Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for PLAIN authentication #50

Open
agateau opened this issue Nov 19, 2016 · 22 comments
Open

Support for PLAIN authentication #50

agateau opened this issue Nov 19, 2016 · 22 comments

Comments

@agateau
Copy link

agateau commented Nov 19, 2016

I would like to switch my servers from ssmtp to dma, but my email provider (fastmail) only supports plain authentication (see https://www.fastmail.com/help/technical/servernamesandports.html?u=85f84118).

Do you plan to add support for plain authentication?
@corecode
Copy link
Owner

fastmail also supports LOGIN:

220 smtp.fastmail.com ESMTP ready
EHLO test
250-smtp.fastmail.com
250-PIPELINING
250-SIZE 71000000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-AUTH PLAIN LOGIN
250 AUTH=PLAIN LOGIN

Could you try dma and check whether it is working?

@agateau
Copy link
Author

agateau commented Nov 19, 2016

Strange, I did try it before filing the issue and could not get it to work. It kept telling me "Authentication required". This is what I have in mail.log:

Nov 19 11:45:52 sd-100498 dma[c058f.253d6a0]: SSL initialization successful     
Nov 19 11:45:52 sd-100498 dma[c058f.253d6a0]: remote delivery to smtp.fastmail.com [66.111.4.140] failed after MAIL FROM: 530 5.7.1 Authentication required
Nov 19 11:45:52 sd-100498 dma[c058f.253d6a0]: delivery failed, bouncing as c07be

@agateau
Copy link
Author

agateau commented Nov 19, 2016

(I am using dma 0.9 from Debian Jessie)

@corecode
Copy link
Owner

did you set up authentication for that server?

@agateau
Copy link
Author

agateau commented Nov 20, 2016

Yes, I created a /etc/dma/auth.conf with my user, remote and password.

@corecode
Copy link
Owner

did you enable authentication by setting the path to auth.conf in dma.conf?

@agateau
Copy link
Author

agateau commented Nov 20, 2016

Oh, the line was commented out so I assumed it was the default settings. That is a bit confusing.

Anyway, I uncommented it and the log output is different now:

Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: trying delivery
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: using smarthost (smtp.fastmail.com:465)
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: trying remote delivery to smtp.fastmail.com [66.111.4.139] pref 0
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: SSL initialization successful
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: using SMTP authentication for user [email protected]
Nov 20 16:54:58 sd-100498 dma[c0587.15916a0]: smarthost authentication: AUTH cram-md5 not available: 500 5.5.1 Invalid command
Nov 20 16:55:01 sd-100498 dma[c0587.15916a0]: remote delivery failed: Authentication failed: 535 5.7.0 Incorrect username or password.
Nov 20 16:55:01 sd-100498 dma[c0587.15916a0]: remote delivery failed: SMTP login failed: Success
Nov 20 16:55:01 sd-100498 dma[c0587.15916a0]: delivery failed, bouncing as c078d

I checked my credentials twice, they are correct.

@corecode
Copy link
Owner

well it seems they are not.

@agateau
Copy link
Author

agateau commented Nov 20, 2016

Is there a chance the server would advertise it supports AUTH LOGIN but would not really support it? The same credentials work fine in the webmail and in ssmtp.

@corecode
Copy link
Owner

can you show the auth line (with the password XXed out)?

@agateau
Copy link
Author

agateau commented Nov 20, 2016

Sure: [email protected]|smtp.fastmail.com:XXXXXXXXXX

@corecode
Copy link
Owner

I tried opening an account with fastmail to debug this, but the SMS verification doesn't work. Sorry, I can't debug this.

@kgaughan
Copy link

The revised auth code merged in #34 would likely be a good way to solve this finally. The code implementing the LOGIN method is a close fit for the PLAIN method, so it might be worth looking into.

