Hi people, I'm running OpenSMTPD 5.4.3 from -current on my private mail server. After a recent update, using authentication for sending mail cause smtpd to exit with exit value 1. A (stripped down) configuration that exhibits the issue is the following:
pki "server" certificate "/etc/mail/certs/server.crt" pki "server" key "/etc/mail/certs/server.key" listen on egress port submission tls-require pki "server" auth tag AUTH accept tagged AUTH from local for any relay When running smtpd with that configuration and attempting to send an email, this is the output I get from smtpd -dv: [... Usual smtpd startup for OpenSMTPD 5.4.3 ...] debug: smtp: new client on listener: 0x768b632a000 smtp-in: New session 5d471824a3b1c9d2 from host eduroam-75-222.uni-paderborn.de [131.234.75.222] debug: lka: looking up pki "server" debug: session_start_ssl: switching to SSL smtp-in: Started TLS on session 5d471824a3b1c9d2: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256 smtpd: session_imsg: unexpected IMSG_LKA_AUTHENTICATE imsg warn: lka -> pony: pipe closed warn: parent -> pony: pipe closed warn: mfa -> pony: pipe closed warn: queue -> pony: pipe closed warn: control -> pony: pipe closed warn: scheduler -> control: pipe closed [... After this, smtpd has exited with status 1 ...] The client (mail/msmtp from ports) prints the following: msmtp: cannot read from TLS connection: a protocol violating EOF occured The debug output from msmtp is the following: loaded system configuration file /etc/msmtprc loaded user configuration file /home/gbe/.msmtprc using account unobtanium from /home/gbe/.msmtprc host = unobtanium.de port = 587 timeout = off protocol = smtp domain = localhost auth = choose user = gbe password = * passwordeval = (not set) ntlmdomain = (not set) tls = on tls_starttls = on tls_trust_file = (not set) tls_crl_file = (not set) tls_fingerprint = EB:8E:EA:3A:BC:3A:1D:6C:C4:80:5F:FB:A8:24:C8:EB:C8:24:71:5D tls_key_file = (not set) tls_cert_file = (not set) tls_certcheck = on tls_force_sslv3 = off tls_min_dh_prime_bits = (not set) tls_priorities = (not set) auto_from = off maildomain = (not set) from = g...@unobtanium.de dsn_notify = (not set) dsn_return = (not set) keepbcc = off logfile = /home/gbe/log/msmtp/log syslog = (not set) aliases = (not set) reading recipients from the command line <-- 220 neon.unobtanium.de ESMTP OpenSMTPD --> EHLO localhost <-- 250-neon.unobtanium.de Hello localhost [131.234.75.222], pleased to meet you <-- 250-8BITMIME <-- 250-ENHANCEDSTATUSCODES <-- 250-SIZE 36700160 <-- 250-DSN <-- 250-STARTTLS <-- 250 HELP --> STARTTLS <-- 220 2.0.0: Ready to start TLS TLS certificate information: Owner: Common Name: gbe.ring0.de Issuer: Common Name: CAcert Class 3 Root Organization: CAcert Inc. Organizational unit: http://www.CAcert.org Validity: Activation time: Sun Jul 7 18:28:15 2013 Expiration time: Tue Jul 7 18:28:15 2015 Fingerprints: SHA1: EB:8E:EA:3A:BC:3A:1D:6C:C4:80:5F:FB:A8:24:C8:EB:C8:24:71:5D MD5: 69:40:AD:DD:02:63:41:C1:67:55:34:3E:63:95:06:6A --> EHLO localhost <-- 250-neon.unobtanium.de Hello localhost [131.234.75.222], pleased to meet you <-- 250-8BITMIME <-- 250-ENHANCEDSTATUSCODES <-- 250-SIZE 36700160 <-- 250-DSN <-- 250-AUTH PLAIN LOGIN <-- 250 HELP --> AUTH PLAIN AGdiZQA0bjRyY2hZXw== Yes, the certificate is weird (common name does not match the host name), but that should not cause the smtp daemon to exit. The setup worked before my last update, but I can't pinpoint the previous version of OpenSMTPD because the maillog rotated away before I noticed the issue. What am I doing wrong here? And how can I debug this further? -- Gregor Best