smtp authentication with port 25 & 587 not working

tom · November 24, 2023, 4:48pm

You can restrict access to localhost and just use the smtp_Auth functions as documented. I do believe your issue is the PHP host’s TLS cert

tom · November 24, 2023, 4:49pm

tom · November 24, 2023, 5:55pm

If you set smtp_auth the way it is documented, then the user should be validated against the password and allowed to relay regardless of the relay_hosts setting.

I recommend testing your injector with swaks. You can install swaks farily easily and the test will use your local cert. (using Ubuntu, sudo apt install swaks)

^^ This is what I use for all of my testing. If your TLS config is not in the “normal place” then you can be explicit with “–tls-cert” and “–tls-key” options.
https://www.jetmore.org/john/code/swaks/latest/doc/ref.txt

avid-raccoon · November 24, 2023, 5:55pm

Hey there <@!1073644991701856326>, did you just paste a trace with AUTH PLAIN in it?
The AUTH PLAIN part of an SMTP trace reveals the auth credentials; they are only obscured by base64 encoding, not encrypted.
I’d recommend that you change the credentials shown in that trace!

quick-yak · November 25, 2023, 6:41am

can you let me know where its documented for config smtp server to work with smtp authentication regardless of the relay_hosts setting ? can you help me on this.

tom · November 25, 2023, 7:05am

In the listener_domain documentation directly above this comment, look for this in the sample:
` ``auth-send.example.com"]

relay to anywhere, so long as the sender domain is auth-send.example.com

and the connected peer has authenticated as any of the authorization identities

listed below using SMTP AUTH

relay_from_authz = [ ‘username1’, ‘username2’ ]```

tom · November 25, 2023, 7:07am

The “relay_from_authz” option is specifically for this purpose.

tom · November 25, 2023, 7:08am

So if user “my user” is entered in that config, and that user passes authentication then mail will pass

tom · November 25, 2023, 7:08am

See also:

tom · November 25, 2023, 7:09am

tom · November 25, 2023, 7:13am

When a message is attempted, the listener will first validate based on ip and port. If the connection includes credentials, the authentication process above is also executed.

If the credentials are authenticated, then the user is checked against the listener domains to match the sending domain configured for it.

tom · November 25, 2023, 7:17am

So… if your listener_domains looks like this:

[‘e.outmail.com"]
relay_from_authz = [ 'frank’]

Then if the user “frank” was authenticated, and his mail from domain was “e.outmail.com” then the mail would be relayed

quick-yak · November 25, 2023, 9:17am

above method is working fine , but can you share the procedure to setup ssl certificate in kumomta server , i am now stuck there. if i am able to solve this i guess issue is solved.

quick-yak · November 25, 2023, 10:29am

hello @faithful-ostrich i have fixed the ssl issue now , need to solve the smtp authentication , now finding the issue connected with authenitcation.

SMTP ERROR: AUTH command failed: 421 4.3.2 kumomta.abc.com idle too long
2023-11-25 10:04:34 SMTP Error: Could not authenticate.

tom · November 25, 2023, 2:09pm

It would be helpful to see the smtp trace icing kcli.