On Mon, Jan 14, 2019 at 01:42:19PM +0100, Flipchan wrote: > I tried to echo it another way (echo -ne '\user\passwd' | base64 ) > and then > auth plain string > and it works > > > Now im getting new errrors :/ or i think i have misconfigured match, i cant > send to external addresses, log: > http://dpaste.com/2M8JMQC.txt >
you need a rule that matches auth, for example: match auth from any for any action "relay" > On January 14, 2019 1:10:24 PM GMT+01:00, Gilles Chehade <gil...@poolp.org> > wrote: > >On Mon, Jan 14, 2019 at 01:03:19PM +0100, Flipchan wrote: > >> Seems like it adds "\^J" to the username , i base64 encode it using: > >> echo "user" | base64 > >> > >> Log from smtpd -dv -T smtp : > >> http://dpaste.com/0CAVJFF.txt > >> > > > >honestly, i'm confused by what you're doing > > > >can you setup a temporary account, with a temporary password, > >authenticate to it > >using a regular MUA (whichever you want, just don't auth manually), > >then trash > >the account and send us logs that aren't doctored ? > > > > > > > >> On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade > ><gil...@poolp.org> wrote: > >> >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > >> >> Hey, am tryin to upgrade my opensmtpd > >> >> email server running on openbsd 6.3 towards a new one on 6.4, > >> >> i have used a simple config with the new syntax: > >> >> cat /etc/mail/smtpd.conf > >> >> > >> >> table aliases file:/etc/mail/aliases > >> >> > >> >> #table other-relays file:/etc/mail/other-relays > >> >> > >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > >> >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > >> >> > >> >> listen on lo0 > >> >> listen on vio0 port 587 hostname example.com tls-require pki > >> >mail.example.com auth mask-source > >> >> listen on vio0 port 25 hostname example.com tls pki > >mail.example.com > >> >> > >> >> action "mbox" mbox alias <aliases> > >> >> action "relay" relay > >> >> > >> >> match for local action "mbox" > >> >> match for any action "relay" > >> >> match from any for domain example.com action "mbox" > >> >> > >> >> > >> >> i cant login with a users regular username and passwd which is > >weird. > >> > > >> >> In the documentation it says that it is suppose to take regular > >user > >> >creds if not a table is defined which it is not. > >> >> https://man.openbsd.org/smtpd.conf#listen_on > >> >> > >> >> "Users are authenticated against either their own normal login > >> >credentials or a credentials table authtable, the format of which is > >> >described in table(5)." > >> >> > >> >> Does anyone know what im doing wrong here? > >> >> > >> >> maillog: > >> >> Jan 12 16:47:49 host smtpd[95842]: XXXXXXXXXXXXXXX smtp connected > >> >address=ip host=ip Jan 12 16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp starttls address=ip host=ip > >> >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, > >bits=256" > >> >Jan 12 16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp failed-command address=ip > >host=ip > >> >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 > >> >16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:50 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp failed-command address=ip > >host=ip > >> >command="AUTH LOGIN (password)" result="535 Authentication failed" > >> >> > >> > > >> >Hi, > >> > > >> >First of all, it should read mask-src and not mask-source, otherwise > >> >the > >> >auth keyword is assuming a table containing literal string > >> >"mask-source" > >> >and this will cause authentication to fail. > >> > > >> >A good method to troubleshoot, is to run smtpd in trace mode: > >> > > >> > smtpd -dv -T smtp > >> > > >> >create a test user with a temporary password, so you can share the > >> >trace > >> >output here and we can try to figure out what's wrong ... but likely > >> >the > >> >mask-source issue is the cause here. > >> > > >> > > >> >-- > >> >Gilles Chehade @poolpOrg > >> > > >> >https://www.poolp.org tip me: > >> >https://paypal.me/poolpOrg > >> > >> -- > >> Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > >-- > >Gilles Chehade @poolpOrg > > > >https://www.poolp.org tip me: > >https://paypal.me/poolpOrg > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg
