On 4/7/19 4:54 AM, Juan Trippe wrote:
1. When you attempt to relay through Bell's smtp relay are you sending
mail as y...@bell.ca or
any of the domains that falls under bell's domains? Perhaps they
implemented a block that
prevents email@example.com, or better even y...@anythingotherthanbell.ca.
What I'm trying to guess at is that bell refuses to relay for anything
other than its domains.
When it was working the sender was y...@local.home.org
After it stopped working I made a /etc/mail/mailname file (which I've since
removed) with sympatico.ca and tried sending as different senders but no luck. I
tried different accounts and changing the passwords, still nothing.
2. Use port 587, check connection with 'openssl s_client -connect
host:587 -starttls smtp'
I tried that and previously "openssl s_client -debug -starttls smtp -crlf
-connect host:25", and after the certificate I get:
That string I gave you needs improvement, add a -quiet so that it
doesn't renegotiate upon R for
535 Authentication failed
Maybe you should use PLAIN instead of LOGIN. I tried to find a good
example for this in the RFC's but resulted reading the smtpd source on
how to do this. Anyhow start skimming RFC 4616, and read the smtpd
source around line 315 in smtp_client.c it seems the Realm or authzid is
blank, so you can construct an AUTH PLAIN string like so:
printf "\0username\0password" | openssl enc -a
I tested this with my username and password on opensmtpd and was able to
relay through it so this fashion works.
when you pass -starttls smtp to openssl s_client you're already
starttls'ed so no need to do it again. Sorry this was misleading.
3. Use section D.1 of RFC 5321 to help you write a test mail, use RFC
4954 to help you construct a
needed authentication, section 4.1 has an example. Steps are a) connect
b) ehlo c) auth d) mail from
e) rcpt to f) data g) quit
4. once you have achieved sending a test mail through the bell relay
reflect what you did into your config. Try sending as firstname.lastname@example.org
and see it fail or not fail, try sending as y...@bell.ca and see it fail
or not fail. Know the capabilities (protocol and behaviour) of the bell
Going off this: https://tools.ietf.org/html/rfc4954#section-4.1
S: 220-smtp.example.com ESMTP Server
C: EHLO client.example.com
S: 250-smtp.example.com Hello client.example.com
S: 250-AUTH GSSAPI DIGEST-MD5
S: 250 STARTTLS
250-AUTH LOGIN PLAIN
250 SIZE 36700160
502 You are not authorized to use SSL
No problem, hope it works for you. I'm gonna try to donate some money
to Gilles for my efforts to teach raw SMTP which has little to do with
I hope that helps in any way. Also just 535 doesn't tell me anything
when I checked it up in RFC 5321 other than that it's a permanent
failure. Was there an error string appended to this code?
This is the line from smtpd -dv that had the error:
c41771ec2113e5d0 mta error reason=AUTH rejected: 535 Authentication failed
Thanks for the ideas, hopefully this will get sorted soon
You received this mail because you are subscribed to email@example.com
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org