ping On Wed, Dec 3, 2014 at 9:10 AM, Abel Abraham Camarillo Ojeda <acam...@verlet.org> wrote: > Hi Gilles, > > On Wed, Dec 3, 2014 at 8:27 AM, Gilles Chehade <gil...@poolp.org> wrote: >> Nope it shouldn't because: >> >>> > listen on egress tls pki test.verlet.org auth >> >> This will authenticate users against the system and will use the username >> you provide in the SMTP session as the login to search credentials for. >> >> Therefore, when you configure your MUA to send an email address as the >> username: longemailabcde@abcdef.ghijklmno , the user lookup on the system >> fails which causes your auth to fail. > > Yes, in my case where I found this we use auth <creds> to use an > external credential table: > > pki test.verlet.org certificate "/etc/ssl/localhost.pem" > pki test.verlet.org key "/etc/ssl/private/localhost.key" > > table cred file:/etc/mail/tbl/cred > listen on egress tls pki test.verlet.org auth <cred> > > reject > > > in /etc/mail/tbl/cred (password: example): > > correo-voz-010@abcdef.ghijklmno > $2a$06$qHGSfIa9aAgzjWqO1t.ffOhaR9XG1MNI/tQ0jLKB6uxP5.lMfQtZe > correo-voz-010@abcdef.ghijklmnop > $2a$06$qHGSfIa9aAgzjWqO1t.ffOhaR9XG1MNI/tQ0jLKB6uxP5.lMfQtZe > > The user does exist on the auth table. > > Authenticating the first user works: > > --> AUTH PLAIN AGNvcnJlby12b3otMDEwQGFiY2RlZi5naGlqa2xtbm8AZXhhbXBsZQ== > <-- 235 2.0.0: Authentication succeeded > > but the second fails: > > --> AUTH PLAIN AGNvcnJlby12b3otMDEwQGFiY2RlZi5naGlqa2xtbm9wAGV4YW1wbGU= > <-- 501 5.5.2 Syntax error: Syntax error > > Are usernames on auth tables with length larger than 31 chars allowed? > (this usernames do work on our current mail systems) > > if they are not allowed, shouldn't smtpd complain when loading such table? > >> As for the "Syntax Error" on large usernames, I'll think of a better way >> to phrase it, this is the default Enhanced Status Code message for this >> kind of errors, we should probably override with a more descriptive error. >> >> > > I'm ok with the syntax error message, but should large usernames work? > > Thank you very much. > > >> >> >> On Mon, Dec 01, 2014 at 08:49:36PM -0600, Abel Abraham Camarillo Ojeda wrote: >>> Any ideas, should this work? >>> >>> On Mon, Dec 1, 2014 at 5:39 AM, Abel Abraham Camarillo Ojeda >>> <acam...@verlet.org> wrote: >>> > Hi >>> > >>> > Found on OpenBSD/5.5, reproduced in OpenBSD-current: >>> > >>> > I have a problem when authenticating a user whose >>> > username is bigger than 31 chars: >>> > >>> > expected - auth longemailabcde@abcdef.ghijklmno: >>> > smtp-in: Authentication failed for user >>> > longemailabcde@abcdef.ghijklmno on session 9b03fc72ca051521 >>> > >>> > got - auth longemailabcde@abcdef.ghijklmnop: >>> > smtp-in: Failed command on session fd98324226959da6: "AUTH [...]" => >>> > 501 5.5.2 Syntax error: Syntax error >>> > >>> > >>> > expected: >>> > # smtpd -dv >>> > >>> > debug: init ssl-tree >>> > info: loading pki information for test.verlet.org >>> > info: OpenSMTPD 5.4.3 starting >>> > debug: bounce warning after 4h >>> > debug: using "fs" queue backend >>> > debug: using "ramqueue" scheduler backend >>> > debug: using "ram" stat backend >>> > info: startup [debug mode] >>> > debug: parent_send_config_ruleset: reloading >>> > debug: parent_send_config: configuring pony process >>> > debug: parent_send_config: configuring ca process >>> > debug: queue: done loading queue into scheduler >>> > debug: init ssl-tree >>> > info: loading pki keys for test.verlet.org >>> > debug: ca_engine_init: using RSAX engine support >>> > debug: smtp: listen on 172.16.0.2 port 25 flags 0x449 pki >>> > "test.verlet.org" >>> > debug: smtp: listen on 127.0.0.1 port 25 flags 0x400 pki "" >>> > debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x400 pki "" >>> > debug: smtp: listen on IPv6:::1 port 25 flags 0x400 