Re: Opensmtpd auth in 6.4
I got it working , thanks :) On January 14, 2019 1:45:22 PM GMT+01:00, Gilles Chehade wrote: >On Mon, Jan 14, 2019 at 01:42:19PM +0100, Flipchan wrote: >> I tried to echo it another way (echo -ne '\user\passwd' | base64 ) >> and then >> auth plain string >> and it works >> >> >> Now im getting new errrors :/ or i think i have misconfigured match, >i cant send to external addresses, log: >> http://dpaste.com/2M8JMQC.txt >> > >you need a rule that matches auth, for example: > >match auth from any for any action "relay" > > >> On January 14, 2019 1:10:24 PM GMT+01:00, Gilles Chehade > wrote: >> >On Mon, Jan 14, 2019 at 01:03:19PM +0100, Flipchan wrote: >> >> Seems like it adds "\^J" to the username , i base64 encode it >using: >> >> echo "user" | base64 >> >> >> >> Log from smtpd -dv -T smtp : >> >> http://dpaste.com/0CAVJFF.txt >> >> >> > >> >honestly, i'm confused by what you're doing >> > >> >can you setup a temporary account, with a temporary password, >> >authenticate to it >> >using a regular MUA (whichever you want, just don't auth manually), >> >then trash >> >the account and send us logs that aren't doctored ? >> > >> > >> > >> >> On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade >> > wrote: >> >> >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: >> >> >> Hey, am tryin to upgrade my opensmtpd >> >> >> email server running on openbsd 6.3 towards a new one on 6.4, >> >> >> i have used a simple config with the new syntax: >> >> >> cat /etc/mail/smtpd.conf >> >> >> >> >> >> table aliases file:/etc/mail/aliases >> >> >> >> >> >> #table other-relays file:/etc/mail/other-relays >> >> >> >> >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" >> >> >> pki mail.example.com key >"/etc/ssl/private/mail.example.com.key" >> >> >> >> >> >> listen on lo0 >> >> >> listen on vio0 port 587 hostname example.com tls-require pki >> >> >mail.example.com auth mask-source >> >> >> listen on vio0 port 25 hostname example.com tls pki >> >mail.example.com >> >> >> >> >> >> action "mbox" mbox alias >> >> >> action "relay" relay >> >> >> >> >> >> match for local action "mbox" >> >> >> match for any action "relay" >> >> >> match from any for domain example.com action "mbox" >> >> >> >> >> >> >> >> >> i cant login with a users regular username and passwd which is >> >weird. >> >> > >> >> >> In the documentation it says that it is suppose to take regular >> >user >> >> >creds if not a table is defined which it is not. >> >> >> https://man.openbsd.org/smtpd.conf#listen_on >> >> >> >> >> >> "Users are authenticated against either their own normal login >> >> >credentials or a credentials table authtable, the format of which >is >> >> >described in table(5)." >> >> >> >> >> >> Does anyone know what im doing wrong here? >> >> >> >> >> >> maillog: >> >> >> Jan 12 16:47:49 host smtpd[95842]: XXX smtp >connected >> >> >address=ip host=ip Jan 12 16:47:49 host >> >> >> smtpd[95842]: XXX smtp starttls address=ip host=ip >> >> >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, >> >bits=256" >> >> >Jan 12 16:47:49 host >> >> >> smtpd[95842]: XXX smtp authentication user=user >> >> >address=ip host=ip result=permfail Jan 12 16:47:49 host >> >> >> smtpd[95842]: XXX smtp failed-command address=ip >> >host=ip >> >> >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan >12 >> >> >16:47:49 host >> >> >> smtpd[95842]: XXX smtp authentication user=user >> >> >address=ip host=ip result=permfail Jan 12 16:47:50 host >> >> >> smtpd[95842]: XXX smtp failed-command address=ip >> >host=ip >> >> >command="AUTH LOGIN (password)" result="535 Authentication >failed" >> >> >> >> >> > >> >> >Hi, >> >> > >> >> >First of all, it should read mask-src and not mask-source, >otherwise >> >> >the >> >> >auth keyword is assuming a table containing literal string >> >> >"mask-source" >> >> >and this will cause authentication to fail. >> >> > >> >> >A good method to troubleshoot, is to run smtpd in trace mode: >> >> > >> >> > smtpd -dv -T smtp >> >> > >> >> >create a test user with a temporary password, so you can share >the >> >> >trace >> >> >output here and we can try to figure out what's wrong ... but >likely >> >> >the >> >> >mask-source issue is the cause here. >> >> > >> >> > >> >> >-- >> >> >Gilles Chehade @poolpOrg >> >> > >> >> >https://www.poolp.org tip me: >> >> >https://paypal.me/poolpOrg >> >> >> >> -- >> >> Sent from my Android device with K-9 Mail. Please excuse my >brevity. >> > >> >-- >> >Gilles Chehade @poolpOrg >> > >> >https://www.poolp.org tip me: >> >https://paypal.me/poolpOrg >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. > >-- >Gilles Chehade@poolpOrg > >https:
