SMTP Authentication Issues

m0th · March 2, 2026, 1:46pm

How can I modify this configuration file to use port 587 and support auth and tls?

Mike · March 2, 2026, 1:47pm

You’re going to need to try a bit more effort here, you don’t even say whether you’re looking to send on 587 or receive on 587.

Provide more context.

m0th · March 3, 2026, 8:39am

init.lua

local kumo = require 'kumo'
local sources = require 'policy-extras.sources'
local dkim_sign = require 'policy-extras.dkim_sign'

sources:setup { '/opt/kumomta/etc/policy/sources.toml' }

local dkim_signer = dkim_sign:setup { '/opt/kumomta/etc/policy/dkim_data.toml' }

kumo.on('smtp_server_auth_plain', function(authz, authc, password, conn_meta)
  local password_database = {
    ['test'] = 'test',
  }
  if password == '' then
    return false
  end
  return password_database[authc] == password
end)

kumo.on('init', function()
  kumo.define_spool {
    name = 'data',
    path = '/var/spool/kumomta/data',
    kind = 'RocksDB',
  }

  kumo.define_spool {
    name = 'meta',
    path = '/var/spool/kumomta/meta',
    kind = 'RocksDB',
  }

  kumo.configure_local_logs {
    log_dir = '/var/log/kumomta',
  }

  kumo.start_esmtp_listener {
    listen = '0.0.0.0:587',
    hostname = 'DOMAIN',
    relay_hosts = { '0.0.0.0/0' },
    trace_headers = {
      received_header = false,
      supplemental_header = false,
      header_name = 'X-KumoRef',
    },
  }
end)

kumo.on('get_egress_path_config', function(domain, source_name, site_name)
  return kumo.make_egress_path {
    enable_tls = 'OpportunisticInsecure',
  }
end)

kumo.on('smtp_server_message_received', function(msg)
  dkim_signer(msg)
end)

I need to use port 587 for SMTP connections to send emails. My init.lua file is configured as shown above. I tried this configuration but couldn’t connect—it reported “auth not supported.” After changing it to 0.0.0.0:25, I could send emails without authentication, but this is highly insecure.

Mike · March 3, 2026, 8:52pm

What does the trace of your injection session look like? The commands before you got the auth not supported error.

Jack · March 4, 2026, 3:39am

Now KumoMTA do not support LOGIN method, You can try —-auth PLAIN

tom · March 5, 2026, 12:44am

KumoMTA natively supports SMTP_AUTH PLAIN and requires TLS. in most cases when this does not work, people are trying to use Auth LOGIN (which is horrible and unsupported) or TLS is not configured correctly.
As Mike suggested, you will probably find your answer if you trace the inbound injection with trace-smtp-server