Re: Request for help with SMTP Authentication

Viktor Dukhovni Wed, 11 Dec 2013 02:04:35 -0800

On Wed, Dec 11, 2013 at 08:42:29PM +1100, Mark Jamsek wrote:

> >>And, the glaringly obvious absence of SMTP auth mechanisms:
> >>
> >>220 mail.bsdbox.co ESMTP Postfix
> >>ehlo bsdbox.co
> >>250-mail.bsdbox.co
> >>250-STARTTLS
> >
> >Only when not using TLS.
> 
> I'm not sure I understand what you mean here. I am using TLS, and
> there is no SMTP authentication.


You're not "using" TLS in the above session.  The server supports
TLS, but "telnet host 25" does not *use* TLS.  To really use TLS
you need a client program that supports TLS.  I use "posttls-finger"
(because I wrote it to suit my needs).  You could make some progress
with "openssl s_client -starttls smtp -connect somehost:25", though
the latter shows less SMTP oriented output, you don't have to
compile it from source.

    $ posttls-finger "[mail.bsdbox.co]"
    posttls-finger: Connected to mail.bsdbox.co[110.146.148.136]:25
    posttls-finger: < 220 mail.bsdbox.co ESMTP Postfix
    posttls-finger: > EHLO amnesiac.example
    posttls-finger: < 250-mail.bsdbox.co
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-SIZE 10240000
    posttls-finger: < 250-VRFY
    posttls-finger: < 250-ETRN
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 DSN
    posttls-finger: > STARTTLS
    posttls-finger: < 220 2.0.0 Ready to start TLS
    posttls-finger: mail.bsdbox.co[110.146.148.136]:25 Matched CommonName 
mail.bsdbox.co
    posttls-finger: certificate verification failed for 
mail.bsdbox.co[110.146.148.136]:25: self-signed certificate
    posttls-finger: mail.bsdbox.co[110.146.148.136]:25: 
subject_CN=mail.bsdbox.co, issuer_CN=mail.bsdbox.co, 
fingerprint=26:79:C0:78:CE:0E:DE:7C:83:6C:32:D4:4F:02:EF:72:51:2B:08:7A, 
pkey_fingerprint=80:B8:24:5B:EF:E4:B9:44:E9:EC:A6:40:0C:6A:6C:D7:9C:5E:B0:6F
    posttls-finger: Untrusted TLS connection established to 
mail.bsdbox.co[110.146.148.136]:25: TLSv1 with cipher DHE-RSA-AES256-SHA 
(256/256 bits)
    posttls-finger: > EHLO amnesiac.example
    posttls-finger: < 250-mail.bsdbox.co
    posttls-finger: < 250-PIPELINING
    posttls-finger: < 250-SIZE 10240000
    posttls-finger: < 250-VRFY
    posttls-finger: < 250-ETRN
    posttls-finger: < 250-AUTH PLAIN LOGIN
    posttls-finger: < 250-AUTH=PLAIN LOGIN
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 DSN
    posttls-finger: > QUIT
    posttls-finger: < 221 2.0.0 Bye

It sure offers AUTH (PLAIN and LOGIN) to clients that use TLS.

On Wed, Dec 11, 2013 at 08:58:10PM +1100, Mark Jamsek wrote:

> Wait. I think I understand what you're saying: my ISP perhaps blocks
> my connections, so I need to use them as my $relayhost? Is it
> possible to work around this somehow? I would rather not relay my
> mail through my ISP.

Now you're beginning to see the light.  No you can't bypass the
ISP filter.  Either they are willing to turn the filter off for
you, or you need to relay through their submission service.

    http://www.postfix.org/SOHO_README.html
    http://www.postfix.org/SASL_README.html
    http://www.postfix.org/OVERVIEW.html
    http://www.postfix.org/BASIC_CONFIGURATION_README.html
    http://www.postfix.org/DEBUG_README.html
    http://www.postfix.org/QSHAPE_README.html

-- 
        Viktor.

Re: Request for help with SMTP Authentication

Reply via email to