Problem with simple user authentication scheme

[Panagiotis Atmatzidis]

Greetings to everyone,

I am trying to configure OpenSMTD with TLS + simple auth in order to be able to 
send email from my laptop and mobile using the server.

My 'smtpd.conf' is:
-

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# SSL PKI Certificates
pki domain.net certificate "/etc/mail/certs/host.cert"
pki domain.net key "/etc/mail/certs/host.key"

# If you edit the file, you have to run "smtpctl update table aliases"
table users "/usr/local/etc/mail/virtual.users.txt"
table domains   "/usr/local/etc/mail/virtual.domains.txt"
table secrets   "/usr/local/etc/mail/secrets"
table virtuals  "/usr/local/etc/mail/virtual.aliases.txt"
table aliases   db:/usr/local/etc/mail/aliases.db

# To accept external mail, replace with: listen on all
listen on 127.0.0.1 
listen on xx.xx.xx.xx secure pki domain.net auth  hostname domain.net

accept for local alias  deliver to mbox
accept from any for domain  relay via lmtp://127.0.0.1:2026 
accept from any for domain  alias 
-

My 'secrets' file looks like this:
-
root@domain:/usr/local/etc/mail # cat secrets 
atma => test:test123
-

The server runs successfully (see log below)  and I try to test my connection 
using OpenSSL:
-
$ openssl s_client -connect domain.net:465
CONNECTED(0003)
[...]
220 domain.net ESMTP OpenSMTPD
EHLO domain.net
250-domain.net Hello domain.net [xxx.xxx.xx.xxx], pleased to meet you
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE 36700160
250-DSN
250-AUTH PLAIN LOGIN
250 HELP
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdA==# <= my input from: perl -MMIME::Base64 -e 'print 
encode_base64("test");'   
334 UGFzc3dvcmQ6
dGVzdDEyMw==# <= my input from: perl -MMIME::Base64 -e 'print 
encode_base64("test123");' 
535 Authentication failed
read:errno=0
-

In the meantime in the server I can see the logs complaining of course:

-
root@domain:/usr/local/etc/mail # smtpd -dv
debug: init ssl-tree
info: loading pki information for domain.net
info: OpenSMTPD 5.4.2p1 starting
debug: bounce warning after 4h
debug: using "fs" queue backend
debug: using "ramqueue" scheduler backend
debug: using "ram" stat backend
info: startup [debug mode]
debug: queue: done loading queue into scheduler
mfa: building simple chains...
mfa: building complex chains...
mfa: done building complex chains
mfa: done building default chain
libevent 1.4.14b-stable (kqueue)
debug: parent_send_config_ruleset: reloading
debug: parent_send_config_mfa: reloading
debug: parent_send_config: configuring smtp
debug: mfa ready
debug: smtp: listen on 1xx.xx.xx.xx port 25 flags 0x49 pki "domain.net"
debug: smtp: listen on 1xx.xx.xx.xx port 465 flags 0x4a pki "domain.net"
debug: smtp: listen on 127.0.0.1 port 25 flags 0x0 pki ""
debug: smtp: will accept at most 14392 clients
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done
debug: smtp: new client on listener: 0x8024b6000
smtp-in: New session 21ee5e1eb2e647db from host 217.70.my-adsl.net [xx.xx.xx.xx]
debug: lka: looking up pki "domain.net"
debug: session_start_ssl: switching to SSL
smtp-in: Started TLS on session 21ee5e1eb2e647db: version=TLSv1/SSLv3, 
cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256
debug: lka: authenticating for secrets:test
smtp-in: Authentication failed for user test on session 21ee5e1eb2e647db
smtp-in: Failed command on session 21ee5e1eb2e647db: "dGVzdDEyMw==" => 535 
Authentication failed
smtp-in: Disconnecting session 21ee5e1eb2e647db: session timeout
debug: smtp: 0x8024ba000: deleting session: timeout
-

I'd like to know how can I fix my table in order to match/accept emails from 
users. I'm probably doing some mistake in the 'secrets' file syntax.

Any hints and/or ideas would be welcomed. Thanks for the excellent piece of 
software :-)

Best regards,

atmosx



Panagiotis (atmosx) Atmatzidis

email:  a...@convalesco.org
URL:http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5

"As you set out for Ithaca, hope the voyage is a long one, full of adventure, 
full of discovery [...]" - C. P. Cavafy






signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Compile errors compiling opensmtpd-latest on the most recent openbsd -current

[Gilles Chehade]

ok, new snapshot will be generated tomorrow, not today

Gilles


On Thu, May 08, 2014 at 06:16:48AM -0700, Barbier, Jason wrote:
> So I have the most recent snap installed to my machine and when I try to
> compile latest I get
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
> 'dns_imsg':
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:219: warning:
> assignment from incompatible pointer type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:246: warning:
> assignment from incompatible pointer type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:269: warning:
> assignment from incompatible pointer type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
> 'dns_dispatch_host':
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:297: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:306: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:307: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:309: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:310: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
> 'dns_dispatch_ptr':
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:330: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:331: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
> 'dns_dispatch_mx':
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:348: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:348: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:352: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:354: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:360: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:364: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:364: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:378: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
> 'dns_dispatch_mx_preference':
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:396: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:397: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:399: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:400: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:407: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:407: error:
> dereferencing pointer to incomplete type
> /home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:423: error:
> dereferencing pointer to incomplete type
> *** Error 1 in smtpd (:87 'dns.o')
> *** Error 1 in /home/kusuriya/opensmtpd-201405071639 (:48
> 'all')
> 
> any ideas?
> 
> -- 
> Jason Barbier | jab...@serversave.us

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Compile errors compiling opensmtpd-latest on the most recent openbsd -current

[Barbier, Jason]

So I have the most recent snap installed to my machine and when I try to
compile latest I get
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
'dns_imsg':
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:219: warning:
assignment from incompatible pointer type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:246: warning:
assignment from incompatible pointer type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:269: warning:
assignment from incompatible pointer type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
'dns_dispatch_host':
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:297: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:306: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:307: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:309: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:310: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
'dns_dispatch_ptr':
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:330: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:331: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
'dns_dispatch_mx':
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:348: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:348: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:352: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:354: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:360: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:364: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:364: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:378: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c: In function
'dns_dispatch_mx_preference':
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:396: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:397: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:399: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:400: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:407: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:407: error:
dereferencing pointer to incomplete type
/home/kusuriya/opensmtpd-201405071639/smtpd/../dns.c:423: error:
dereferencing pointer to incomplete type
*** Error 1 in smtpd (:87 'dns.o')
*** Error 1 in /home/kusuriya/opensmtpd-201405071639 (:48
'all')

any ideas?

-- 
Jason Barbier | jab...@serversave.us

Re: new privsep for rsa and ca [was: [OpenSMTPD] master snapshot opensmtpd-201405071639 available]

[Gilles Chehade]

On Thu, May 08, 2014 at 05:08:36AM +0200, Jason A. Donenfeld wrote:
> On Wed, May 7, 2014 at 4:43 PM,  wrote:
> >
> > - RSA engine privsep by reyk@
> > - ca process, by reyk
> 
> 
> Do these require new UIDs/usernames?

no, no new UID/username required

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Building snapshots on 5.5-stable?

[John Cox]

Hi

>On Tue, May 06, 2014 at 10:17:01AM +0100, John Cox wrote:
>> Hi
>> 
>> Is it possible to build snapshots on OpenBSD-5.5-Stable (built from
>> source because as far as I can tell the release ISO still contains
>> Heartbleed)?
>> 
>> Neither the OpenBSD or the Portable version works for me.  I can
>> understand that the OpenBSD version tracks current and may fail to
>> build at any point, but I was hopeful theat the portable vsrsion might
>> be more portable...
>> 
>> I'd like to follow this project and maybe help if I ever have the time
>> (which is, at the moment, I admit, unlikely) but I really don't have
>> the time to try and follow OpenBSD-current
>> 
>> Many thanks
>> 
>> John Cox
>
>Hi,
>
>Sorry for the breakage.  The new snapshot should now work on both
>current and stable. Please try it out.