pki "" >>> > debug: pony: rsae_init >>> > debug: pony: rsae_init >>> > debug: init private ssl-tree >>> > debug: smtp: will accept at most 500 clients >>> > debug: smtpd: scanning offline queue... >>> > debug: smtpd: offline scanning done >>> > debug: smtp: new client on listener: 0x1659acf84000 >>> > smtp: 0x1658f9739000: STATE_NEW -> STATE_CONNECTED >>> > smtp-in: New session 9b03fc72ca051521 from host maetel.00z [172.16.0.2] >>> > smtp: 0x1658f9739000: >>> 220 maetel.00z ESMTP OpenSMTPD >>> > smtp: 0x1658f9739000: <<< EHLO localhost >>> > smtp: 0x1658f9739000: STATE_CONNECTED -> STATE_HELO >>> > smtp: 0x1658f9739000: >>> 250-maetel.00z Hello localhost [172.16.0.2], >>> > pleased to meet you >>> > smtp: 0x1658f9739000: >>> 250-8BITMIME >>> > smtp: 0x1658f9739000: >>> 250-ENHANCEDSTATUSCODES >>> > smtp: 0x1658f9739000: >>> 250-SIZE 36700160 >>> > smtp: 0x1658f9739000: >>> 250-DSN >>> > smtp: 0x1658f9739000: >>> 250-STARTTLS >>> > smtp: 0x1658f9739000: >>> 250 HELP >>> > smtp: 0x1658f9739000: <<< STARTTLS >>> > smtp: 0x1658f9739000: >>> 220 2.0.0: Ready to start TLS >>> > smtp: 0x1658f9739000: STATE_HELO -> STATE_TLS >>> > debug: lka: looking up pki "test.verlet.org" >>> > debug: session_start_ssl: switching to SSL >>> > debug: pony: rsae_priv_enc >>> > smtp-in: Started TLS on session 9b03fc72ca051521: version=TLSv1/SSLv3, >>> > cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256 >>> > smtp: 0x1658f9739000: STATE_TLS -> STATE_HELO >>> > smtp: 0x1658f9739000: <<< EHLO localhost >>> > smtp: 0x1658f9739000: STATE_HELO -> STATE_HELO >>> > smtp: 0x1658f9739000: >>> 250-maetel.00z Hello localhost [172.16.0.2], >>> > pleased to meet you >>> > smtp: 0x1658f9739000: >>> 250-8BITMIME >>> > smtp: 0x1658f9739000: >>> 250-ENHANCEDSTATUSCODES >>> > smtp: 0x1658f9739000: >>> 250-SIZE 36700160 >>> > smtp: 0x1658f9739000: >>> 250-DSN >>> > smtp: 0x1658f9739000: >>> 250-AUTH PLAIN LOGIN >>> > smtp: 0x1658f9739000: >>> 250 HELP >>> > smtp: 0x1658f9739000: <<< AUTH PLAIN >>> > AGxvbmdlbWFpbGFiY2RlQGFiY2RlZi5naGlqa2xtbm8AdGVzdHBhc3M= >>> > smtp: 0x1658f9739000: STATE_HELO -> STATE_AUTH_INIT >>> > smtp-in: Authentication failed for user >>> > longemailabcde@abcdef.ghijklmno on session 9b03fc72ca051521 >>> > smtp: timing-attack protection triggered, will defer answer for 741286 >>> > microseconds >>> > smtp: 0x1658f9739000: >>> 535 Authentication failed >>> > smtp-in: Failed command on session 9b03fc72ca051521: "AUTH [...]" => >>> > 535 Authentication failed >>> > smtp: 0x1658f9739000: STATE_AUTH_INIT -> STATE_HELO >>> > smtp-in: Received disconnect from session 9b03fc72ca051521 >>> > debug: smtp: 0x1658f9739000: deleting session: disconnected >>> > >>> > >>> > got: >>> > debug: init ssl-tree >>> > info: loading pki information for test.verlet.org >>> > info: OpenSMTPD 5.4.3 starting >>> > debug: bounce warning after 4h >>> > debug: using "fs" queue backend >>> > debug: using "ramqueue" scheduler backend >>> > debug: using "ram" stat backend >>> > info: startup [debug mode] >>> > debug: queue: done loading queue into scheduler >>> > debug: init ssl-tree >>> > info: loading pki keys for test.verlet.org >>> > debug: parent_send_config_ruleset: reloading >>> > debug: parent_send_config: configuring pony process >>> > debug: parent_send_config: configuring ca process >>> > debug: ca_engine_init: using RSAX engine support >>> > debug: smtp: listen on 172.16.0.2 port 25 flags 0x449 pki >>> > "test.verlet.org" >>> > debug: smtp: listen on 127.0.0.1 port 25 flags 0x400 pki "" >>> > debug: smtp: listen on IPv6:fe80::1%lo0 port 25 flags 0x400 pki "" >>> > debug: smtp: listen on IPv6:::1 port 25 flags 0x400 pki "" >>> > debug: pony: rsae_init >>> > debug: pony: rsae_init >>> > debug: init private ssl-tree >>> > debug: smtp: will accept at most 500 clients >>> > debug: smtpd: scanning