Community Discussions and Support
only plain connection possible?? [Solved]

I am experince a strange problem with Mercry's authentication. It does not matter if STLS is advertised by Mercury and/or used by the clients.
Depending on the module I can authenticate or I am not able to authenticate.


Testing different clients it all comes down to that I can only authenticate using PLAIN authentication which I find quite strange. CRAM-MD5 no way to be successful.


Mercury 4.91 with:
Pegasus 4.80
pop3 is working
smtp session gives me "wrong username or password" even if I tick "do not use CRAM-MD5 if advertised"
tried smtp with seperate username/password pair and the pop3 login. No success


Thunderbird
imap & smtp only with plain username possible, with & without STLS offered by Mercury and used by Thunderbird


Roundcube
imap & smtp only possible with plain username. Do not use STLS as it is on the same server.


Mercury C 4.7 smtp client from a different location
sending to Mercury 4.91 with CRAM-MD5 not possible
using MercuryD to pickup mail no problem


All error messages are "wrong password or username" as mentioned above.


Is this normal?
How are you authenticating, plain or CRAM_MD5 or...?
I don't know where to look anymore.


In Pegasus mail smtp I can't even choose how to authenticate. I am totaly stuck. How is pop3 authenticated, as it is working ?


Any pointers are really appreciated.


I am experince a strange problem with Mercry's authentication. It does not matter if STLS is advertised by Mercury and/or used by the clients. Depending on the module I can authenticate or I am not able to authenticate. Testing different clients it all comes down to that I can only authenticate using PLAIN authentication which I find quite strange. CRAM-MD5 no way to be successful. Mercury 4.91 with: **Pegasus 4.80** pop3 is working smtp session gives me "wrong username or password" even if I tick "do not use CRAM-MD5 if advertised" tried smtp with seperate username/password pair and the pop3 login. No success **Thunderbird** imap & smtp only with plain username possible, with & without STLS offered by Mercury and used by Thunderbird **Roundcube** imap & smtp only possible with plain username. Do not use STLS as it is on the same server. **Mercury C 4.7 smtp client** from a different location sending to Mercury 4.91 with CRAM-MD5 not possible using MercuryD to pickup mail no problem All error messages are "wrong password or username" as mentioned above. Is this normal? How are you authenticating, plain or CRAM_MD5 or...? I don't know where to look anymore. In **Pegasus** mail smtp I can't even choose how to authenticate. I am totaly stuck. How is pop3 authenticated, as it is working ? Any pointers are really appreciated.
edited Apr 13 '23 at 1:56 am

Hi Johannes,
With us Mercury is used as local mail server only, means it is retrieving all mail from our ISP Mail Provider and provide it locally to the local user mailboxes. Direct user access from outside (internet) is not possible. If our streetworkes would like to check their mails they have to dial-in to Company LAN via VPN first to reach the internal mail server.
That's why we do not need to setup any additional special encryption when local users are accessing Mercury within our company LAN. But nevertheless a simple authentication with username and PW is necessary.


But of course, when connecting to german Mail ISPs, Mercury has to follow their minimum connection requirements as follows:


  • Mercury C (SMTP Client for delivering locally submitted mails to ISP): "SSL encryption via STARTTLS command" over port 587, using one (1) ISP user mailbox credentials for authentication and submitting of all user mails
  • Mercury D (POP3 Client for retrieving mails from ISP mailboxes): "SSL encryption via STARTTLS command" over port 110, using each single ISP mailbox credentials for authentication of each ISP mailbox.

So far the external connection to ISP.


For internal mail submission from Pmail, Thunderbird, Roundcube (or other IT equipment which is sending mails, like firewalls, IP cameras, etc.) to Mercury S (internal SMTP Server) we do not use any additional security settings. Every application can use the SMTP server to submit mails without authentication.


For the internal LAN connection from Pmail, Thunderbird or Roundcube to Mercury I (IMAP Server for accessing the local user mailboxes) also no additional connection control or SSL is activated but the username and PW has to be used. And this is indeed a try and error game, everytime I setup a new Thunderbird Client. Often only the third or fourth attempt succeeded, since I have to say TB to don't use any automatically discovered mail connection but to use our special local IP address of Mercury, the (shortened) local username from Synonym database and PW. Using the right full email address as user name works only sometimes and sometimes not when commissioning a new client. Don't know what it depends on. I prefer using the shortened username from synonym.
But once a connection is established it works great and you don't have to take care of usernames etc. smile


Hi Johannes, With us Mercury is used as local mail server only, means it is retrieving all mail from our ISP Mail Provider and provide it locally to the local user mailboxes. **Direct user access from outside (internet) is not possible**. If our streetworkes would like to check their mails they have to dial-in to Company LAN via VPN first to reach the internal mail server. That's why we do not need to setup any additional special encryption when local users are accessing Mercury within our company LAN. But nevertheless a simple authentication with username and PW is necessary. But of course, when connecting to german Mail ISPs, Mercury has to follow their minimum connection requirements as follows: - Mercury C (SMTP Client for delivering locally submitted mails to ISP): "SSL encryption via STARTTLS command" over port 587, using one (1) ISP user mailbox credentials for authentication and submitting of all user mails - Mercury D (POP3 Client for retrieving mails from ISP mailboxes): "SSL encryption via STARTTLS command" over port 110, using each single ISP mailbox credentials for authentication of each ISP mailbox. So far the external connection to ISP. For internal mail submission from Pmail, Thunderbird, Roundcube (or other IT equipment which is sending mails, like firewalls, IP cameras, etc.) to Mercury S (internal SMTP Server) we do not use any additional security settings. Every application can use the SMTP server to submit mails without authentication. For the internal LAN connection from Pmail, Thunderbird or Roundcube to Mercury I (IMAP Server for accessing the local user mailboxes) also no additional connection control or SSL is activated but the username and PW has to be used. And this is indeed a try and error game, everytime I setup a new Thunderbird Client. Often only the third or fourth attempt succeeded, since I have to say TB to don't use any automatically discovered mail connection but to use our special local IP address of Mercury, the (shortened) local username from Synonym database and PW. Using the right full email address as user name works only sometimes and sometimes not when commissioning a new client. Don't know what it depends on. I prefer using the shortened username from synonym. But once a connection is established it works great and you don't have to take care of usernames etc. :)
edited Apr 12 '23 at 11:08 am

smilesmile my apologies!
I found what was wrong in my case, I missed/overlooked in MercuryS the smtp authentication file.
Starting with a fresh test install of Mercury and going through the module settings, especially MercuryS, I noticed the smtp authentication file. After filling in the required info (username password) all my authentication problems were eleminated. smile


Background: as my current mailserver system is not further developed and TLS1.2 is putting the brakes on, I started moving back to Mercury, thanks to David developing further with TLS1.3.
In my current system creating a username/password pair was all what was necessary for all protocolls. Like in Mercury with imap and pop3. So I did not pay attention to this setting in MercuryS. In the past I had that set too, but that is now nearly 17 years ago.


@Joerg, thank you for the detailed info.

x( x( my apologies! I found what was wrong in my case, I missed/overlooked in MercuryS the smtp authentication file. Starting with a fresh test install of Mercury and going through the module settings, especially MercuryS, I noticed the smtp authentication file. After filling in the required info (username password) all my authentication problems were eleminated. ;) Background: as my current mailserver system is not further developed and TLS1.2 is putting the brakes on, I started moving back to Mercury, thanks to David developing further with TLS1.3. In my current system creating a username/password pair was all what was necessary for all protocolls. Like in Mercury with imap and pop3. So I did not pay attention to this setting in MercuryS. In the past I had that set too, but that is now nearly 17 years ago. @Joerg, thank you for the detailed info.
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft