Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AUTHPATH nor PORT taken into account - refuses to talk on submissions #109

Open
pbraun9 opened this issue May 31, 2022 · 13 comments
Open

AUTHPATH nor PORT taken into account - refuses to talk on submissions #109

pbraun9 opened this issue May 31, 2022 · 13 comments

Comments

@pbraun9
Copy link

pbraun9 commented May 31, 2022

I setup dma v0.13 on slackware linux 15.0 with those settings in view to do SASL on submissions (465/tcp).

MAILNAME (HOST).localdomain
SECURETRANSFER
AUTHPATH /etc/dma/auth.conf
PORT 465

I also tried adding SMARTHOST anyhow (as manual says PORT goes with it). And in auth.conf the following.

user@domain|SERVER:clear-text-password

That's correct setup right? However I see in the logs that DMA is still trying to reach the MSA on port 25/tcp instead of 465/tcp.

@corecode
Copy link
Owner

corecode commented May 31, 2022 via email

@pbraun9
Copy link
Author

pbraun9 commented Jun 6, 2022

My goal is to use a remote MSA on port 465/tcp with implicit SSL (not STARTTLS) by means of SASL.

@corecode
Copy link
Owner

corecode commented Jun 6, 2022

I don't know what a MSA is. Have you set SECURETRANSFER without STARTTLS?

@pbraun9
Copy link
Author

pbraun9 commented Jun 7, 2022

In the SMTP realm, MSA stands for Mail Submission Agent. Some time in the past, IANA tried to make SMTP happen on port 465/tcp between MTAs and MXen. This was referenced as smtps in /etc/services. This attempt got eventually canceled and replaced by opportunistic STARTTLS on 25/tcp and that 465/tcp port became the new deal for secure submissions, same as 587/tcp but with implicit SSL from the start.

RFC6409 -- submission 587/tcp/udp
RFC8314 -- submissions 465/tcp (was smtps)

Yes, I am trying to do SSL, not STARTTLS.

@Tachi107
Copy link

Tachi107 commented Jul 27, 2022

So, is it possible to send emails on the submissions/smtps/465 port with implicit SSL using dma?

$ grep submission /etc/services 
submissions	465/tcp		ssmtp smtps urd # Submission over TLS [RFC8314]
submission	587/tcp				# Submission [RFC4409]

@corecode
Copy link
Owner

corecode commented Jul 27, 2022

I think you just need to set SECURETRANSFER, do not set STARTTLS, and set PORT 465.

@Tachi107
Copy link

Maybe it's just me being incompetent here, but I haven't been able to send emails from dma with my Postfix server that only accepts port 465 for submissions :/

@corecode
Copy link
Owner

what's your configuration?

@Tachi107
Copy link

Tachi107 commented Jul 27, 2022

You mean my dma configuration or postfix one?

Here's dma.conf:

SMARTHOST smtp.pappacoda.it
PORT 465
SECURETRANSFER
MAILNAME /etc/mailname
NULLCLIENT

And here are the Postfix logs:

postfix/smtps/smtpd: connect from myhost.pappacoda.it[128.116..]
postfix/smtps/smtpd: NOQUEUE: reject: RCPT from myhost.pappacoda.it[128.116..]: 554 5.7.1 <myhost.pappacoda.it[128.116..]>: Client host rejected: Access denied; from=<rba@pappacoda.it> to=<ads@pappacoda.it> proto=ESMTP helo=<myhost>
postfix/smtps/smtpd: lost connection after RCPT from myhost.pappacoda.it[128.116..]
postfix/smtps/smtpd: disconnect from myhost.pappacoda.it[128.116..] ehlo=1 mail=1 rcpt=0/1 commands=2/3

And here's the command I used:

echo this is a test message | /usr/sbin/dma -D -f 'rba@pappacoda.it' 'ads@pappacoda.it'

I've tried using nullmailer and it seems to work, so maybe my Postfix setup is unsupported by dma?

@corecode
Copy link
Owner

corecode commented Jul 28, 2022 via email

@pbraun9
Copy link
Author

pbraun9 commented Nov 14, 2023

@Tachi107 you can try add that 128.116.. IP to mynetworks but as I remember, for me the issue was that DMA wasn't able to talk implicit SSL.

@corecode
Copy link
Owner

corecode commented Nov 14, 2023 via email

@Tachi107
Copy link

Tachi107 commented Nov 14, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants