from:"\"Panagiotis Atmatzidis\""

Problem with simple user authentication scheme

2014-05-08 Thread Panagiotis Atmatzidis

Greetings to everyone,

I am trying to configure OpenSMTD with TLS + simple auth in order to be able to 
send email from my laptop and mobile using the server.

My 'smtpd.conf' is:
-

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# SSL PKI Certificates
pki domain.net certificate "/etc/mail/certs/host.cert"
pki domain.net key "/etc/mail/certs/host.key"

# If you edit the file, you have to run "smtpctl update table aliases"
table users "/usr/local/etc/mail/virtual.users.txt"
table domains   "/usr/local/etc/mail/virtual.domains.txt"
table secrets   "/usr/local/etc/mail/secrets"
table virtuals  "/usr/local/etc/mail/virtual.aliases.txt"
table aliases   db:/usr/local/etc/mail/aliases.db

# To accept external mail, replace with: listen on all
listen on 127.0.0.1 
listen on xx.xx.xx.xx secure pki domain.net auth  hostname domain.net

accept for local alias  deliver to mbox
accept from any for domain  relay via lmtp://127.0.0.1:2026 
accept from any for domain  alias 
-

My 'secrets' file looks like this:
-
root@domain:/usr/local/etc/mail # cat secrets 
atma => test:test123
-

The server runs successfully (see log below)  and I try to test my connection 
using OpenSSL:
-
$ openssl s_client -connect domain.net:465
CONNECTED(0003)
[...]
220 domain.net ESMTP OpenSMTPD
EHLO domain.net
250-domain.net Hello domain.net [xxx.xxx.xx.xxx], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 36700160
250-DSN
250-AUTH PLAIN LOGIN
250 HELP
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdA==# <= my input from: perl -MMIME::Base64 -e 'print 
encode_base64("test");'   
334 UGFzc3dvcmQ6
dGVzdDEyMw==# <= my input from: perl -MMIME::Base64 -e 'print 
encode_base64("test123");' 
535 Authentication failed
read:errno=0
-

In the meantime in the server I can see the logs complaining of course:

-
root@domain:/usr/local/etc/mail # smtpd -dv
debug: init ssl-tree
info: loading pki information for domain.net
info: OpenSMTPD 5.4.2p1 starting
debug: bounce warning after 4h
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
info: startup [debug mode]
debug: queue: done loading queue into scheduler
mfa: building simple chains...
mfa: building complex chains...
mfa: done building complex chains
mfa: done building default chain
libevent 1.4.14b-stable (kqueue)
debug: parent_send_config_ruleset: reloading
debug: parent_send_config_mfa: reloading
debug: parent_send_config: configuring smtp
debug: mfa ready
debug: smtp: listen on 1xx.xx.xx.xx port 25 flags 0x49 pki "domain.net"
debug: smtp: listen on 1xx.xx.xx.xx port 465 flags 0x4a pki "domain.net"
debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki ""
debug: smtp: will accept at most 14392 clients
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x8024b6000
smtp-in: New session 21ee5e1eb2e647db from host 217.70.my-adsl.net [xx.xx.xx.xx]
debug: lka: looking up pki "domain.net"
debug: session_start_ssl: switching to SSL
smtp-in: Started TLS on session 21ee5e1eb2e647db: version=TLSv1/SSLv3, 
cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256
debug: lka: authenticating for secrets:test
smtp-in: Authentication failed for user test on session 21ee5e1eb2e647db
smtp-in: Failed command on session 21ee5e1eb2e647db: "dGVzdDEyMw==" => 535 
Authentication failed
smtp-in: Disconnecting session 21ee5e1eb2e647db: session timeout
debug: smtp: 0x8024ba000: deleting session: timeout
-

I'd like to know how can I fix my table in order to match/accept emails from 
users. I'm probably doing some mistake in the 'secrets' file syntax.

Any hints and/or ideas would be welcomed. Thanks for the excellent piece of 
software :-)

Best regards,

atmosx



Panagiotis (atmosx) Atmatzidis

email:  a...@convalesco.org
URL:http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5

"As you set out for Ithaca, hope the voyage is a long one, full of adventure, 
full of discovery [...]" - C. P. Cavafy






signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Problem with simple user authentication scheme

2014-05-09 Thread Panagiotis Atmatzidis

Hello again,

On 8 Μαϊ 2014, at 23:12 , Panagiotis Atmatzidis  wrote:

> Greetings to everyone,
> 
> I am trying to configure OpenSMTD with TLS + simple auth in order to be able 
> to send email from my laptop and mobile using the server.
> 
> [...]

