/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4954 bytes and written 322 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: E8A8A8C450E2BC8566B4E074241B67B1F922505B22B24D165511C9DF730F8257
Session-ID-ctx:
Master-Key: F62D773F40D44FE68D38614BA38CF96501F4DEF4AC2EBB05E8D7DF0D790465302D42A3FBEFC57F45A1DF2A4AF2BB2BA7
Start Time: 1652458595
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
220-hp281.hostpapa.com ESMTP Exim 4.94.2 #2 Fri, 13 May 2022 17:16:36 +0100
We now know the following and should be able to connect.
- Username & password are correct
- We have the right port numbers i.e. SMTP 465 and IMAP 993 - PROVIDERS use different ports.
Updated
Comments
0 comments
Please sign in to leave a comment.