November 9, 2024 7:24 AM, bf...@0x.co wrote: > On Mon, 4 Nov 2024, Philipp wrote: > >>> My opensmtpd server does not use TLS nor does it have certs - it does NOT >>> have any lines like these examples: >>> >>> # PKI for TLS >>> pki example.com cert "/etc/ssl/example.com.crt" >>> pki example.com key "/etc/ssl/private/example.com.key" >>> >>> .. and I did not create any cart/key for this server. >>> >>> On my iphone I did NOT select "Use SSL" and my auth is simple "password". >> >> OpenSMTPD doesn't suport auth without TLS. It doesn't even advertise >> auth without TLS[0]. So to get your server working you need to get an >> TLS cert (bonus points if it's trusted by your iphone). Add a pki >> to your smtpd config. Then add something like: >> >> ... tls pki $pkiname auth[-optional] ... > > I don't understand how this can be as I am using my non-tls opensmtpd server > from other clients > with username and password auth and it works fine without tls.... > > That is: my opensmtpd server has a username/password in the actual > /etc/passwd file and if I give > that user/pass along with the hostname to a primitive mail client, it works. > I can send mail with > that password auth. > > I just can't do it with the iphone. > > Maybe we mean different things by "auth" ?
Philipp is right. OpenSMTPD does not advertise AUTH unless the session is marked as secure, so it does not accept any kind of credential unless you have tls setup. It's been the case since day 1 so it's not something that has changed, or that will ever change: TLS is required for authentication. You might want to run with `-T smtp` enabled and inspect as you triggger, but I'm 100% positive that the mail client is either configured to do TLS or that it tries to do TLS regardless of the config.
