Trying to use `smtp_server_auth_plain` only on a specific port

get-help
1

There likely is a better way to do this, but one of the platforms I’m using REQUIRES that I use auth_plain (while the others let me not use auth so I just use whitelisting of IPs both in the firewall and via relay_hosts

4

I’m certain that this is wrong now, but what I did was created 2 kumo.start_esmtp_listeners one for each port (with separate relay_host lists). I think butchered poor kumo.on("smtp_server_auth_plain") pretty badly

5 
    local local_port = conn_meta.received_via

     if local_port == "108.181.135.169:587" then
         local password_database = {
             ['username'] = 'MuySecureSenior123!',
         }
         if password == '' then
             return false
         elseif password_database[authc] == password then
             return true
         else
             return false
        end
     elseif local_port == "0.0.0.0:25" then
         return true
     else
         return nil
  end
end)```
6

when I try connecting from the service and view it in kcli trace-smtp-server I see this error:

[REDACTED] 497ms === smtp_server_auth_plain: Ok: Bool(false)```
8

I tried switching around some things in that kumo.on using the documentation and whatever I could find here in the discord but I’m sure I’ve just mucked it up

9

I also had a bad testing methodology I think… I used https://www.smtper.net/ to test it at first, and while that helped me troubleshoot a lot of issues, when I actually check kcli trace-smtp-server I think that it is never actually doing the AUTH

10

it’s gotta be my logic. when I cross-check the base64 decode, I believe it’s correct

11

There are a couple of options.

  1. You can set up separate listeners for different ports and then only evaluate smtp_auth for that listener. (Similar to what you did above)
  2. you can do this the listener_domains auth_z check
12

In either case, TLS Is required for SMTP_Auth

13

I think I’m using TLS, unless something obvious is showing that’s not working?

14

it was this line:
local local_port = conn_meta.received_via

it should instead be

local local_port = conn_meta:get_meta('received_via')

15

Ah yep. That will do it

16

hmm. I don’t mean to necro a thread, but this DEFINITELY didn’t work:

    local local_port = conn_meta:get_meta('received_via')

     if local_port == "[REDACTED]:587" then
         local password_database = {
         ['[REDACTED].com'] = '[REDACTED]',
     }
         if password == '' then
             return false
     elseif password_database[authc] == password then
             return true
     else
         return false
    end
     elseif local_port == "0.0.0.0:25" then
         return true
     else
         return nil
  end
end) ```

I thought I tested it afterward to verify, but the aforementioned open relay issue was related to this
17

I’m thinking this will cause you an open relay

IMG_0525.png
IMG_0525.png1232×257 41.5 KB

18

Doh! I missed that padding, but yes. Can’t believe it