Greetings to everyone, I am trying to configure OpenSMTD with TLS + simple auth in order to be able to send email from my laptop and mobile using the server.
My 'smtpd.conf' is:
-----------------------------------------------------------------------------
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
# SSL PKI Certificates
pki domain.net certificate "/etc/mail/certs/host.cert"
pki domain.net key "/etc/mail/certs/host.key"
# If you edit the file, you have to run "smtpctl update table aliases"
table users "/usr/local/etc/mail/virtual.users.txt"
table domains "/usr/local/etc/mail/virtual.domains.txt"
table secrets "/usr/local/etc/mail/secrets"
table virtuals "/usr/local/etc/mail/virtual.aliases.txt"
table aliases db:/usr/local/etc/mail/aliases.db
# To accept external mail, replace with: listen on all
listen on 127.0.0.1
listen on xx.xx.xx.xx secure pki domain.net auth <secrets> hostname domain.net
accept for local alias <aliases> deliver to mbox
accept from any for domain <domains> relay via lmtp://127.0.0.1:2026
accept from any for domain <domains> alias <virtuals>
-----------------------------------------------------------------------------
My 'secrets' file looks like this:
-----------------------------------------------------------------------------
root@domain:/usr/local/etc/mail # cat secrets
atma => test:test123
-----------------------------------------------------------------------------
The server runs successfully (see log below) and I try to test my connection
using OpenSSL:
-----------------------------------------------------------------------------
$ openssl s_client -connect domain.net:465
CONNECTED(00000003)
[...]
220 domain.net ESMTP OpenSMTPD
EHLO domain.net
250-domain.net Hello domain.net [xxx.xxx.xx.xxx], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 36700160
250-DSN
250-AUTH PLAIN LOGIN
250 HELP
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdA== # <= my input from: perl -MMIME::Base64 -e 'print
encode_base64("test");'
334 UGFzc3dvcmQ6
dGVzdDEyMw== # <= my input from: perl -MMIME::Base64 -e 'print
encode_base64("test123");'
535 Authentication failed
read:errno=0
-----------------------------------------------------------------------------
In the meantime in the server I can see the logs complaining of course:
-----------------------------------------------------------------------------
root@domain:/usr/local/etc/mail # smtpd -dv
debug: init ssl-tree
info: loading pki information for domain.net
info: OpenSMTPD 5.4.2p1 starting
debug: bounce warning after 4h
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
info: startup [debug mode]
debug: queue: done loading queue into scheduler
mfa: building simple chains...
mfa: building complex chains...
mfa: done building complex chains
mfa: done building default chain
libevent 1.4.14b-stable (kqueue)
debug: parent_send_config_ruleset: reloading
debug: parent_send_config_mfa: reloading
debug: parent_send_config: configuring smtp
debug: mfa ready
debug: smtp: listen on 1xx.xx.xx.xx port 25 flags 0x49 pki "domain.net"
debug: smtp: listen on 1xx.xx.xx.xx port 465 flags 0x4a pki "domain.net"
debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki ""
debug: smtp: will accept at most 14392 clients
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x8024b6000
smtp-in: New session 21ee5e1eb2e647db from host 217.70.my-adsl.net [xx.xx.xx.xx]
debug: lka: looking up pki "domain.net"
debug: session_start_ssl: switching to SSL
smtp-in: Started TLS on session 21ee5e1eb2e647db: version=TLSv1/SSLv3,
cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256
debug: lka: authenticating for secrets:test
smtp-in: Authentication failed for user test on session 21ee5e1eb2e647db
smtp-in: Failed command on session 21ee5e1eb2e647db: "dGVzdDEyMw==" => 535
Authentication failed
smtp-in: Disconnecting session 21ee5e1eb2e647db: session timeout
debug: smtp: 0x8024ba000: deleting session: timeout
-----------------------------------------------------------------------------
I'd like to know how can I fix my table in order to match/accept emails from
users. I'm probably doing some mistake in the 'secrets' file syntax.
Any hints and/or ideas would be welcomed. Thanks for the excellent piece of
software :-)
Best regards,
atmosx
Panagiotis (atmosx) Atmatzidis
email: [email protected]
URL: http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5
"As you set out for Ithaca, hope the voyage is a long one, full of adventure,
full of discovery [...]" - C. P. Cavafy
signature.asc
Description: Message signed with OpenPGP using GPGMail