I figure it out! The manuals says it but I missed it yesterday:

Password for 'username' must be produces using 'smtpctl encrypt '. The 
weird thing I noticed is that the produced output is not an ordinary hash. It 
changes everytime smtpcl issued, for example:

> smtpctrl encrypt test

gives 3 different strings

$6$DpwJ66CLIaGwC.55$VTGkdBNBW9mGRmjUY0zZAsjGLYIKdpqK1R/lfSoAcnvjsaJbrXGrrb/TPYXTEk8TLlwSR5l7Li9LsB9uFE9Rg/
$6$wXJ.vQFyztde./Tl$vHsfacUMuPRWm25Jtyeh/BGp2v1JljtEzO4iOaETN0Y..74NSlI7jkuauhkJm7hLBi4pO81B/mL8aNiFogk7M1
$6$oFWDbMAuNrMeCdNJ$u98j5iYOddK.gt1WJm8DOn7qVvQlDLNd1PXD2N6GK8aSRrNz8/FlVbmS1YI0LrbupZDxwsB67bnJS/kIKzJyH/

I'm not into encryption but out of curiosity, how does the server know what to 
use? :-)

Panagiotis (atmosx) Atmatzidis

email:  a...@convalesco.org
URL:http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5

"As you set out for Ithaca, hope the voyage is a long one, full of adventure, 
full of discovery [...]" - C. P. Cavafy

signature.asc
Description: Message signed with OpenPGP using GPGMail

smtpd "queue: no return path" and queue

2014-08-28 Thread Panagiotis Atmatzidis

Hello,

After the last upgrade to (OpenSMTPD 5.4.2p1) I get my logs fed up with the 
following message:

"Aug 28 12:45:30 piseli smtpd[830]: warn: queue: no return path!”

Does anyone know where/what to start looking for?! I’m running OSMTPD on 
FreeBSD-10. Didn’t change paths or anything I can think of.

Another thing that bothers me, is the fact that the queue gets filled up with 
messages. 99% of them are spam messages. Is there any standard policy on how to 
deal them? I remove them manually ~ once a week, but I wonder what other people 
do.

My queue for example now is filled up with:

root@piseli:/var # smtpctl show queue
0395e76fd2fb826d|local|mta|auth|@|tv8ogbsnbfcry...@procono.es|tv8ogbsnbfcry...@procono.es|1409146004|1409491604|0|16|pending|11832|Network
 error on destination MXs
297055330bbb0be5|local|mta|auth|@|scan.262...@client-53-129.speedy-net.bg|scan.262...@client-53-129.speedy-net.bg|1409126381|1409471981|0|17|pending|5409|Network
 error on destination MXs
79821d4f8f20d830|local|mta|auth|@|scan...@t1.cavtel.net|scan...@t1.cavtel.net|1409167354|1409512954|0|14|pending|9182|Network
 error on destination MXs
9ff02ce1bf148c54|local|mta|auth|@|m...@business.telecomitalia.it|m...@business.telecomitalia.it|1409127764|1409473364|0|17|pending|6792|421
 4.3.2 System not accepting network messages
aef75e6b16517d3c|local|mta|auth|@|f...@comcastbusiness.net|f...@comcastbusiness.net|1409210715|1409556315|0|9|pending|6543|Network
 error on destination MXs
e6d1eee1df437771|local|mta|auth|@|l4zbf3o574e5owx2...@dpc6744192236.direcpc.com|l4zbf3o574e5owx2...@dpc6744192236.direcpc.com|1409167225|1409512825|0|14|pending|9053|Network
 error on destination MXs


Thanks


Panagiotis (atmosx) Atmatzidis

email:  a...@convalesco.org
URL:http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5

"As you set out for Ithaca, hope the voyage is a long one, full of adventure, 
full of discovery [...]" - C. P. Cavafy






signature.asc
Description: Message signed with OpenPGP using GPGMail

Problem with simple user authentication scheme

Re: Problem with simple user authentication scheme

smtpd "queue: no return path" and queue

3 matches

Site Navigation

Mail list logo

Footer information