Bobcares

How to fix ‘SMTP AUTH is required for message submission on port 587’ error in cPanel/WHM servers

by | Apr 3, 2018

Mail servers have an SMTP authentication feature enabled in them, to validate users who try to send mails through that server.

The ‘SMTP AUTH’ error usually happens when users try to send mails without properly authenticating their mail account in email clients such as Outlook or Thunderbird.

What causes the error ‘SMTP AUTH is required for message submission on port 587’ in cPanel/WHM servers

With the latest cPanel/WHM update, email accounts that were working fine till now, may find their mails getting undelivered, showing this error message in the Exim log:

2016-09-22 04:28:29 H=([]:1741 F=<test@bobcares.com> rejected RCPT <test@bobcares.com>: SMTP AUTH is required for message submission on port 587

This has happened due to a latest security feature implemented in cPanel/WHM – ‘SMTP AUTH’ requires SSL by default.

Are you facing email errors in your site?

CLICK HERE TO FIX YOUR MAILS AT JUST $59.99

 

To combat spamming in servers and to provide secure email transmission, email clients that try to send mails without using secure transmission will be denied mail delivery through the server.

The option that determines this is ‘Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server’, which is set to ‘On’ by default, in WHM -> Exim Configuration Editor.

smtp-auth-is-required-for-message-submission-on-port

Default SMTP AUTH setting in WHM for SSL

 

While this SSL setting is enabled by default for SMTP, IMAP/POP3 stills works without SSL. So servers with ‘POP before SMTP’ feature enabled, will not face this error.

However, as ‘POP before SMTP’ feature authorizes users to relay through the mail server, this setting is disabled in WHM for many servers due to security issues:

smtp-auth-is-required-for-message-submission-on-port

POP before SMTP disabled in WHM

 

Thus, users in mail servers with the following combined setting, will get error when they try to sends mails with plain authentication:

1. POP before SMTP – disabled

2. Require clients to connect with SSL – enabled

With these settings in place, SMTP authentication will not work unless STARTTLS OR SSL/TLS is enabled in mail client.

The error can happen even in the case of mailer scripts or 3rd party software that send mails from the server without SSL authentication.

[ You don’t have to lose your sleep over lost emails. Get our professional help to fix your mail errors for just $59.99. ]

The error message, however, varies with the port configured in the email client or code of the users. For users connecting to port 587 without SSL, the message in the logs would be:

rejected RCPT <test@bobcares.com>: SMTP AUTH is required for message submission on port 587

For users connecting to port 25 of mail server, here is a variant of the error message from the Exim logs:

rejected RCPT <test@gmail.com>: Please turn on SMTP Authentication in your mail client. ([]) [IPaddress]:1604 is not permitted to relay through this server without authentication.

How to fix error ‘SMTP AUTH is required for message submission on port 587’ in cPanel/WHM servers

This error implies that, unless “POP before SMTP” is enabled, customers will not be able to send email without using SSL via ports 587 or 25.

So, to immediately fix the error for the users in the server, the option is to enable ‘POP before SMTP’. To do that, go to ‘WHM –> Tweak Settings’.

Set the option ‘Allow users to relay mail if they use an IP address through which someone has validated an IMAP or POP3 login within the last hour (Pop-before-SMTP)’ to ‘On’.

This enables users to send mails without changing their code or mail client settings, as mails can be sent without SSL encryption, after authenticating in the POP server.

You can also disable the SSL requirement by turning the option ‘Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server‘ to ‘Off‘.

However, these are less recommended fixes, due to security reasons. A secure and more advisable work around is to configure your clients’ code and mail programs to use SSL authentication.

[ Are your users complaining about email errors? Get our server specialists’ assistance to fix your mail server for just $59.99/hr. ]

Here is how to configure SSL authentication for SMTP in popular mail clients such as Thunderbird and Outlook.

1. How to configure Thunderbird to use SSL

The steps to configure authentication in Thunderbird is pretty easy:

  1. In Thunderbird, under ‘Tools‘ select ‘Account Settings‘.
  2. Select ‘Outgoing Server (SMTP)‘ and click ‘Edit‘.
  3. Enable the ‘Use name and password‘ option.
  4. Under ‘Security and Authentication‘, enable STARTTLS as the ‘Connection security‘.
  5. Enter the username and password and click OK.

Email configuration in Thunderbird

Email configuration in Thunderbird

 

[ Need help resolving email errors in your sites? Get assistance from our server experts to fix your website for just $59.99. ]

2. How to configure Microsoft Office Outlook to use SSL

To enable SSL authentication in Microsoft Outlook, the steps are:

    1. Select the Tools -> Account Settings option.
    2. On the Email tab, click New.
    3. In the Add New Account dialog box, enter the Name, email address and password.
    4. Check the option ‘Require logon using SPA’.
      Create mail account in Outlook
    5. Click on ‘More Settings’ and choose ‘Advanced‘ tab.
    6. In the ‘Outgoing server (SMTP)’, choose ‘TLS‘ under ‘Use the following type of encrypted connection’.

      Use SSL authentication for SMTP server

      Use SSL authentication for SMTP server

    7. Click OK to save the settings.

In short..

Today we discussed about the new security feature in cPanel/WHM servers for securing Exim mail server, and the error message that happens due to it.

Email server configuration should be done in an optimal way, keeping a balance between server security and functional requirements.

While it is advisable to implement secure email practices for all users in the server, sudden updates and feature changes in cPanel/WHM may tamper with the normal user functions.

At Bobcares, we maintain and manage email servers securely to avoid spamming and spoofing and our 24/7 support team identifies and fixes errors in no time.

If you’d like to know how to secure your mail server and prevent email bounce errors, we’d be happy to talk to you.

 

Getting intermittent email errors?

No more delayed or undelivered emails. We'll fix your email errors in no time.

Click Now to resolve your email errors at just $59.99

var google_conversion_label = "Blp0CLCojHIQ0aD71QM";

8 Comments

  1. Vitor

    Saved my life.
    Tks

    Reply
  2. Clifford Shivkar

    Good Explanation. Keep up the good work.

    Thanks & Best Regards,

    Reply
    • bobadmin

      Thanks Clifford 🙂

      Reply
  3. Rulo

    Cómo deshabilito esta opción en Cpanel?

    Reply
  4. Geraldine Phillip

    I came across your post per chance. Noticed the effort in detail and accuracy of response. Totally appreciate your site. You really care.

    Reply
  5. Edwin Ode

    Thank you so much, I’ve been battling with this issue on a VPS i acquired from godaddy for almost a week now but this just solved my problem.

    Appreciate you man.

    Reply
  6. jAN

    I’ve been struggling sending email through PORT 26 for two months & this perfect morning I found this solution for my WHM. THANK YOU VERY MUCH for all the TIPS. Cheers………. 🙂 YOU THE BEST TIPSTER 🙂

    Reply
    • Hiba Razak

      Hi Jan,
      Glad to know that our article helps you solves the issue ? .

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF