On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > Hey, am tryin to upgrade my opensmtpd > email server running on openbsd 6.3 towards a new one on 6.4, > i have used a simple config with the new syntax: > cat /etc/mail/smtpd.conf > > table aliases file:/etc/mail/aliases > > #table other-relays file:/etc/mail/other-relays > > pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > > listen on lo0 > listen on vio0 port 587 hostname example.com tls-require pki mail.example.com > auth mask-source > listen on vio0 port 25 hostname example.com tls pki mail.example.com > > action "mbox" mbox alias <aliases> > action "relay" relay > > match for local action "mbox" > match for any action "relay" > match from any for domain example.com action "mbox" > > > i cant login with a users regular username and passwd which is weird. > In the documentation it says that it is suppose to take regular user creds if > not a table is defined which it is not. > https://man.openbsd.org/smtpd.conf#listen_on > > "Users are authenticated against either their own normal login credentials > or a credentials table authtable, the format of which is described in > table(5)." > > Does anyone know what im doing wrong here? > > maillog: > Jan 12 16:47:49 host smtpd[95842]: XXXXXXXXXXXXXXX smtp connected address=ip > host=ip Jan 12 16:47:49 host > smtpd[95842]: XXXXXXXXXXXXXXX smtp starttls address=ip host=ip > ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256" Jan > 12 16:47:49 host > smtpd[95842]: XXXXXXXXXXXXXXX smtp authentication user=user address=ip > host=ip result=permfail Jan 12 16:47:49 host > smtpd[95842]: XXXXXXXXXXXXXXX smtp failed-command address=ip host=ip > command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 16:47:49 > host > smtpd[95842]: XXXXXXXXXXXXXXX smtp authentication user=user address=ip > host=ip result=permfail Jan 12 16:47:50 host > smtpd[95842]: XXXXXXXXXXXXXXX smtp failed-command address=ip host=ip > command="AUTH LOGIN (password)" result="535 Authentication failed" >
Hi, First of all, it should read mask-src and not mask-source, otherwise the auth keyword is assuming a table containing literal string "mask-source" and this will cause authentication to fail. A good method to troubleshoot, is to run smtpd in trace mode: smtpd -dv -T smtp create a test user with a temporary password, so you can share the trace output here and we can try to figure out what's wrong ... but likely the mask-source issue is the cause here. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg