Mail servers have an SMTP authentication feature enabled in them, to validate users who try to send mails through that server.

The ‘SMTP AUTH’ error usually happens when users try to send mails without properly authenticating their mail account in email clients such as Outlook or Thunderbird.

What causes the error ‘SMTP AUTH is required for message submission on port 587’ in cPanel/WHM servers

With the latest cPanel/WHM update, email accounts that were working fine till now, may find their mails getting undelivered, showing this error message in the Exim log:

2016-09-22 04:28:29 H=([]:1741 F= rejected RCPT : SMTP AUTH is required for message submission on port 587

This has happened due to a latest security feature implemented in cPanel/WHM – ‘SMTP AUTH’ requires SSL by default.

To combat spamming in servers and to provide secure email transmission, email clients that try to send mails without using secure transmission will be denied mail delivery through the server.

The option that determines this is ‘Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server’, which is set to ‘On’ by default, in WHM -> Exim Configuration Editor.

Default SMTP AUTH setting in WHM for SSL

While this SSL setting is enabled by default for SMTP, IMAP/POP3 stills works without SSL. So servers with ‘POP before SMTP’ feature enabled, will not face this error.

However, as ‘POP before SMTP’ feature authorizes users to relay through the mail server, this setting is disabled in WHM for many servers due to security issues:

POP before SMTP disabled in WHM

Thus, users in mail servers with the following combined setting, will get error when they try to sends mails with plain authentication:

1. POP before SMTP – disabled

2. Require clients to connect with SSL – enabled

With these settings in place, SMTP authentication will not work unless STARTTLS OR SSL/TLS is enabled in mail client.

The error can happen even in the case of mailer scripts or 3rd party software that send mails from the server without SSL authentication.

[ You don’t have to lose your sleep over lost emails. Get our professional help to fix your mail errors for just $59.99. ]

The error message, however, varies with the port configured in the email client or code of the users. For users connecting to port 587 without SSL, the message in the logs would be:

rejected RCPT : SMTP AUTH is required for message submission on port 587

For users connecting to port 25 of mail server, here is a variant of the error message from the Exim logs:

rejected RCPT : Please turn on SMTP Authentication in your mail client. ([]) [IPaddress]:1604 is not permitted to relay through this server without authentication.

How to fix error ‘SMTP AUTH is required for message submission on port 587’ in cPanel/WHM servers

This error implies that, unless “POP before SMTP” is enabled, customers will not be able to send email without using SSL via ports 587 or 25.

So, to immediately fix the error for the users in the server, the option is to enable ‘POP before SMTP’. To do that, go to ‘WHM –> Tweak Settings’.

Set the option ‘Allow users to relay mail if they use an IP address through which someone has validated an IMAP or POP3 login within the last hour (Pop-before-SMTP)’ to ‘On’.

This enables users to send mails without changing their code or mail client settings, as mails can be sent without SSL encryption, after authenticating in the POP server.

You can also disable the SSL requirement by turning the option ‘Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server‘ to ‘Off‘.

However, these are less recommended fixes, due to security reasons. A secure and more advisable work around is to configure your clients’ code and mail programs to use SSL authentication.

[ Are your users complaining about email errors? Get our server specialists’ assistance to fix your mail server for just $59.99/hr. ]

Here is how to configure SSL authentication for SMTP in popular mail clients such as Thunderbird and Outlook.

1. How to configure Thunderbird to use SSL

The steps to configure authentication in Thunderbird is pretty easy:

1. In Thunderbird, under ‘Tools‘ select ‘Account Settings‘.
2. Select ‘Outgoing Server (SMTP)‘ and click ‘Edit‘.
3. Enable the ‘Use name and password‘ option.
4. Under ‘Security and Authentication‘, enable STARTTLS as the ‘Connection security‘.
5. Enter the username and password and click OK.

[ Need help resolving email errors in your sites? Get assistance from our server experts to fix your website for just $59.99. ]

2. How to configure Microsoft Office Outlook to use SSL

To enable SSL authentication in Microsoft Outlook, the steps are:

1. 1. Select the Tools -> Account Settings option.
   2. On the Email tab, click New.
   3. In the Add New Account dialog box, enter the Name, email address and password.
   4. Check the option ‘Require logon using SPA’.
      
   5. Click on ‘More Settings’ and choose ‘Advanced‘ tab.
   6. In the ‘Outgoing server (SMTP)’, choose ‘TLS‘ under ‘Use the following type of encrypted connection’.
      

      Use SSL authentication for SMTP server

   7. Click OK to save the settings.

In short..

Today we discussed about the new security feature in cPanel/WHM servers for securing Exim mail server, and the error message that happens due to it.

Email server configuration should be done in an optimal way, keeping a balance between server security and functional requirements.

While it is advisable to implement secure email practices for all users in the server, sudden updates and feature changes in cPanel/WHM may tamper with the normal user functions.

At Bobcares, we maintain and manage email servers securely to avoid spamming and spoofing and our 24/7 support team identifies and fixes errors in no time.

If you’d like to know how to secure your mail server and prevent email bounce errors, we’d be happy to talk to you.