offline queue... >>> > debug: smtpd: offline scanning done >>> > debug: smtp: new client on listener: 0x122f4cfd000 >>> > smtp: 0x122aab01000: STATE_NEW -> STATE_CONNECTED >>> > smtp-in: New session fd98324226959da6 from host maetel.00z [172.16.0.2] >>> > smtp: 0x122aab01000: >>> 220 maetel.00z ESMTP OpenSMTPD >>> > smtp: 0x122aab01000: <<< EHLO localhost >>> > smtp: 0x122aab01000: STATE_CONNECTED -> STATE_HELO >>> > smtp: 0x122aab01000: >>> 250-maetel.00z Hello localhost [172.16.0.2], >>> > pleased to meet you >>> > smtp: 0x122aab01000: >>> 250-8BITMIME >>> > smtp: 0x122aab01000: >>> 250-ENHANCEDSTATUSCODES >>> > smtp: 0x122aab01000: >>> 250-SIZE 36700160 >>> > smtp: 0x122aab01000: >>> 250-DSN >>> > smtp: 0x122aab01000: >>> 250-STARTTLS >>> > smtp: 0x122aab01000: >>> 250 HELP >>> > smtp: 0x122aab01000: <<< STARTTLS >>> > smtp: 0x122aab01000: >>> 220 2.0.0: Ready to start TLS >>> > smtp: 0x122aab01000: STATE_HELO -> STATE_TLS >>> > debug: lka: looking up pki "test.verlet.org" >>> > debug: session_start_ssl: switching to SSL >>> > debug: pony: rsae_priv_enc >>> > smtp-in: Started TLS on session fd98324226959da6: version=TLSv1/SSLv3, >>> > cipher=ECDHE-RSA-CHACHA20-POLY1305, bits=256 >>> > smtp: 0x122aab01000: STATE_TLS -> STATE_HELO >>> > smtp: 0x122aab01000: <<< EHLO localhost >>> > smtp: 0x122aab01000: STATE_HELO -> STATE_HELO >>> > smtp: 0x122aab01000: >>> 250-maetel.00z Hello localhost [172.16.0.2], >>> > pleased to meet you >>> > smtp: 0x122aab01000: >>> 250-8BITMIME >>> > smtp: 0x122aab01000: >>> 250-ENHANCEDSTATUSCODES >>> > smtp: 0x122aab01000: >>> 250-SIZE 36700160 >>> > smtp: 0x122aab01000: >>> 250-DSN >>> > smtp: 0x122aab01000: >>> 250-AUTH PLAIN LOGIN >>> > smtp: 0x122aab01000: >>> 250 HELP >>> > smtp: 0x122aab01000: <<< AUTH PLAIN >>> > AGxvbmdlbWFpbGFiY2RlQGFiY2RlZi5naGlqa2xtbm9wAHRlc3RwYXNz >>> > smtp: 0x122aab01000: STATE_HELO -> STATE_AUTH_INIT >>> > smtp: 0x122aab01000: >>> 501 5.5.2 Syntax error: Syntax error >>> > smtp-in: Failed command on session fd98324226959da6: "AUTH [...]" => >>> > 501 5.5.2 Syntax error: Syntax error >>> > smtp: 0x122aab01000: STATE_AUTH_INIT -> STATE_HELO >>> > smtp-in: Received disconnect from session fd98324226959da6 >>> > debug: smtp: 0x122aab01000: deleting session: disconnected >>> > >>> > >>> > dmesg attached. >>> > >>> > smtpd.conf: >>> > # $OpenBSD: smtpd.conf,v 1.6 2013/01/26 09:38:25 gilles Exp $ >>> > >>> > # This is the smtpd server system-wide configuration file. >>> > # See smtpd.conf(5) for more information. >>> > >>> > # To accept external mail, replace with: listen on all >>> > # >>> > pki test.verlet.org certificate "/etc/ssl/localhost.pem" >>> > pki test.verlet.org key "/etc/ssl/private/localhost.key" >>> > listen on lo0 >>> > listen on egress tls pki test.verlet.org auth >>> > >>> > table aliases db:/etc/mail/aliases.db >>> > >>> > # Uncomment the following to accept external mail for domain "example.org" >>> > # >>> > # accept from any for domain "example.org" alias <aliases> deliver to mbox >>> > #accept for local alias <aliases> deliver to mbox >>> > reject >>> >> >> -- >> Gilles Chehade >> >> https://www.poolp.org @poolpOrg
Re: current smtpd: auth failed when username <= 31 chars, Syntax error when username > 31
Abel Abraham Camarillo Ojeda Sun, 07 Dec 2014 17:48:38 -0800
- current smtpd: auth failed when username <... Abel Abraham Camarillo Ojeda
- Re: current smtpd: auth failed when user... Abel Abraham Camarillo Ojeda
- Re: current smtpd: auth failed when ... Gilles Chehade
- Re: current smtpd: auth failed w... Abel Abraham Camarillo Ojeda
- Re: current smtpd: auth fail... Abel Abraham Camarillo Ojeda
- Re: current smtpd: auth fail... Abel Abraham Camarillo Ojeda
- Re: current smtpd: auth... Gilles Chehade
- Re: current smtpd: ... Abel Abraham Camarillo Ojeda
- Re: current smt... Gilles Chehade