If you telnet to port 25, do an EHLO host, does the response include AUTH? If not, opensmtpd is not offering AUTH over unencrypted port 25 connections.
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larry...@gmail.com US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 On 7/11/18, 6:05 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: now in roundcube config I have the following: $config['default_host'] = 'my static IP'; $config['smtp_server'] = 'my static IP'; $config['smtp_port'] = 25; but I get the following: SMTP server does not support authentication () SMTP Error: Authentication failure: SMTP server does not support authentication (Code: ) On Thu, Jul 12, 2018 at 1:02 AM, Larry Rosenman <larry...@gmail.com> wrote: > Yes. > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > On 7/11/18, 6:02 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: > > you mean to turn off TLS in roundcube config file? > > On Thu, Jul 12, 2018 at 12:51 AM, Larry Rosenman <larry...@gmail.com> wrote: > > Turn off TLS for webmail. It's not leaving the machine. > > > > Or get a letsencrypt.org cert. (they are free) see acme.sh (https://github.com/Neilpang/acme.sh) > > > > > > -- > > Larry Rosenman http://www.lerctr.org/~ler > > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > On 7/11/18, 5:48 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: > > > > which means I can't use a self-signed cert at all? Or can I define > > this somewhere? > > > > On Thu, Jul 12, 2018 at 12:46 AM, Larry Rosenman <larry...@gmail.com> wrote: > > > yep > > > > > > -- > > > Larry Rosenman http://www.lerctr.org/~ler > > > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > On 7/11/18, 5:46 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: > > > > > > the maillog shows: > > > > > > reason="io-error: error:14037418:SSL routines:ACCEPT_SR_KEY_EXCH:tlsv1 > > > alert unknown ca" > > > > > > please note that I'm using a self-signed cert. Is that the reason? > > > > > > On Thu, Jul 12, 2018 at 12:42 AM, Larry Rosenman <larry...@gmail.com> wrote: > > > > Then you need to look at the opensmtpd logs to figure out why the starttls is failing. > > > > > > > > > > > > > > > > -- > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > On 7/11/18, 5:42 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: > > > > > > > > actually I did define the staic IP address already and now I get the > > > > following in the roundcube error log: > > > > > > > > STARTTLS failed () > > > > Invalid response code received from server (-1) > > > > Failed to write to socket: unknown error () > > > > SMTP Error: Authentication failure: STARTTLS failed (Code: ) > > > > > > > > > > > > > > > > On Thu, Jul 12, 2018 at 12:40 AM, Larry Rosenman <larry...@gmail.com> wrote: > > > > > Yes, or, add another block of lines with lo (or lo0) depending on what your kernel uses for loopback in place of the $egress_int parameter to get it to listen on 127.0.0.1 as well. > > > > > > > > > > > > > > > > > > > > -- > > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > > > On 7/11/18, 5:38 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: > > > > > > > > > > shows the static IP address of the box. You mean to put that address > > > > > in the config file? > > > > > > > > > > On Thu, Jul 12, 2018 at 12:36 AM, Larry Rosenman <larry...@gmail.com> wrote: > > > > > > What does ifconfig nfe0 show for inet? > > > > > > > > > > > > > > > > > > -- > > > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > > > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > > > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > > > > > On 7/11/18, 5:35 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: > > > > > > > > > > > > but: > > > > > > > > > > > > egress_int="nfe0" > > > > > > > > > > > > you mean to put this value? > > > > > > > > > > > > On Thu, Jul 12, 2018 at 12:30 AM, Larry Rosenman <larry...@gmail.com> wrote: > > > > > > > $egress_int is NOT 127.0.0.1. > > > > > > > > > > > > > > Change roundcube to use the same address. > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > > > > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > > > > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > > > > > > > On 7/11/18, 5:26 PM, "Teno Deuter" <gvg...@googlemail.com> wrote: > > > > > > > > > > > > > > this is what I have now in my smptd conf file: > > > > > > > > > > > > > > listen on $egress_int pki server.pki tls-require hostname [domain] > > > > > > > listen on $egress_int pki server.pki port 587 tls-require auth hostname [domain] > > > > > > > listen on $egress_int pki server.pki smtps auth hostname [domain] > > > > > > > > > > > > > > but the problem is still there :( > > > > > > > > > > > > > > On Thu, Jul 12, 2018 at 12:04 AM, Larry Rosenman <larry...@gmail.com> wrote: > > > > > > > > --- > > > > > > > > /etc/smtpd/smtpd.conf > > > > > > > > pki mx.domain.tld certificate "/etc/smtpd/tls/smtpd.crt" > > > > > > > > pki mx.domain.tld key "/etc/smtpd/tls/smtpd.key" > > > > > > > > > > > > > > > > table creds "/etc/smtpd/creds" > > > > > > > > table vdoms "/etc/smtpd/vdoms" > > > > > > > > table vusers "/etc/smtpd/vusers" > > > > > > > > > > > > > > > > listen on eth0 tls pki mx.domain.tld > > > > > > > > listen on eth0 port 587 tls-require pki mx.domain.tld auth <creds> > > > > > > > > > > > > > > > > accept from any for domain <vdoms> virtual <vusers> deliver to mbox > > > > > > > > accept for any relay > > > > > > > > ---- > > > > > > > > Add a: > > > > > > > > listen on lo port 587 tls-require pki mx.domain.tld auth <creds> > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Larry Rosenman http://www.lerctr.org/~ler > > > > > > > > Phone: +1 214-642-9640 E-Mail: larry...@gmail.com > > > > > > > > US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 > > > > > > > > > > > > > > > > On 7/11/18, 5:00 PM, "dovecot on behalf of Teno Deuter" <dovecot-boun...@dovecot.org on behalf of gvg...@googlemail.com> wrote: > > > > > > > > > > > > > > > > produces an empty result! > > > > > > > > > > > > > > > > On Wed, Jul 11, 2018 at 11:57 PM, Richard > > > > > > > > <inbound-dove...@listmail.innovate.net> wrote: > > > > > > > > > what does the output of: > > > > > > > > > > > > > > > > > > netstat -n | grep :587 > > > > > > > > > > > > > > > > > > run as root, show you? the -p will give the program and pid. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> Date: Wednesday, July 11, 2018 21:51:09 +0000 > > > > > > > > >> From: Larry Rosenman <larry...@gmail.com> > > > > > > > > >> > > > > > > > > >> Yep, you (probably) need to configure openSMTPD to listen on 587 > > > > > > > > >> > > > > > > > > >> (I run exim, so I can't help with that). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