Re: Opensmtpd auth in 6.4
Sorry for top post. Make sure your match rules start with the most specific and work your way down to the least specific. 'tag's are your friend. Also you will need to have a match auth ... rule as auth is no longer the same as local. Edgar On Jan 14, 2019 6:42 AM, Flipchan wrote: > > I tried to echo it another way (echo -ne '\user\passwd' | base64 ) > and then > auth plain string > and it works > > > Now im getting new errrors :/ or i think i have misconfigured match, i cant > send to external addresses, log: > http://dpaste.com/2M8JMQC.txt > > > On January 14, 2019 1:10:24 PM GMT+01:00, Gilles Chehade > wrote: > >On Mon, Jan 14, 2019 at 01:03:19PM +0100, Flipchan wrote: > >> Seems like it adds "\^J" to the username , i base64 encode it using: > >> echo "user" | base64 > >> > >> Log from smtpd -dv -T smtp : > >> http://dpaste.com/0CAVJFF.txt > >> > > > >honestly, i'm confused by what you're doing > > > >can you setup a temporary account, with a temporary password, > >authenticate to it > >using a regular MUA (whichever you want, just don't auth manually), > >then trash > >the account and send us logs that aren't doctored ? > > > > > > > >> On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade > > wrote: > >> >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > >> >> Hey, am tryin to upgrade my opensmtpd > >> >> email server running on openbsd 6.3 towards a new one on 6.4, > >> >> i have used a simple config with the new syntax: > >> >> cat /etc/mail/smtpd.conf > >> >> > >> >> table aliases file:/etc/mail/aliases > >> >> > >> >> #table other-relays file:/etc/mail/other-relays > >> >> > >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > >> >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > >> >> > >> >> listen on lo0 > >> >> listen on vio0 port 587 hostname example.com tls-require pki > >> >mail.example.com auth mask-source > >> >> listen on vio0 port 25 hostname example.com tls pki > >mail.example.com > >> >> > >> >> action "mbox" mbox alias > >> >> action "relay" relay > >> >> > >> >> match for local action "mbox" > >> >> match for any action "relay" > >> >> match from any for domain example.com action "mbox" > >> >> > >> >> > >> >> i cant login with a users regular username and passwd which is > >weird. > >> > > >> >> In the documentation it says that it is suppose to take regular > >user > >> >creds if not a table is defined which it is not. > >> >> https://man.openbsd.org/smtpd.conf#listen_on > >> >> > >> >> "Users are authenticated against either their own normal login > >> >credentials or a credentials table authtable, the format of which is > >> >described in table(5)." > >> >> > >> >> Does anyone know what im doing wrong here? > >> >> > >> >> maillog: > >> >> Jan 12 16:47:49 host smtpd[95842]: XXX smtp connected > >> >address=ip host=ip Jan 12 16:47:49 host > >> >> smtpd[95842]: XXX smtp starttls address=ip host=ip > >> >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, > >bits=256" > >> >Jan 12 16:47:49 host > >> >> smtpd[95842]: XXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:49 host > >> >> smtpd[95842]: XXX smtp failed-command address=ip > >host=ip > >> >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 > >> >16:47:49 host > >> >> smtpd[95842]: XXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:50 host > >> >> smtpd[95842]: XXX smtp failed-command address=ip > >host=ip > >> >command="AUTH LOGIN (password)" result="535 Authentication failed" > >> >> > >> > > >> >Hi, > >> > > >> >First