DevOps

Synology MailPlus: Email Domain Login Fails, Local Works

Troubleshoot Synology MailPlus authentication issues where login fails for email domains like user1@mydomen.ru but succeeds with local domain user1@mydomen.local. Learn Directory Server role, alias priority, and step-by-step fixes.

1 answer 1 view

Synology MailPlus authentication issue: Why does login fail with email domains (e.g., user1@mydomen.ru) but succeed with local domain (user1@mydomen.local)?

Setup:

  • Synology NAS with Directory Server package configured for local domain mydomen.local.
  • MailPlus Server and MailPlus installed.
  • Mail domains added: mydomen.ru, mydomen2.ru.
  • User accounts:
  • Directory Server: mydomen\user1 → MailPlus: user1@mydomen.ru
  • Directory Server: mydomen\user2 → MailPlus: user2@mydomen2.ru

Issue:

  • Web login at https://mydomen.ru:
  • user1@mydomen.ru + password → “Account or password entered incorrectly.”
  • user1@mydomen.local + password → Success.
  • Same for user2: Only .local works, not .ru or mydomen2.local.

KB states aliases have higher priority than username, but user1@mydomen.ru fails. Is this due to Directory Server local domain configuration?

Synology MailPlus authentication fails for email domains like user1@mydomen.ru because it relies on DSM’s account system, where Domain Users mode only authenticates against the Directory Server’s bound local domain (mydomen.local). Aliases for external domains (mydomen.ru, mydomen2.ru) don’t override this during login—they’re resolved post-authentication if the base account matches. Switching to user1@mydomen.local works since it directly hits the configured Directory Server domain.

Contents

Synology MailPlus Authentication Basics

Ever tried logging into your Synology MailPlus web client and hit a wall with “Account or password entered incorrectly,” even though you’re dead sure the credentials are right? You’re not alone. MailPlus Server ties directly into DSM’s user management, pulling accounts from either local users, LDAP, or Domain Users—but crucially, only one type can be active at a time.

In your setup, with Directory Server bound to mydomen.local, MailPlus defaults to Domain Users mode. That means authentication checks strictly against mydomen\user1 or similar. The Synology MailPlus Server admin guide spells it out: external domains added as mail domains become aliases, but they don’t expand the authentication pool. Punch in user1@mydomen.ru, and MailPlus looks for a base account in the bound domain first. No match? Denied.

Why does user1@mydomen.local sail through? Simple—it’s the exact format Directory Server expects. MailPlus then maps the alias afterward for email routing. Frustrating, right? But understanding this unlocks the fix.

Role of Directory Server in Domain Setup

Directory Server isn’t just a user directory; it’s the gatekeeper for domain-bound authentication on your Synology NAS. You configured it for mydomen.local, creating users like mydomen\user1. MailPlus integrates seamlessly here, treating these as primary accounts.

When you add mail domains (mydomen.ru, mydomen2.ru) in MailPlus, you’re setting up aliases: user1@mydomen.ru points to user1@mydomen.local. But here’s the catch—Directory Server dictates who gets authenticated. The admin guide confirms MailPlus uses the “same account system as DSM,” so if it’s Domain Users bound to .local, external domains are for receiving/sending mail, not logging in.

Think of it like this: Directory Server is the bouncer checking IDs at the door. Aliases are nicknames for inside the club, but you still need the real ID to enter. Your user2@mydomen2.ru setup follows the same logic—only .local variants work because that’s the bound domain.

Why Email Domain Logins Fail

Picture logging into https://mydomen.ru with user1@mydomen.ru. MailPlus strips the alias, hunts for user1 in the Directory Server’s domain (mydomen.local), and… crickets. No base account match in Domain Users mode, so it spits out the error.

The KB you mentioned about aliases having “higher priority than username” holds true after authentication. Per the Synology documentation, this priority kicks in only if the account type aligns with the alias’s domain. Your external domains don’t qualify under Domain Users.

Same story for user2@mydomen2.ru. Even user2@mydomen2.local flops because Directory Server isn’t bound to mydomen2.ru—it’s laser-focused on mydomen.local. Community guides like this Dynu tutorial echo this: MailPlus authenticates against the local database first, aliases second.

Short version? Domain mismatch kills the login before aliases even enter the chat.

Understanding Alias Priority Rules

Aliases sound handy—route user1@mydomen.ru to your local user. But priority rules are picky. The admin guide clarifies: “Aliases have higher priority than username” applies within the active account type’s scope.

  • Domain Users (your case): Bound to mydomen.local. Aliases for .ru domains are ignored for auth.
  • Local Users: Broader—aliases work across any domain you define.
  • LDAP: External directory rules apply.

Your mappings (mydomen\user1user1@mydomen.ru) are perfect for mail flow but useless for login in Domain Users mode. Test it: Create a pure local user without Directory Server ties, and aliases shine. But with Directory Server active? Stick to .local or switch modes.

Confused yet? Most users are—it’s why forums light up with these exact gripes.

Step-by-Step Fixes for Login Issues

Ready to make user1@mydomen.ru work? Here’s how, no fluff.

  1. Quick Win: Use Local Domain Login
    Just log in as user1@mydomen.local. MailPlus resolves the alias for your inbox. Works instantly, zero config changes.

  2. Switch MailPlus Account Type to Local Users
    In MailPlus Server > Account > Account Type: Select “Local Users.” Restart the package. Now aliases authenticate directly. Drawback? Loses Directory Server integration—users must be created locally too. Dynu’s setup guide walks through this for custom domains.

  3. Reconfigure Directory Server for External Domains
    Unbind from mydomen.local, bind to mydomen.ru. Migrate users. Risky for existing setups—backup first. Admin guide details the process.

  4. Test Thoroughly
    After changes: Clear browser cache, try web client at https://mydomen.ru, then mobile app. Check MailPlus logs (Control Panel > Log Center) for auth clues.

Pick #1 for speed, #2 for flexibility. Licenses? MailPlus handles up to your package limit regardless.

Best Practices for MailPlus Setup

Don’t stop at fixes—build right from the start. Bind Directory Server to your primary mail domain (mydomen.ru), not a .local internal one. Use Local Users for small teams; Domain/LDAP for enterprises.

  • Set “Mail System Hostname” to mail.mydomen.ru early.
  • Enable aliases explicitly per user in MailPlus.
  • Monitor with DSM’s Log Center—search “MailPlus-Server” for auth fails.
  • Scale thoughtfully: Free tier caps users; grab licenses for growth.

Pro tip: Test logins across web, desktop, and mobile post-setup. Saves headaches later. As of 2026, Synology’s still refining this—keep DSM/MailPlus updated.

Sources

  1. Synology MailPlus Server Administrator’s Guide (PDF)
  2. How to Set Up Synology MailPlus with Your Own Domain Name - Dynu

Conclusion

Synology MailPlus authentication hinges on matching your Directory Server’s bound domain—external aliases like mydomen.ru won’t authenticate in Domain Users mode, explaining why only .local logins succeed. Switch to Local Users or rebind Directory Server for full email domain support, and you’ll be sending/receiving without a hitch. Nail this, and your NAS mail setup runs smooth—test it today.

Authors
NeuroAnswers
Author
Verified by moderation
NeuroAnswers
Moderation
Synology MailPlus: Email Domain Login Fails, Local Works