@cweiske
Copy link

cweiske commented Dec 19, 2018
edited
Loading

I've just setup a new server, and postfix only advertises AUTH PLAIN after STARTTLS

Here is the network log from claws mail:

* Account: '[email protected]': Connecting with SMTP server: mail.cweiske.de:587...
[12:27:24] SMTP< 220 mail.cweiske.de Kindergarten ES EM TE PE
[12:27:24] ESMTP> EHLO boo.home.cweiske.de
[12:27:24] ESMTP< 250-mail.cweiske.de
[12:27:24] ESMTP< 250-PIPELINING
[12:27:24] ESMTP< 250-SIZE 10240000
[12:27:24] ESMTP< 250-VRFY
[12:27:24] ESMTP< 250-ETRN
[12:27:24] ESMTP< 250-STARTTLS
[12:27:24] ESMTP< 250-ENHANCEDSTATUSCODES
[12:27:24] ESMTP< 250-8BITMIME
[12:27:24] ESMTP< 250-DSN
[12:27:25] ESMTP< 250 SMTPUTF8

[12:27:25] ESMTP> STARTTLS
[12:27:25] ESMTP< 220 2.0.0 Ready to start TLS
[12:27:25] ESMTP> EHLO boo.home.cweiske.de
[12:27:25] ESMTP< 250-mail.cweiske.de
[12:27:25] ESMTP< 250-PIPELINING
[12:27:25] ESMTP< 250-SIZE 10240000
[12:27:25] ESMTP< 250-VRFY
[12:27:25] ESMTP< 250-ETRN
[12:27:25] ESMTP< 250-AUTH PLAIN
[12:27:25] ESMTP< 250-ENHANCEDSTATUSCODES
[12:27:25] ESMTP< 250-8BITMIME
[12:27:25] ESMTP< 250-DSN
[12:27:25] ESMTP< 250 SMTPUTF8

[12:27:25] ESMTP> [AUTH PLAIN]
[12:27:25] ESMTP< 235 2.7.0 Authentication successful

DMA 0.11-1+b1 fails with this:

dma[hash]: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma[hash]: remote delivery deferred: AUTH login not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma[hash]: SMTP login not available. Trying without.
dma[hash]: delivery successful

@corecode - if you'd like a test account on my server, drop me a mail.

@corecode
Copy link
Owner

corecode commented Dec 19, 2018 via email

@cweiske
Copy link

cweiske commented Dec 19, 2018

Oh, that SMTP session was from claws mail, my normal client - so that I could demo how the EHLO response looks like. dma does fail.

@corecode
Copy link
Owner

but it says "delivery successful"

@cweiske
Copy link

cweiske commented Dec 20, 2018

Yes, because at that time the server allowed connections without authentication (which is why it says "SMTP login not available. Trying without."). This is not the case anymore, because all connections on port 587 must be authenticated.

@corecode
Copy link
Owner

could you please show the logs and ideally session transcript of the failing delivery?

@cweiske
Copy link

cweiske commented Dec 20, 2018 

dma: trying delivery
dma: using smarthost (mail.cweiske.de:587)
dma: trying remote delivery to mail.cweiske.de [2a01:488:66:1000:53a9:2dde:0:1] pref 0
dma: SSL initialization successful
dma: using SMTP authentication for user [email protected]
dma: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma: remote delivery deferred: AUTH login not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma: SMTP login not available. Trying without.
dma: remote delivery to mail.cweiske.de [2a01:488:66:1000:53a9:2dde:0:1] failed after RCPT TO: 554 5.7.1 <p200300D9EBC1D200D25099FFFE2CF8C8.dip0.t-ipconnect.de[2003:d9:ebc1:d200:d250:99ff:fe2c:f8c8]>: Client host rejected: Access denied
dma: can not bounce a bounce message, discarding

I have no idea how I should capture the session transcript, given that STARTTLS is used in between. Or is there a hidden DMA config option to log the session?

@corecode
Copy link
Owner

thanks! I'm surprised that LOGIN is not supported, but I agree that PLAIN should be implemented as well.

@tmo1
Copy link

tmo1 commented Jan 1, 2019

I'm having the same problem - I'm trying to use dma with Zoho.com (smtp.zoho.com, using SSL on port 465), but it fails with:

smarthost authentication: AUTH cram-md5 not available: 501 Could not do Unknown Authentication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@agateau @kgaughan @cweiske @corecode @tmo1