ther eis an issue with your sqlite call
Ah
Ok thanks Tom
keep in mind that if you have relay_hosts set in the smtp listener, and the client is connecting from a matching host, it will not need to use smtp auth
also: if you omit relay_hosts, keep in mind that its default is requivalent to both the ipv4 and ipv6 loopback addresses
Don’t think that’s the case here, Wez. Because I just changed relay_hosts and trusted_hosts to {} and it still doesn’t enforce AUTH for SMTP anyway. Didn’t try for HTTP yet.
But Tom is working on SQLite mistake I have made so maybe it’s that.
But in saying that, it accepts SMTP message but doesn’t deliver - so that’s good.
yeah, this was about how sqlite was being called
almost have a working version for you
This should work:
function sqlite_auth_check(authc, password)
local sqlite = require 'sqlite'
local db = sqlite.open '/home/simple.db'
local result = db:execute ('select * from mw_customer where email=? and password=?', authc,password)
-- if we got any rows, it was because a user+pass matched
if #result == 1 then
return true
else
return false
end
end
-- This creates a new function called `cached_sqlite_auth_check`
-- that remembers the results for a given set of parameters for up
-- to 5 minutes or up to 100 different sets of parameters
cached_sqlite_auth_check = kumo.memoize(sqlite_auth_check, {
name = 'sqlite_auth',
ttl = '5 minutes',
capacity = 100,
})
-- Custom AUTH end
return cached_sqlite_auth_check(authc, password)
end)
- you have to load the sqlite library before calling it
- you need to return true or false as a result of the security check.
I only tested this locally with a DB i created locally based on assumptions from our conversation. This is NOT guaranteed or supported code and you are responsible for validating that it works in your own system.
Something similar will work for HTTP but not identical
process: kumod::smtp_server: check_relaying: sender=demo2.kumomta.com recip=kumomta.com relay_to_allowed=None relay_hosts_allowed=false relay_from_allowed=true -> log_arf=false log_oob=false relay=true
Thanks Tom. Let me try this.
I declared that at the top of the file so moved it where the AUTH code block is now as per your example.
I just changed the code to say the following since we have a “apikey” column now.
local result = db:execute ('select * from mw_customer where email=? and apikey=?', authc,password)
And tried SMTP with and without AUTH
swaks -auth PLAIN -server mta-test.xxx.com:25 -au AUTH_USERNAME -ap 'AUTH_PASSWORD' --to 07b30c2a-d305-44f5-b8d3-9a76815707a7@email.webhook.site --from roshan@xxx.com --header "Subject: Testing from mailing server" --body "Testing to see if all is working as planned"
And it still says:
*** Host did not advertise authentication
Maybe I am doing the SWAKS SMTP auth wrong - let me try doing this using a library and see if it does better than SWAKS.
Hey there <@!900516762410442773>, did you just paste a trace with AUTH PLAIN in it?
The AUTH PLAIN part of an SMTP trace reveals the auth credentials; they are only obscured by base64 encoding, not encrypted.
I’d recommend that you change the credentials shown in that trace!
Host did not advertise authentication
You must use STARTTLS if you want to use SMTP AUTH