> On 14 Jun 2021, at 19:20, François RONVAUX <[email protected]> wrote: > > Thanks for the reply. > I will have a look at smtpctl encrypt... > > > According to this ressource (section "Credentials tables"): > https://man.openbsd.org/OpenBSD-6.9/table.5 > ------------------------------------------------------ > In a relay context, the credentials are a mapping of labels and > username:password pairs: > > label1 user:password > > The label must be unique and is used as a selector for the proper credentials > when multiple credentials are valid for a single destination. > The password is not encrypted as it must be provided to the remote host. > ------------------------------------------------------ > > It clearly states that the password must be not encrypted. > Maybe this man page is not up to date ?
For mta authentication, when your server authenticates elsewhere, the password is not encrypted because it can’t, it must be supplied to the remote server. For listener authentication, when a client authenticates to your machine, the password is encrypted because we use crypt(3) to validate. In your mail, you showed the listen configuration: listen on egress inet4 \ tls-require \ auth So I assumed you were talking about incoming authentication. > And I run and old OpenSMTPD v6.4.0 with relaying e-mails to a gmail account > and it does work with not-encrypted password in the secret file. > When did this requirement of encrypted password change ? > > Regards. > > > > > > > > > Le lun. 14 juin 2021 à 14:08, <[email protected]> a écrit : > June 14, 2021 9:19 AM, "François RONVAUX" <[email protected]> wrote: > >> Hello, >> >> I have a mail server "mx1" with this listening section : >> ------------------------------------------- >> listen on egress inet4 \ >> tls-require \ >> auth >> ------------------------------------------- >> >> I have also a server "test" and I would want to authenticate the user when >> sending an e-mail to the >> server "mx1" but I get an error : >> ------------------------------------------- >> test smtpd[9309]: f3880cf18b73253d mta error reason=AUTH rejected: 535 >> Authentication failed >> ------------------------------------------- >> >> "test" seems to connect properly on "mx1" but the error does occur on the >> user authentication. >> >> Because I can perfectly connect to "mx1" with a MUA like Thunderbird, it >> makes me think the error >> should be located on the opensmtpd "test" secrets file : >> ------------------------------------------- >> foo [email protected]:password >> ------------------------------------------- >> >> The password is 40 digits long and looks like this : >> C>(3")GID~7B7%{~LIq_G*JdP6fTW*"[`G)<k?(G >> >> Can a special character be a problem in the password field ? >> If yes, how to deal with it ? >> >> Thanks for your suggestions. > > The problem is not that there's a special character but that the password > should be crypt(3)-ed, > look at smtpctl encrypt
