On 2025-04-29, at 14:35 +0200, axreios wrote:
On Tue, Apr 29, 2025 at 02:34:00AM +0000, Otto Retter wrote:
Hello,
action "tanoutbound" relay host smtp://mail.airstreamcomm.net auth
<ratable>
action "axreiosoutbound" relay host smtp://mail.airstreamcomm.net
auth <ratable>
As far as I am aware, this would attempt relay over port 25, and
without TLS, which is usually not used for authenticated SMTP. Do you
know what port your ISP's MTA is using for authenticated SMTP?
Usually it would be 465 for implicit TLS or 587 for STARTTLS.
I think you should also include the aliases table key in the host
value. Here is a possible example line for implicit TLS:
'''
action "tanoutbound" relay host
smtps://t...@mail.airstreamcomm.net:465 auth <ratable>
'''
Also, if you actually ran the previous configuration live you may
want to consisder rotating credentials. If TLS was not used an
on-path attacker might have read your credentials in the plain.
- Otto
Thank you Otto for your response and advice. But my problem remains.
Let me approach it this way: in mutt, when I configure it to be its own
smtp server, I set ssl_force_tls=no, ssl_starttls=yes, and
smtp_authenticators=login. What would be the equivalent action line in
smtp.conf? And one further question: can authentication in opensmtpd
handle an isp username in the form of
n...@localisp.net@mail.airstreamcomm.net? Please advise. And thanks
for reading.
axreios
Hi, according to man smtpd.conf, what goes before the @ character is a
label, so you can use anything here, as long as it matches with a line
such as
tan n...@localisp.net:myverysecurepassword
…from your ratable file, which is where the user used for login will be
used, while still connecting to mail.airstreamcomm.net if used after the
@ character in the relay host […] part.
additionally, you can use any of these protocols, but the manual seems
to indicate that authentication will only work when setting smtps or
smtp+tls:
smtp Normal SMTP session with opportunistic STARTTLS (the default).
smtp+tls Normal SMTP session with mandatory STARTTLS.
smtp+notls Plain text SMTP session without TLS.
lmtp LMTP session. port is required.
smtps SMTP session with forced TLS on connection. The default port is
465.
I think simply using smtp+tls://t...@mail.airstreamcomm.net (and same
with axreios) with the right port (usually 587) should work with your
current configuration.
(At least I *hope* that you aren’t sending your password without
encryption on the internet because your ISP doesn’t support STARTTLS.)
I hope this helps.