of all, it should read mask-src and not mask-source, otherwise > >> >the > >> >auth keyword is assuming a table containing literal string > >> >"mask-source" > >> >and this will cause authentication to fail. > >> > > >> >A good method to troubleshoot, is to run smtpd in trace mode: > >> > > >> > smtpd -dv -T smtp > >> > > >> >create a test user with a temporary password, so you can share the > >> >trace > >> >output here and we can try to figure out what's wrong ... but likely > >> >the > >> >mask-source issue is the cause here. > >> > > >> > > >> >-- > >> >Gilles Chehade @poolpOrg > >> > > >> >https://www.poolp.org tip me: > >> >https://paypal.me/poolpOrg > >> > >> -- > >> Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > >-- > >Gilles Chehade @poolpOrg > > > >https://www.poolp.org tip me: > >https://paypal.me/poolpOrg > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Opensmtpd auth in 6.4
On Mon, Jan 14, 2019 at 01:42:19PM +0100, Flipchan wrote: > I tried to echo it another way (echo -ne '\user\passwd' | base64 ) > and then > auth plain string > and it works > > > Now im getting new errrors :/ or i think i have misconfigured match, i cant > send to external addresses, log: > http://dpaste.com/2M8JMQC.txt > you need a rule that matches auth, for example: match auth from any for any action "relay" > On January 14, 2019 1:10:24 PM GMT+01:00, Gilles Chehade > wrote: > >On Mon, Jan 14, 2019 at 01:03:19PM +0100, Flipchan wrote: > >> Seems like it adds "\^J" to the username , i base64 encode it using: > >> echo "user" | base64 > >> > >> Log from smtpd -dv -T smtp : > >> http://dpaste.com/0CAVJFF.txt > >> > > > >honestly, i'm confused by what you're doing > > > >can you setup a temporary account, with a temporary password, > >authenticate to it > >using a regular MUA (whichever you want, just don't auth manually), > >then trash > >the account and send us logs that aren't doctored ? > > > > > > > >> On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade > > wrote: > >> >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > >> >> Hey, am tryin to upgrade my opensmtpd > >> >> email server running on openbsd 6.3 towards a new one on 6.4, > >> >> i have used a simple config with the new syntax: > >> >> cat /etc/mail/smtpd.conf > >> >> > >> >> table aliases file:/etc/mail/aliases > >> >> > >> >> #table other-relays file:/etc/mail/other-relays > >> >> > >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > >> >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > >> >> > >> >> listen on lo0 > >> >> listen on vio0 port 587 hostname example.com tls-require pki > >> >mail.example.com auth mask-source > >> >> listen on vio0 port 25 hostname example.com tls pki > >mail.example.com > >> >> > >> >> action "mbox" mbox alias > >> >> action "relay" relay > >> >> > >> >> match for local action "mbox" > >> >> match for any action "relay" > >> >> match from any for domain example.com action "mbox" > >> >> > >> >> > >> >> i cant login with a users regular username and passwd which is > >weird. > >> > > >> >> In the documentation it says that it is suppose to take regular > >user > >> >creds if not a table is defined which it is not. > >> >> https://man.openbsd.org/smtpd.conf#listen_on > >> >> > >> >> "Users are authenticated against either their own normal login > >> >credentials or a credentials table authtable, the format of which is > >> >described in table(5)." > >> >> > >> >> Does anyone know what im doing wrong here? > >> >> > >> >> maillog: > >> >> Jan 12 16:47:49 host smtpd[95842]: XXX smtp connected > >> >address=ip host=ip Jan 12 16:47:49 host > >> >> smtpd[95842]: XXX smtp starttls address=ip host=ip > >> >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, > >bits=256" > >> >Jan 12 16:47:49 host > >> >> smtpd[95842]: XXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:49 host > >> >> smtpd[95842]: XXX smtp failed-command address=ip > >host=ip > >> >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 > >> >16:47:49 host > >> >> smtpd[95842]: XXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:50 