search

corecode / dma

The DragonFly Mail Agent, a small Mail Transport Agent (MTA), designed for home and office use.
Other
230 stars 50 forks source link

Support for PLAIN authentication #50

Open agateau opened 7 years ago

agateau commented 7 years ago

I would like to switch my servers from ssmtp to dma, but my email provider (fastmail) only supports plain authentication (see https://www.fastmail.com/help/technical/servernamesandports.html?u=85f84118).

Do you plan to add support for plain authentication?

corecode commented 7 years ago

fastmail also supports LOGIN:

220 smtp.fastmail.com ESMTP ready
EHLO test
250-smtp.fastmail.com
250-PIPELINING
250-SIZE 71000000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-AUTH PLAIN LOGIN
250 AUTH=PLAIN LOGIN

Could you try dma and check whether it is working?

agateau commented 7 years ago

Strange, I did try it before filing the issue and could not get it to work. It kept telling me "Authentication required". This is what I have in mail.log:

Nov 19 11:45:52 sd-100498 dma[c058f.253d6a0]: SSL initialization successful     
Nov 19 11:45:52 sd-100498 dma[c058f.253d6a0]: remote delivery to smtp.fastmail.com [66.111.4.140] failed after MAIL FROM: 530 5.7.1 Authentication required
Nov 19 11:45:52 sd-100498 dma[c058f.253d6a0]: delivery failed, bouncing as c07be
agateau commented 7 years ago

(I am using dma 0.9 from Debian Jessie)

corecode commented 7 years ago

did you set up authentication for that server?

agateau commented 7 years ago

Yes, I created a /etc/dma/auth.conf with my user, remote and password.

corecode commented 7 years ago

did you enable authentication by setting the path to auth.conf in dma.conf?

agateau commented 7 years ago

Oh, the line was commented out so I assumed it was the default settings. That is a bit confusing.

Anyway, I uncommented it and the log output is different now:

Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: trying delivery
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: using smarthost (smtp.fastmail.com:465)
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: trying remote delivery to smtp.fastmail.com [66.111.4.139] pref 0
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: SSL initialization successful
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: using SMTP authentication for user agateau@fastmail.fm
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: smarthost authentication: AUTH cram-md5 not available: 500 5.5.1 Invalid command
Nov 20 16:55:01 sd-100498 dma[c0587.15916a0]: remote delivery failed: Authentication failed: 535 5.7.0 Incorrect username or password.
Nov 20 16:55:01 sd-100498 dma[c0587.15916a0]: remote delivery failed: SMTP login failed: Success
Nov 20 16:55:01 sd-100498 dma[c0587.15916a0]: delivery failed, bouncing as c078d

I checked my credentials twice, they are correct.

corecode commented 7 years ago

well it seems they are not.

agateau commented 7 years ago

Is there a chance the server would advertise it supports AUTH LOGIN but would not really support it? The same credentials work fine in the webmail and in ssmtp.

corecode commented 7 years ago

can you show the auth line (with the password XXed out)?

agateau commented 7 years ago

Sure: agateau@fastmail.fm|smtp.fastmail.com:XXXXXXXXXX

corecode commented 7 years ago

I tried opening an account with fastmail to debug this, but the SMS verification doesn't work. Sorry, I can't debug this.

kgaughan commented 6 years ago

The revised auth code merged in #34 would likely be a good way to solve this finally. The code implementing the LOGIN method is a close fit for the PLAIN method, so it might be worth looking into.

cweiske commented 5 years ago

I've just setup a new server, and postfix only advertises AUTH PLAIN after STARTTLS

Here is the network log from claws mail:

* Account: 'cweiske@cweiske.de': Connecting with SMTP server: mail.cweiske.de:587...
[12:27:24] SMTP< 220 mail.cweiske.de Kindergarten ES EM TE PE
[12:27:24] ESMTP> EHLO boo.home.cweiske.de
[12:27:24] ESMTP< 250-mail.cweiske.de
[12:27:24] ESMTP< 250-PIPELINING
[12:27:24] ESMTP< 250-SIZE 10240000
[12:27:24] ESMTP< 250-VRFY
[12:27:24] ESMTP< 250-ETRN
[12:27:24] ESMTP< 250-STARTTLS
[12:27:24] ESMTP< 250-ENHANCEDSTATUSCODES
[12:27:24] ESMTP< 250-8BITMIME
[12:27:24] ESMTP< 250-DSN
[12:27:25] ESMTP< 250 SMTPUTF8

[12:27:25] ESMTP> STARTTLS
[12:27:25] ESMTP< 220 2.0.0 Ready to start TLS
[12:27:25] ESMTP> EHLO boo.home.cweiske.de
[12:27:25] ESMTP< 250-mail.cweiske.de
[12:27:25] ESMTP< 250-PIPELINING
[12:27:25] ESMTP< 250-SIZE 10240000
[12:27:25] ESMTP< 250-VRFY
[12:27:25] ESMTP< 250-ETRN
[12:27:25] ESMTP< 250-AUTH PLAIN
[12:27:25] ESMTP< 250-ENHANCEDSTATUSCODES
[12:27:25] ESMTP< 250-8BITMIME
[12:27:25] ESMTP< 250-DSN
[12:27:25] ESMTP< 250 SMTPUTF8

[12:27:25] ESMTP> [AUTH PLAIN]
[12:27:25] ESMTP< 235 2.7.0 Authentication successful

DMA 0.11-1+b1 fails with this:

dma[hash]: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma[hash]: remote delivery deferred: AUTH login not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma[hash]: SMTP login not available. Trying without.
dma[hash]: delivery successful

@corecode - if you'd like a test account on my server, drop me a mail.

corecode commented 5 years ago

so it doesn't fail?

