proxy not triggering my exim4 smtp server to send AUTH?

[rickgitdone]

running on Ubuntu 22.04 and so far fully passed thru using the telnet method to authorize my gmail oauth creds :

using IMAP initially I had a bad video setup but passed by that by loading another video driver. I successfully authorized my client_id to allow the API to work. now I should be able to use the oauth creds??

Now when using the smtp connection the proxy isn't showing any progress or triggering my exim4 to perform and AUTH as it did for IMAP which allowed me to authorize,

not sure where to go from here

smtp connection debug: (unsecured) proxying smtp.gmail.com:465 (STARTTLS) --> [ Client connected ] <-- [ Server disconnected ] --> [ Client disconnected ]

from my exim4 smtp side:

if there is a change I need to make to my exim4 config it will be different from others ... I am successful using mailjet.com as an SMTP mail forwarder with the exception that google strips my emails with attachments since I am not using gmail... so trying this project

log of email-oauth2-proxy ::

2024-04-05 10:55:41: New incoming connection to SMTP server at 0.0.0.0:2465 (unsecured) proxying smtp.gmail.com:465 (SSL/TLS)
2024-04-05 10:55:41: Accepting new connection from 10.10.10.xxx:46826 to SMTP server at 0.0.0.0:2465 (unsecured) proxying smtp.gmail.com:465 (SSL/TLS)
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) --> [ Client connected ]
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) <-> [ Starting TLS handshake ]
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) <-> [ TLSv1.3 handshake complete ]
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'220 smtp.gmail.com ESMTP .................................................. - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) <-- b'220 smtp.gmail.com ESMTP h................................................ - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) --> b'EHLO dunn-pbx\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     --> b'EHLO dunn-pbx\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250-smtp.gmail.com at your service, [73.125.0.xxx]\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250-SIZE 35882577\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250-8BITMIME\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250-ENHANCEDSTATUSCODES\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250-PIPELINING\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250-CHUNKING\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     <-- b'250 SMTPUTF8\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) <-- b'250-smtp.gmail.com at your service, [xx.xxx.0.xxx]\r\n250-SIZE 35882577\r\n250-8BITMIME\r\n250-AUTH PLAIN LOGIN\r\n250-ENHANCEDSTATUSCODES\r\n250-PIPELINING\r\n250-CHUNKING\r\n250 SMTPUTF8\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) --> b'MAIL FROM:<user1@local.host> SIZE=42555\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     --> b'MAIL FROM:<user1@local.host> SIZE=42555\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) --> b'RCPT TO:<user@email.com>\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     --> b'RCPT TO:<user@email.com>\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465) --> b'BDAT 554\r\n'
2024-04-05 10:55:41: SMTP (10.10.10.xxx:46826-{10.10.10.xxx:2465}-smtp.gmail.com:465)     --> b'BDAT 554\r\n'

... ... smtp from my exim4 smtp continues to send the MAIL until \r\n below and then smtp server asks for Authentication ...

2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) --> b'\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465)     --> b'\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465)     <-- b'530-5.7.0 Authentication Required. For more information, go to\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) <-- b'530-5.7.0 Authentication Required. For more information, go to\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465)     <-- b'530 5.7.0  https://support.google.com/mail/?p=WantAuthError hz11-20020a0561024a8b00b00476e58b5660sm301698vsb.2 - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) <-- b'530 5.7.0  https://support.google.com/mail/?p=WantAuthError hz11-20020a0561024a8b00b00476e58b5660sm301698vsb.2 - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465)     <-- b'530-5.7.0 Authentication Required. For more information, go to\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) <-- b'530-5.7.0 Authentication Required. For more information, go to\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465)     <-- b'530 5.7.0  https://support.google.com/mail/?p=WantAuthError hz11-20020a0561024a8b00b00476e58b5660sm301698vsb.2 - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) <-- b'530 5.7.0  https://support.google.com/mail/?p=WantAuthError hz11-20020a0561024a8b00b00476e58b5660sm301698vsb.2 - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465)     <-- b'530-5.7.0 Authentication Required. For more information, go to\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) <-- b'530-5.7.0 Authentication Required. For more information, go to\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465)     <-- b'530 5.7.0  https://support.google.com/mail/?p=WantAuthError hz11-20020a0561024a8b00b00476e58b5660sm301698vsb.2 - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) <-- b'530 5.7.0  https://support.google.com/mail/?p=WantAuthError hz11-20020a0561024a8b00b00476e58b5660sm301698vsb.2 - gsmtp\r\n'
2024-04-05 10:55:41: SMTP (10.10.10xxx:46826-{10.10.10xxx:2465}-smtp.gmail.com:465) --> b'QUIT\r\n'

[rickgitdone]

Follow up.. I caught this error from exim4 mainlog: 10.10.10.108 is the email-oauth2-proxy

mainlog: 2024-04-05 13:40:58 1rsnYa-000IcI-ON ** user@email.com R=smarthost T=remote_smtp_smarthost H=10.10.10.108 [10.10.10.108]: SMTP error from remote mail server after pipelined sending data block: 530-5.7.0 Authentication Required. For more information, go to\n530 5.7.0 https://support.google.com/mail/?p=WantAuthError 31-20020a056122071f00b004d8b1d56416sm262545vki.49 - gsmtp

[simonrob]

Your client isn't authenticating before trying to send the email. You need to make sure it does this - the proxy doesn't add OAuth unless there's already a normal authentication request.

[rickgitdone]

I am not sure why exim4 isn't performing the AUTH only on this proxy configuration. I have other external dc_smarthosts and AUTH is working with those.. I am reading up on this idea. Once I read through the sections it could be the router or other subsection... the proxy is local and not a dns qualified system .. if anyone else knows more about exim4 and when AUTH would not triggered using the smarthost let me know.

[rickgitdone]

was all my config issue .. I admit ,, I had exim4 set NOT to use a split config .. so the AUTH from local address on same subnet didn't require AUTH ... edited the exim4 router section where local subnet was checked .. AUTH is working and I thank you for this proxy.

[simonrob]

Thanks for following up - glad you managed to resolve this.