I successfully got the client "test" authenticate on the server "mx1" with this : ------------------------------------------------------- foo@test : # cat /etc/mail/secrets foo foo:password_clear -------------------------------------------------------
But another issue that appeared... Authentication does now work with this line in the file "smtpd.conf" : ------------------------------------------------------- table secrets file:/etc/mail/secrets ------------------------------------------------------- But if instead of a text file I use a db file, it does not work and I see again the message "AUTH rejected: 535 Authentication failed" in the logs : ------------------------------------------------------- table secrets db:/etc/mail/secrets.db ------------------------------------------------------- I generated the db file with "makemap secrets" and there was no error reported by the command. Le lun. 14 juin 2021 à 20:55, Gilles CHEHADE <gil...@poolp.org> a écrit : > > > On 14 Jun 2021, at 19:20, François RONVAUX <francois.ronv...@gmail.com> > wrote: > > > > Thanks for the reply. > > I will have a look at smtpctl encrypt... > > > > > > According to this ressource (section "Credentials tables"): > > https://man.openbsd.org/OpenBSD-6.9/table.5 > > ------------------------------------------------------ > > In a relay context, the credentials are a mapping of labels and > username:password pairs: > > > > label1 user:password > > > > The label must be unique and is used as a selector for the proper > credentials when multiple credentials are valid for a single destination. > > The password is not encrypted as it must be provided to the remote host. > > ------------------------------------------------------ > > > > It clearly states that the password must be not encrypted. > > Maybe this man page is not up to date ? > > For mta authentication, when your server authenticates elsewhere, the > password is not encrypted because it can’t, it must be supplied to the > remote server. > For listener authentication, when a client authenticates to your machine, > the password is encrypted because we use crypt(3) to validate. > > In your mail, you showed the listen configuration: > > listen on egress inet4 \ > tls-require \ > auth > > So I assumed you were talking about incoming authentication. > > > > > And I run and old OpenSMTPD v6.4.0 with relaying e-mails to a gmail > account and it does work with not-encrypted password in the secret file. > > When did this requirement of encrypted password change ? > > > > Regards. > > > > > > > > > > > > > > > > > > Le lun. 14 juin 2021 à 14:08, <gil...@poolp.org> a écrit : > > June 14, 2021 9:19 AM, "François RONVAUX" <francois.ronv...@gmail.com> > wrote: > > > >> Hello, > >> > >> I have a mail server "mx1" with this listening section : > >> ------------------------------------------- > >> listen on egress inet4 \ > >> tls-require \ > >> auth > >> ------------------------------------------- > >> > >> I have also a server "test" and I would want to authenticate the user > when sending an e-mail to the > >> server "mx1" but I get an error : > >> ------------------------------------------- > >> test smtpd[9309]: f3880cf18b73253d mta error reason=AUTH rejected: 535 > Authentication failed > >> ------------------------------------------- > >> > >> "test" seems to connect properly on "mx1" but the error does occur on > the user authentication. > >> > >> Because I can perfectly connect to "mx1" with a MUA like Thunderbird, > it makes me think the error > >> should be located on the opensmtpd "test" secrets file : > >> ------------------------------------------- > >> foo f...@mx1.example.org:password > >> ------------------------------------------- > >> > >> The password is 40 digits long and looks like this : > >> C>(3")GID~7B7%{~LIq_G*JdP6fTW*"[`G)<k?(G > >> > >> Can a special character be a problem in the password field ? > >> If yes, how to deal with it ? > >> > >> Thanks for your suggestions. > > > > The problem is not that there's a special character but that the > password should be crypt(3)-ed, > > look at smtpctl encrypt > >