host > >> >> smtpd[95842]: XXX smtp failed-command address=ip > >host=ip > >> >command="AUTH LOGIN (password)" result="535 Authentication failed" > >> >> > >> > > >> >Hi, > >> > > >> >First of all, it should read mask-src and not mask-source, otherwise > >> >the > >> >auth keyword is assuming a table containing literal string > >> >"mask-source" > >> >and this will cause authentication to fail. > >> > > >> >A good method to troubleshoot, is to run smtpd in trace mode: > >> > > >> > smtpd -dv -T smtp > >> > > >> >create a test user with a temporary password, so you can share the > >> >trace > >> >output here and we can try to figure out what's wrong ... but likely > >> >the > >> >mask-source issue is the cause here. > >> > > >> > > >> >-- > >> >Gilles Chehade @poolpOrg > >> > > >> >https://www.poolp.org tip me: > >> >https://paypal.me/poolpOrg > >> > >> -- > >> Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > >-- > >Gilles Chehade @poolpOrg > > > >https://www.poolp.org tip me: > >https://paypal.me/poolpOrg > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg
Re: Opensmtpd auth in 6.4
I tried to echo it another way (echo -ne '\user\passwd' | base64 ) and then auth plain string and it works Now im getting new errrors :/ or i think i have misconfigured match, i cant send to external addresses, log: http://dpaste.com/2M8JMQC.txt On January 14, 2019 1:10:24 PM GMT+01:00, Gilles Chehade wrote: >On Mon, Jan 14, 2019 at 01:03:19PM +0100, Flipchan wrote: >> Seems like it adds "\^J" to the username , i base64 encode it using: >> echo "user" | base64 >> >> Log from smtpd -dv -T smtp : >> http://dpaste.com/0CAVJFF.txt >> > >honestly, i'm confused by what you're doing > >can you setup a temporary account, with a temporary password, >authenticate to it >using a regular MUA (whichever you want, just don't auth manually), >then trash >the account and send us logs that aren't doctored ? > > > >> On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade > wrote: >> >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: >> >> Hey, am tryin to upgrade my opensmtpd >> >> email server running on openbsd 6.3 towards a new one on 6.4, >> >> i have used a simple config with the new syntax: >> >> cat /etc/mail/smtpd.conf >> >> >> >> table aliases file:/etc/mail/aliases >> >> >> >> #table other-relays file:/etc/mail/other-relays >> >> >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" >> >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" >> >> >> >> listen on lo0 >> >> listen on vio0 port 587 hostname example.com tls-require pki >> >mail.example.com auth mask-source >> >> listen on vio0 port 25 hostname example.com tls pki >mail.example.com >> >> >> >> action "mbox" mbox alias >> >> action "relay" relay >> >> >> >> match for local action "mbox" >> >> match for any action "relay" >> >> match from any for domain example.com action "mbox" >> >> >> >> >> >> i cant login with a users regular username and passwd which is >weird. >> > >> >> In the documentation it says that it is suppose to take regular >user >> >creds if not a table is defined which it is not. >> >> https://man.openbsd.org/smtpd.conf#listen_on >> >> >> >> "Users are authenticated against either their own normal login >> >credentials or a credentials table authtable, the format of which is >> >described in table(5)." >> >> >> >> Does anyone know what im doing wrong here? >> >> >> >> maillog: >> >> Jan 12 16:47:49 host smtpd[95842]: XXX smtp connected >> >address=ip host=ip Jan 12 16:47:49 host >> >> smtpd[95842]: XXX smtp starttls address=ip host=ip >> >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, >bits=256" >> >Jan 12 16:47:49 host >> >> smtpd[95842]: XXX smtp authentication user=user >> >address=ip host=ip result=permfail Jan 12 16:47:49 host >> >> smtpd[95842]: XXX smtp failed-command address=ip >host=ip >> >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 >> >16:47:49 host >> >> smtpd[95842]: XXX smtp authentication user=user >> >address=ip host=ip result=permfail Jan 12 16:47:50 host >> >> smtpd[95842]: XXX smtp failed-command address=ip >host=ip >> >command="AUTH LOGIN (password)" result="535 Authentication failed" >> >> >> > >> >Hi, >> > >> >First of all, it should read mask-src and not mask-source, otherwise >> >the >> >auth keyword is assuming a table containing literal string >> >"mask-source" >> >and this will cause authentication to fail. >> > >> >A good method to troubleshoot, is to run smtpd in trace mode: >> > >> > smtpd -dv -T smtp >> > >> >create a test user with a temporary password, so you can share the >> >trace >> >output here and we can try to figure out what's wrong ... but likely >> >the >> >mask-source issue is the cause here. >> > >> > >> >-- >> >Gilles Chehade @poolpOrg >> > >> >https://www.poolp.org tip me: >> >https://paypal.me/poolpOrg >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. > >-- >Gilles Chehade@poolpOrg > >https://www.poolp.org tip me: >https://paypal.me/poolpOrg -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Opensmtpd auth in 6.4
On Mon, Jan 14, 2019 at 01:03:19PM +0100, Flipchan wrote: > Seems like it adds "\^J" to the username , i base64 encode it using: > echo "user" | base64 > > Log from smtpd -dv -T smtp : > http://dpaste.com/0CAVJFF.txt > honestly, i'm confused by what you're doing can you setup a temporary account, with a temporary password, authenticate to it using a regular MUA (whichever you want, just don't auth manually), then trash the account and send us logs that aren't doctored ? > On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade > wrote: > >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > >> Hey, am tryin to upgrade my opensmtpd > >> email server running on openbsd 6.3 towards a new one on 6.4, > >> i have used a simple config with the new syntax: > >> cat /etc/mail/smtpd.conf > >> > >> table aliases file:/etc/mail/aliases > >> > >> #table other-relays file:/etc/mail/other-relays > >> > >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > >> > >> listen on lo0 > >> listen on vio0 port 587 hostname example.com tls-require pki > >mail.example.com auth mask-source > >> listen on vio0 port 25 hostname example.com tls pki mail.example.com > >> > >> action "mbox" mbox alias > >> action "relay" relay > >> > >> match for local action "mbox" > >> match for any action "relay" > >> match from any for domain example.com action "mbox" > >> > >> > >> i cant login with a users regular username and passwd which is weird. > > > >> In the documentation it says that it is suppose to take regular user > >creds if not a table is defined which it is not. > >> https://man.openbsd.org/smtpd.conf#listen_on > >> > >> "Users are authenticated against either their own normal login > >credentials or a credentials table authtable, the format of which is > >described in table(5)." > >> > >> Does anyone know what im doing wrong here? > >> > >> maillog: > >> Jan 12 16:47:49 host smtpd[95842]: XXX smtp connected > >address=ip host=ip Jan 12 16:47:49 host > >> smtpd[95842]: XXX smtp starttls address=ip host=ip > >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256" > >Jan 12 16:47:49 host > >> smtpd[95842]: XXX smtp authentication user=user > >address=ip host=ip result=permfail Jan 12 16:47:49 host > >> smtpd[95842]: XXX smtp failed-command address=ip host=ip > >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 > >16:47:49 host > >> smtpd[95842]: XXX smtp authentication user=user > >address=ip host=ip result=permfail Jan 12 16:47:50 host > >> smtpd[95842]: XXX smtp failed-command address=ip host=ip > >command="AUTH LOGIN (password)" result="535 Authentication failed" > >> > > > >Hi, > > > >First of all, it should read mask-src and not mask-source, otherwise > >the > >auth keyword is assuming a table containing literal string > >"mask-source" > >and this will cause authentication to fail. > > > >A good method to troubleshoot, is to run smtpd in trace mode: > > > > smtpd -dv -T smtp > > > >create a test user with a temporary password, so you can share the > >trace > >output here and we can try to figure out what's wrong ... but likely > >the > >mask-source issue is the cause here. > > > > > >-- > >Gilles Chehade @poolpOrg > > > >https://www.poolp.org tip me: > >https://paypal.me/poolpOrg > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg
