On Tue, Apr 29, 2025 at 04:00:04PM +0200, BetaRays wrote:
On 2025-04-29, at 14:35 +0200, axreios wrote:
On Tue, Apr 29, 2025 at 02:34:00AM +0000, Otto Retter wrote:
Hello,
action "tanoutbound" relay host smtp://mail.airstreamcomm.net
auth <ratable>
action "axreiosoutbound" relay host
smtp://mail.airstreamcomm.net auth <ratable>
As far as I am aware, this would attempt relay over port 25, and
without TLS, which is usually not used for authenticated SMTP. Do
you know what port your ISP's MTA is using for authenticated SMTP?
Usually it would be 465 for implicit TLS or 587 for STARTTLS.
I think you should also include the aliases table key in the host
value. Here is a possible example line for implicit TLS:
'''
action "tanoutbound" relay host
smtps://[email protected]:465 auth <ratable>
'''
Also, if you actually ran the previous configuration live you may
want to consisder rotating credentials. If TLS was not used an
on-path attacker might have read your credentials in the plain.
- Otto
Thank you Otto for your response and advice. But my problem remains.
Let me approach it this way: in mutt, when I configure it to be its own
smtp server, I set ssl_force_tls=no, ssl_starttls=yes, and
smtp_authenticators=login. What would be the equivalent action line in
smtp.conf? And one further question: can authentication in opensmtpd
handle an isp username in the form of
[email protected]@mail.airstreamcomm.net? Please advise. And thanks
for reading.
axreios
Hi, according to man smtpd.conf, what goes before the @ character is a
label, so you can use anything here, as long as it matches with a line
such as
tan [email protected]:myverysecurepassword
…from your ratable file, which is where the user used for login will
be used, while still connecting to mail.airstreamcomm.net if used
after the @ character in the relay host […] part.
additionally, you can use any of these protocols, but the manual seems
to indicate that authentication will only work when setting smtps or
smtp+tls:
smtp Normal SMTP session with opportunistic STARTTLS (the default).
smtp+tls Normal SMTP session with mandatory STARTTLS.
smtp+notls Plain text SMTP session without TLS.
lmtp LMTP session. port is required.
smtps SMTP session with forced TLS on connection. The default port is
465.
I think simply using smtp+tls://[email protected] (and same
with axreios) with the right port (usually 587) should work with your
current configuration.
(At least I *hope* that you aren’t sending your password without
encryption on the internet because your ISP doesn’t support STARTTLS.)
I hope this helps.
Thank you for your reply and suggestion. I am narrowing down my
problem. I configure mutt to use smtp and port 587, which works; I see
the brief notice of use of tls. But this does not work from opensmtpd
and I suspect the authentication problem results from the extended
username. Mutt seems able to deal with this by putting into a string
variable my username at the local isp. But the local isp merely passes
my login attempt to the regional isp. So the login name is concantated
to the form
[email protected]@mail.airstreamcomm.net
The result is the authenication error numbers in the subject line of
this thread. The second '@' seems to throw a monkey-wrench into the
process. Or else I don't know how to properly list it in my ratable
(secrets) file. Unless someone here can further enlighten me, it looks
like it will be necessary for me to configure mutt as its own smtp
server, which will leave me with little use for opensmtpd. That is not
my preference, but I don't see how to proceed otherwise. Thanks for
reading.
axreios