Sadly it still doesn't build - the problem has moved on:

cc -O2 -pipe  -I/home/jc/opensmtpd-201405071639/smtpd/../asr -g3 -ggdb
-I/home/jc/opensmtpd-201405071639/smtpd/.. -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -Wbounded -DIO_SSL -DQUEUE_PROFILING   -c
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_query.c
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_query.c: In function
'res_query':
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_query.c:63: warning:
comparison between signed and unsigned
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_query.c: In function
'res_search':
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_query.c:105: warning:
comparison between signed and unsigned
cc -O2 -pipe  -I/home/jc/opensmtpd-201405071639/smtpd/../asr -g3 -ggdb
-I/home/jc/opensmtpd-201405071639/smtpd/.. -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -Wbounded -DIO_SSL -DQUEUE_PROFILING   -c
/home/jc/opensmtpd-201405071639/smtpd/../res_search_async.c
cc -O2 -pipe  -I/home/jc/opensmtpd-201405071639/smtpd/../asr -g3 -ggdb
-I/home/jc/opensmtpd-201405071639/smtpd/.. -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -Wbounded -DIO_SSL -DQUEUE_PROFILING   -c
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_send.c
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_send.c: In function
'__res_send':
/home/jc/opensmtpd-201405071639/smtpd/../asr/res_send.c:55: warning:
comparison between signed and unsigned
cc -O2 -pipe  -I/home/jc/opensmtpd-201405071639/smtpd/../asr -g3 -ggdb
-I/home/jc/opensmtpd-201405071639/smtpd/.. -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -Wbounded -DIO_SSL -DQUEUE_PROFILING   -c
/home/jc/opensmtpd-201405071639/smtpd/../res_send_async.c
/home/jc/opensmtpd-201405071639/smtpd/../res_send_async.c: In function
'res_send_async':
/home/jc/opensmtpd-201405071639/smtpd/../res_send_async.c:70: warning:
cast discards qualifiers from pointer target type
cc -O2 -pipe  -I/home/jc/opensmtpd-201405071639/smtpd/../asr -g3 -ggdb
-I/home/jc/opensmtpd-201405071639/smtpd/.. -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -Wbounded -DIO_SSL -DQUEUE_PROFILING   -c
/home/jc/opensmtpd-201405071639/smtpd/../asr/sethostent.c
cc -O2 -pipe  -I/home/jc/opensmtpd-201405071639/smtpd/../asr -g3 -ggdb
-I/home/jc/opensmtpd-201405071639/smtpd/.. -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -Wbounded -DIO_SSL -DQUEUE_PROFILING   -c
/home/jc/opensmtpd-201405071639/smtpd/../asr/event_asr_run.c
cc   -o smtpd aliases.o bounce.o ca.o compress_backend.o config.o
control.o crypto.o delivery.o dict.o dns.o envelope.o esc.o expand.o
forward.o iobuf.o ioev.o limit.o lka.o lka_session.o log.o mda.o
mproc.o mta.o mta_session.o parse.o pony.o queue.o queue_backend.o
ruleset.o runq.o scheduler.o scheduler_backend.o smtp.o smtp_session.o
smtpd.o ssl.o ssl_privsep.o ssl_smtpd.o stat_backend.o table.o to.o
tree.o util.o waitq.o compress_gzip.o delivery_filename.o
delivery_maildir.o delivery_mbox.o delivery_mda.o delivery_lmtp.o
table_db.o table_getpwnam.o table_proc.o table_static.o queue_fs.o
queue_null.o queue_proc.o queue_ram.o scheduler_ramqueue.o
scheduler_null.o scheduler_proc.o stat_ramstat.o asr.o asr_debug.o
asr_utils.o getaddrinfo.o getaddrinfo_async.o gethostnamadr.o
gethostnamadr_async.o getnameinfo.o getnameinfo_async.o getnetnamadr.o
getnetnamadr_async.o getrrsetbyname.o getrrsetbyname_async.o
res_debug.o res_init.o res_mkquery.o res_query.o res_search_async.o
res_send.o res_send_async.o sethostent.o event_asr_run.o -levent
-lutil -lssl -lcrypto -lm -lz
asr.o(.text+0x5c7): In function `asr_resolver_done':
/home/jc/opensmtpd-201405071639/smtpd/../asr.c:164: undefined
reference to `_THREAD_PRIVATE'
asr.o(.text+0x17ee): In function `asr_use_resolver':
/home/jc/opensmtpd-201405071639/smtpd/..