Re: Opensmtpd auth in 6.4
Seems like it adds "\^J" to the username , i base64 encode it using: echo "user" | base64 Log from smtpd -dv -T smtp : http://dpaste.com/0CAVJFF.txt On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade wrote: >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: >> Hey, am tryin to upgrade my opensmtpd >> email server running on openbsd 6.3 towards a new one on 6.4, >> i have used a simple config with the new syntax: >> cat /etc/mail/smtpd.conf >> >> table aliases file:/etc/mail/aliases >> >> #table other-relays file:/etc/mail/other-relays >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" >> >> listen on lo0 >> listen on vio0 port 587 hostname example.com tls-require pki >mail.example.com auth mask-source >> listen on vio0 port 25 hostname example.com tls pki mail.example.com >> >> action "mbox" mbox alias >> action "relay" relay >> >> match for local action "mbox" >> match for any action "relay" >> match from any for domain example.com action "mbox" >> >> >> i cant login with a users regular username and passwd which is weird. > >> In the documentation it says that it is suppose to take regular user >creds if not a table is defined which it is not. >> https://man.openbsd.org/smtpd.conf#listen_on >> >> "Users are authenticated against either their own normal login >credentials or a credentials table authtable, the format of which is >described in table(5)." >> >> Does anyone know what im doing wrong here? >> >> maillog: >> Jan 12 16:47:49 host smtpd[95842]: XXX smtp connected >address=ip host=ip Jan 12 16:47:49 host >> smtpd[95842]: XXX smtp starttls address=ip host=ip >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256" >Jan 12 16:47:49 host >> smtpd[95842]: XXX smtp authentication user=user >address=ip host=ip result=permfail Jan 12 16:47:49 host >> smtpd[95842]: XXX smtp failed-command address=ip host=ip >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 >16:47:49 host >> smtpd[95842]: XXX smtp authentication user=user >address=ip host=ip result=permfail Jan 12 16:47:50 host >> smtpd[95842]: XXX smtp failed-command address=ip host=ip >command="AUTH LOGIN (password)" result="535 Authentication failed" >> > >Hi, > >First of all, it should read mask-src and not mask-source, otherwise >the >auth keyword is assuming a table containing literal string >"mask-source" >and this will cause authentication to fail. > >A good method to troubleshoot, is to run smtpd in trace mode: > > smtpd -dv -T smtp > >create a test user with a temporary password, so you can share the >trace >output here and we can try to figure out what's wrong ... but likely >the >mask-source issue is the cause here. > > >-- >Gilles Chehade@poolpOrg > >https://www.poolp.org tip me: >https://paypal.me/poolpOrg -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Opensmtpd auth in 6.4
On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > Hey, am tryin to upgrade my opensmtpd > email server running on openbsd 6.3 towards a new one on 6.4, > i have used a simple config with the new syntax: > cat /etc/mail/smtpd.conf > > table aliases file:/etc/mail/aliases > > #table other-relays file:/etc/mail/other-relays > > pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > > listen on lo0 > listen on vio0 port 587 hostname example.com tls-require pki mail.example.com > auth mask-source > listen on vio0 port 25 hostname example.com tls pki mail.example.com > > action "mbox" mbox alias > action "relay" relay > > match for local action "mbox" > match for any action "relay" > match from any for domain example.com action "mbox" > > > i cant login with a users regular username and passwd which is weird. > In the documentation it says that it is suppose to take regular user creds if > not a table is defined which it is not. > https://man.openbsd.org/smtpd.conf#listen_on > > "Users are authenticated against either their own normal login credentials > or a credentials