On 4/7/19 4:54 AM, Juan Trippe wrote:
Hello Peter,

Good morning.


1.  When you attempt to relay through Bell's smtp relay are you sending
mail as y...@bell.ca or

any of the domains that falls under bell's domains?  Perhaps they
implemented a block that

prevents you@home.local, or better even y...@anythingotherthanbell.ca.
What I'm trying to guess at is that bell refuses to relay for anything
other than its domains.
When it was working the sender was y...@local.home.org

After it stopped working I made a /etc/mail/mailname file (which I've since
removed) with sympatico.ca and tried sending as different senders but no luck. I
tried different accounts and changing the passwords, still nothing.

2.  Use port 587, check connection with 'openssl  s_client -connect
host:587 -starttls smtp'
I tried that and previously "openssl s_client -debug -starttls smtp -crlf
-connect host:25", and after the certificate I get:


That string I gave you needs improvement, add a -quiet so that it doesn't renegotiate upon R for

RCPT TO:


---
250 STARTTLS
AUTH LOGIN
334 VXNlcm5hbWU6
BASE64USERNAME
334 UGFzc3dvcmQ6
BASE64PASSWORD
535 Authentication failed

Maybe you should use PLAIN instead of LOGIN.  I tried to find a good example for this in the RFC's but resulted reading the smtpd source on how to do this.  Anyhow start skimming RFC 4616, and read the smtpd source around line 315 in smtp_client.c it seems the Realm or authzid is blank, so you can construct an AUTH PLAIN string like so:

printf "\0username\0password" | openssl enc -a

I tested this with my username and password on opensmtpd and was able to relay through it so this fashion works.

3. Use section D.1 of RFC 5321 to help you write a test mail, use RFC
4954 to help you construct a

needed authentication, section 4.1 has an example.  Steps are a) connect
b) ehlo c) auth d) mail from

e) rcpt to f) data g) quit

4. once you have achieved sending a test mail through the bell relay
reflect what you did into your config.   Try sending as root@home.local
and see it fail or not fail, try sending as y...@bell.ca and see it fail
or not fail.  Know the capabilities (protocol and behaviour) of the bell
relay.
  Going off this: https://tools.ietf.org/html/rfc4954#section-4.1

    S: 220-smtp.example.com ESMTP Server
    C: EHLO client.example.com
    S: 250-smtp.example.com Hello client.example.com
    S: 250-AUTH GSSAPI DIGEST-MD5
    S: 250-ENHANCEDSTATUSCODES
    S: 250 STARTTLS
    C: STARTTLS

I get:

250 STARTTLS
EHLO
250-mtlspm02.bell.net
250-HELP
250-XREMOTEQUEUE
250-ETRN
250-CHUNKING
250-BINARYMIME
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250-PIPELINING
250-DSN
250-8BITMIME
250 SIZE 36700160
STARTTLS
502 You are not authorized to use SSL

when you pass -starttls smtp to openssl s_client you're already starttls'ed so no need to do it again.  Sorry this was misleading.

I hope that helps in any way.  Also just 535 doesn't tell me anything
when I checked it up in RFC 5321 other than that it's a permanent
failure.  Was there an error string appended to this code?
This is the line from smtpd -dv that had the error:

c41771ec2113e5d0 mta error reason=AUTH rejected: 535 Authentication failed

Thanks for the ideas, hopefully this will get sorted soon

No problem, hope it works for you.  I'm gonna try to donate some money to Gilles for my efforts to teach raw SMTP which has little to do with opensmtpd.

Regards,

-peter


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to