Sorry for top post. Make sure your match rules start with the most specific and work your way down to the least specific. 'tag's are your friend. Also you will need to have a
match auth ... rule as auth is no longer the same as local. Edgar On Jan 14, 2019 6:42 AM, Flipchan <[email protected]> wrote: > > I tried to echo it another way (echo -ne '\user\passwd' | base64 ) > and then > auth plain string > and it works > > > Now im getting new errrors :/ or i think i have misconfigured match, i cant > send to external addresses, log: > http://dpaste.com/2M8JMQC.txt > > > On January 14, 2019 1:10:24 PM GMT+01:00, Gilles Chehade <[email protected]> > wrote: > >On Mon, Jan 14, 2019 at 01:03:19PM +0100, Flipchan wrote: > >> Seems like it adds "\^J" to the username , i base64 encode it using: > >> echo "user" | base64 > >> > >> Log from smtpd -dv -T smtp : > >> http://dpaste.com/0CAVJFF.txt > >> > > > >honestly, i'm confused by what you're doing > > > >can you setup a temporary account, with a temporary password, > >authenticate to it > >using a regular MUA (whichever you want, just don't auth manually), > >then trash > >the account and send us logs that aren't doctored ? > > > > > > > >> On January 14, 2019 9:41:42 AM GMT+01:00, Gilles Chehade > ><[email protected]> wrote: > >> >On Sat, Jan 12, 2019 at 05:36:11PM +0100, Flipchan wrote: > >> >> Hey, am tryin to upgrade my opensmtpd > >> >> email server running on openbsd 6.3 towards a new one on 6.4, > >> >> i have used a simple config with the new syntax: > >> >> cat /etc/mail/smtpd.conf > >> >> > >> >> table aliases file:/etc/mail/aliases > >> >> > >> >> #table other-relays file:/etc/mail/other-relays > >> >> > >> >> pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > >> >> pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > >> >> > >> >> listen on lo0 > >> >> listen on vio0 port 587 hostname example.com tls-require pki > >> >mail.example.com auth mask-source > >> >> listen on vio0 port 25 hostname example.com tls pki > >mail.example.com > >> >> > >> >> action "mbox" mbox alias <aliases> > >> >> action "relay" relay > >> >> > >> >> match for local action "mbox" > >> >> match for any action "relay" > >> >> match from any for domain example.com action "mbox" > >> >> > >> >> > >> >> i cant login with a users regular username and passwd which is > >weird. > >> > > >> >> In the documentation it says that it is suppose to take regular > >user > >> >creds if not a table is defined which it is not. > >> >> https://man.openbsd.org/smtpd.conf#listen_on > >> >> > >> >> "Users are authenticated against either their own normal login > >> >credentials or a credentials table authtable, the format of which is > >> >described in table(5)." > >> >> > >> >> Does anyone know what im doing wrong here? > >> >> > >> >> maillog: > >> >> Jan 12 16:47:49 host smtpd[95842]: XXXXXXXXXXXXXXX smtp connected > >> >address=ip host=ip Jan 12 16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp starttls address=ip host=ip > >> >ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, > >bits=256" > >> >Jan 12 16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp failed-command address=ip > >host=ip > >> >command="AUTH PLAIN (...)" result="535 Authentication failed" Jan 12 > >> >16:47:49 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp authentication user=user > >> >address=ip host=ip result=permfail Jan 12 16:47:50 host > >> >> smtpd[95842]: XXXXXXXXXXXXXXX smtp failed-command address=ip > >host=ip > >> >command="AUTH LOGIN (password)" result="535 Authentication failed" > >> >> > >> > > >> >Hi, > >> > > >> >First of all, it should read mask-src and not mask-source, otherwise > >> >the > >> >auth keyword is assuming a table containing literal string > >> >"mask-source" > >> >and this will cause authentication to fail. > >> > > >> >A good method to troubleshoot, is to run smtpd in trace mode: > >> > > >> > smtpd -dv -T smtp > >> > > >> >create a test user with a temporary password, so you can share the > >> >trace > >> >output here and we can try to figure out what's wrong ... but likely > >> >the > >> >mask-source issue is the cause here. > >> > > >> > > >> >-- > >> >Gilles Chehade @poolpOrg > >> > > >> >https://www.poolp.org tip me: > >> >https://paypal.me/poolpOrg > >> > >> -- > >> Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > >-- > >Gilles Chehade @poolpOrg > > > >https://www.poolp.org tip me: > >https://paypal.me/poolpOrg > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