table authtable, the format of which is described in > table(5)." > > Does anyone know what im doing wrong here? > > maillog: > Jan 12 16:47:49 host smtpd[95842]: XXX smtp connected address=ip > host=ip Jan 12 16:47:49 host > smtpd[95842]: XXX smtp starttls address=ip host=ip > ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256" Jan > 12 16:47:49 host > smtpd[95842]: XXX smtp authentication user=user address=ip > host=ip result=permfail Jan 12 16:47:49 host > smtpd[95842]: XXX smtp failed-command address=ip host=ip > command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 16:47:49 > host > smtpd[95842]: XXX smtp authentication user=user address=ip > host=ip result=permfail Jan 12 16:47:50 host > smtpd[95842]: XXX smtp failed-command address=ip host=ip > command="AUTH LOGIN (password)" result="535 Authentication failed" > Hi, First of all, it should read mask-src and not mask-source, otherwise the auth keyword is assuming a table containing literal string "mask-source" and this will cause authentication to fail. A good method to troubleshoot, is to run smtpd in trace mode: smtpd -dv -T smtp create a test user with a temporary password, so you can share the trace output here and we can try to figure out what's wrong ... but likely the mask-source issue is the cause here. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg
Re: Opensmtpd auth in 6.4
Hi, Do you get any errors using ’doas smtpd -n’? Can you tried to add this ‘listen’ statement in your smtpd.conf - (This is how I have my setup) listen on egress mask-src port submission tls-require pki mail.example.com auth Another option is to try a different password. Now, test the login credentials using the ‘openssl’ command as noted by Edgar in a previous email. Converting the plain text data to a ‘base64’, I use the following command on my MacBook. echo -n u...@example.com | base64 Base64 Output echo -n password | base64 Base64 Output openssl s_client -connect mail.example.com:587 -starttls smtp …….(SSL Output) 250 HELP Within the smtp session I enter the commands ‘ehlo’ and ‘auth login’ respectively; ehlo mail.example.com 250-mail.example.com Hello mail.example.com [x.x.x.x], pleased to meet you 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-SIZE 36700160 250-DSN 250-AUTH PLAIN LOGIN 250 HELP auth login 334 VXNlcm5hbWU6 Base64 Username (As noted above from the conversion of plain text to base64) 334 UGFzc3dvcmQ6 Base64 Password (As noted above from the conversion of plain text to base64) 235 2.0.0: Authentication succeeded Nino > On 14 Jan 2019, at 10:47 am, Flipchan wrote: > > I changed mask-src and tried some other stuff still without success when > using openssl ehlo test and auth login , all i get is authentication failed , > i have verified that the password is legit but no luck > > On January 12, 2019 11:37:42 PM GMT+01:00, Carlin Bingham > wrote: >> On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: >>> Hey, am tryin to upgrade my opensmtpd >>> email server running on openbsd 6.3 towards a new one on 6.4, >>> i have used a simple config with the new syntax: >>> cat /etc/mail/smtpd.conf >>> >>> table aliases file:/etc/mail/aliases >>> >>> #table other-relays file:/etc/mail/other-relays >>> >>> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" >>> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" >>> >>> listen on lo0 >>> listen on vio0 port 587 hostname example.com tls-require pki >> mail.example.com auth mask-source >> >> mask-source was changed to mask-src >> >> I think because mask-source is no longer a valid keyword its being >> interpreted as a parameter to auth. >> >> >> -- >> Carlin > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Opensmtpd auth in 6.4
