Hi Martin, Quoting Martin Lambers (2012-12-26 10:34:59) > [..]
> Msmtp resends EHLO after STARTTLS, and in response to that the server > must announce its authentication methods. It is my understanding > that msmtp still needs to be able to send AUTH EXTERNAL to the server, > and therefore it needs AUTH EXTERNAL to be supported by the server > after STARTTLS. Otherwise, how can the client tell the server which > identity to authenticate, and how can it find out if authentication > succeeded? (Note that the client cannot assume that the server uses TLS > certificate credentials for EXTERNAL authentication.) Your points are of course absolutely right. The server doesn't announce any auth methods. The only method should be EXTERNAL with certificates so I suspect the proper behaviour would be to announce EXTERNAL only after STARTTLS. The server is postfix 2.9.5 from the archlinux repo, without any code patches. The only settings are static alias maps and virtual domains. (There is an excerpt of the ssl stuff from the postfix config at the end of this mail.) It does the authentication/verification. I can't send mails without the valid, configured certificate. > See also RFC 4422 Appendix A and the SMTP example given in RFC 4954. Thanks for your response. I am sorry for assuming bugs in msmtp :-) Excerpt from postfix config: smtpd_tls_cert_file = <certfile> smtpd_tls_key_file = <keyfile> smtpd_tls_security_level = may smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtpd_tls_fingerprint_digest = sha1 relay_clientcerts = btree:/etc/postfix/relay_clientcerts Transkript of msmtp session: $ msmtp -vv ignoring system configuration file /etc/msmtprc: No such file or directory loaded user configuration file /home/t-8ch/.msmtprc falling back to default account using account default from /home/t-8ch/.msmtprc host = mail.t-8ch.de port = 25 timeout = off protocol = smtp domain = localhost auth = EXTERNAL user = (not set) password = (not set) passwordeval = (not set) ntlmdomain = (not set) tls = on tls_starttls = on tls_trust_file = (not set) tls_crl_file = (not set) tls_fingerprint = <fingerprint> tls_key_file = <keyfile> tls_cert_file = <certfile> tls_certcheck = on tls_force_sslv3 = off tls_min_dh_prime_bits = (not set) tls_priorities = (not set) auto_from = off maildomain = (not set) from = <from_address> dsn_notify = (not set) dsn_return = (not set) keepbcc = off logfile = <logfile> syslog = (not set) aliases = (not set) reading recipients from the command line <-- 220 homer.t-8ch.de ESMTP Postfix --> EHLO localhost <-- 250-homer.t-8ch.de <-- 250-PIPELINING <-- 250-SIZE 10240000 <-- 250-VRFY <-- 250-ETRN <-- 250-STARTTLS <-- 250-ENHANCEDSTATUSCODES <-- 250-8BITMIME <-- 250 DSN --> STARTTLS <-- 220 2.0.0 Ready to start TLS TLS certificate information: [..] cert stuff --> EHLO localhost <-- 250-homer.t-8ch.de <-- 250-PIPELINING <-- 250-SIZE 10240000 <-- 250-VRFY <-- 250-ETRN <-- 250-ENHANCEDSTATUSCODES <-- 250-8BITMIME <-- 250 DSN --> QUIT <-- 221 2.0.0 Bye msmtp: the server does not support authentication msmtp: could not send mail (account default from /home/t-8ch/.msmtprc) ------------------------------------------------------------------------------ Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512 _______________________________________________ msmtp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/msmtp-users