On 19/12/2018 21:28, Christian Weiske wrote:

I've just setup a new server, and postfix only advertises AUTH PLAIN after STARTTLS:

|* Account: 'someone@cweiske.de': Connecting with SMTP server: mail.cweiske.de:587... [12:27:24] SMTP< 220 mail.cweiske.de Kindergarten ES EM TE PE [12:27:24] ESMTP> EHLO boo.home.cweiske.de [12:27:24] ESMTP< 250-mail.cweiske.de [12:27:24] ESMTP< 250-PIPELINING [12:27:24] ESMTP< 250-SIZE 10240000 [12:27:24] ESMTP< 250-VRFY [12:27:24] ESMTP< 250-ETRN [12:27:24] ESMTP< 250-STARTTLS [12:27:24] ESMTP< 250-ENHANCEDSTATUSCODES [12:27:24] ESMTP< 250-8BITMIME [12:27:24] ESMTP< 250-DSN [12:27:25] ESMTP< 250 SMTPUTF8 [12:27:25] ESMTP> STARTTLS [12:27:25] ESMTP< 220 2.0.0 Ready to start TLS [12:27:25] ESMTP> EHLO boo.home.cweiske.de [12:27:25] ESMTP< 250-mail.cweiske.de [12:27:25] ESMTP< 250-PIPELINING [12:27:25] ESMTP< 250-SIZE 10240000 [12:27:25] ESMTP< 250-VRFY [12:27:25] ESMTP< 250-ETRN [12:27:25] ESMTP< 250-AUTH PLAIN [12:27:25] ESMTP< 250-ENHANCEDSTATUSCODES [12:27:25] ESMTP< 250-8BITMIME [12:27:25] ESMTP< 250-DSN [12:27:25] ESMTP< 250 SMTPUTF8 [12:27:25] ESMTP> [AUTH PLAIN] [12:27:25] ESMTP< 235 2.7.0 Authentication successful |

DMA 0.11-1+b1 fails with this:

|dma[hash]: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism dma[hash]: remote delivery deferred: AUTH login not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism dma[hash]: SMTP login not available. Trying without. dma[hash]: delivery successful |

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/corecode/dma/issues/50#issuecomment-448733187, or mute the thread https://github.com/notifications/unsubscribe-auth/AAK3O8U94ahYz4SSmFeROvrLa_CV53zvks5u6qF-gaJpZM4K3Qsk.

cweiske commented 5 years ago

Oh, that SMTP session was from claws mail, my normal client - so that I could demo how the EHLO response looks like. dma does fail.

corecode commented 5 years ago

but it says "delivery successful"

cweiske commented 5 years ago

Yes, because at that time the server allowed connections without authentication (which is why it says "SMTP login not available. Trying without."). This is not the case anymore, because all connections on port 587 must be authenticated.

corecode commented 5 years ago

could you please show the logs and ideally session transcript of the failing delivery?

cweiske commented 5 years ago 
dma: trying delivery
dma: using smarthost (mail.cweiske.de:587)
dma: trying remote delivery to mail.cweiske.de [2a01:488:66:1000:53a9:2dde:0:1] pref 0
dma: SSL initialization successful
dma: using SMTP authentication for user dojo.home.cweiske.de@cweiske.de
dma: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma: remote delivery deferred: AUTH login not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma: SMTP login not available. Trying without.
dma: remote delivery to mail.cweiske.de [2a01:488:66:1000:53a9:2dde:0:1] failed after RCPT TO: 554 5.7.1 <p200300D9EBC1D200D25099FFFE2CF8C8.dip0.t-ipconnect.de[2003:d9:ebc1:d200:d250:99ff:fe2c:f8c8]>: Client host rejected: Access denied
dma: can not bounce a bounce message, discarding

I have no idea how I should capture the session transcript, given that STARTTLS is used in between. Or is there a hidden DMA config option to log the session?

corecode commented 5 years ago

thanks! I'm surprised that LOGIN is not supported, but I agree that PLAIN should be implemented as well.

tmo1 commented 5 years ago

I'm having the same problem - I'm trying to use dma with Zoho.com (smtp.zoho.com, using SSL on port 465), but it fails with:

smarthost authentication: AUTH cram-md5 not available: 501 Could not do Unknown Authentication