I changed mask-src and tried some other stuff still without success when using openssl ehlo test and auth login , all i get is authentication failed , i have verified that the password is legit but no luck On January 12, 2019 11:37:42 PM GMT+01:00, Carlin Bingham wrote: >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: >> Hey, am tryin to upgrade my opensmtpd >> email server running on openbsd 6.3 towards a new one on 6.4, >> i have used a simple config with the new syntax: >> cat /etc/mail/smtpd.conf >> >> table aliases file:/etc/mail/aliases >> >> #table other-relays file:/etc/mail/other-relays >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" >> >> listen on lo0 >> listen on vio0 port 587 hostname example.com tls-require pki >mail.example.com auth mask-source > >mask-source was changed to mask-src > >I think because mask-source is no longer a valid keyword its being >interpreted as a parameter to auth. > > >-- >Carlin -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Opensmtpd auth in 6.4
On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > Hey, am tryin to upgrade my opensmtpd > email server running on openbsd 6.3 towards a new one on 6.4, > i have used a simple config with the new syntax: > cat /etc/mail/smtpd.conf > > table aliases file:/etc/mail/aliases > > #table other-relays file:/etc/mail/other-relays > > pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > > listen on lo0 > listen on vio0 port 587 hostname example.com tls-require pki mail.example.com > auth mask-source mask-source was changed to mask-src I think because mask-source is no longer a valid keyword its being interpreted as a parameter to auth. -- Carlin
Re: Opensmtpd auth in 6.4
On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > Hey, am tryin to upgrade my opensmtpd > email server running on openbsd 6.3 towards a new one on 6.4, > i have used a simple config with the new syntax: > cat /etc/mail/smtpd.conf > > table aliases file:/etc/mail/aliases > > #table other-relays file:/etc/mail/other-relays > > pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > > listen on lo0 > listen on vio0 port 587 hostname example.com tls-require pki mail.example.com > auth mask-source > listen on vio0 port 25 hostname example.com tls pki mail.example.com > > action "mbox" mbox alias > action "relay" relay > > match for local action "mbox" > match for any action "relay" > match from any for domain example.com action "mbox" > > > i cant login with a users regular username and passwd which is weird. > In the documentation it says that it is suppose to take regular user creds if > not a table is defined which it is not. > https://man.openbsd.org/smtpd.conf#listen_on > > "Users are authenticated against either their own normal login credentials > or a credentials table authtable, the format of which is described in > table(5)." > > Does anyone know what im doing wrong here? > > maillog: > Jan 12 16:47:49 host smtpd[95842]: XXX smtp connected address=ip > host=ip Jan 12 16:47:49 host > smtpd[95842]: XXX smtp starttls address=ip host=ip > ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256" Jan > 12 16:47:49 host > smtpd[95842]: XXX smtp authentication user=user address=ip > host=ip result=permfail Jan 12 16:47:49 host > smtpd[95842]: XXX smtp failed-command address=ip host=ip > command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 16:47:49 > host > smtpd[95842]: XXX smtp authentication user=user address=ip > host=ip result=permfail Jan 12 16:47:50 host > smtpd[95842]: XXX smtp failed-command address=ip host=ip > command="AUTH LOGIN (password)" result="535 Authentication failed" > > > Sincerely flipchan works for me smtpd.conf listen on egress port 588 pki pkistuff auth openssl s_client -connect host:588 -starttls smtp lots of output... 250 HELP ehlo laptop.my.domain 250-host Hello laptop.my.domain [ip], pleased to meet you 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-SIZE 36700160 250-DSN 250-AUTH PLAIN LOGIN 250 HELP auth plain "base64 encoded user/password" 235 2.0.0: Authentication succeeded quit 221 2.0.0: Bye maillog Jan 12 13:08:15 mail smtpd[37141]: cbd466550ed95895 smtp connected address=ip host= Jan 12 13:08:15 mail smtpd[37141]: cbd466550ed95895 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Jan 12 13:08:37 mail smtpd[37141]: cbd466550ed95895 smtp authentication user=edgar result=ok Jan 12 13:09:49 mail smtpd[37141]: cbd466550ed95895 smtp disconnected reason=quit