Hello,
I'm trying to allow our SMTP server to let Google deliver mails through it.
Google demands buth TLS and AUTH to be set up, before it can use the server.
I commented out the "auth/auth_flat_file" line in config/plugins and placed the
following line just below it:
tls /var/service/qpsmtpd/config/ssl/qpsmtpd-server.crt
/var/service/qpsmtpd/config/ssl/qpsmtpd-server.key
/var/service/qpsmtpd/config/ssl/qpsmtpd-ca.crt
Then i ran plugins/tls_cert with a few options (so the certificate carries our
company name).
But I keep getting a "wrong password" error.
Here is a snippet from my logfile:
@400000004b7ac0e600a2ecfc 44729 250-denene.dvconsulting.dk Hi
mail-wy0-f177.google.com [74.125.82.177]
@400000004b7ac0e600a42964 44729 250-PIPELINING
@400000004b7ac0e600a5fa3c 44729 250-8BITMIME
@400000004b7ac0e600a7a7ec 44729 250 AUTH CRAM-MD5
@400000004b7ac0e603bc2764 44729 dispatching AUTH CRAM-MD5
@400000004b7ac0e603c20f1c 44729 334
PDg3ZTc4LjRiN2FjMGRjQGRlbmVuZS5kdmNvbnN1bHRpbmcuZGs+
@400000004b7ac0e606cba59c 44729 running plugin (auth-cram-md5):
auth::auth_flat_file
@400000004b7ac0e606cd9d84 44729 auth::auth_flat_file plugin: Authentication
for: <secretu...@secretdomain.invalid>
@400000004b7ac0e606cfeb5c 44729 trying to get config for flat_auth_pw
@400000004b7ac0e606d51b7c 44729 auth::auth_flat_file plugin: passClear NOT
defined
@400000004b7ac0e606d80594 44729 auth::auth_flat_file plugin: passHash defined:
5a8cf0b98d4e09d155f6cd64f5b708fb - <87e78.4b7ac...@denene.dvconsulting.dk> -
7a66033f5c7208945ad2c36b9e92100c
@400000004b7ac0e606db265c 44729 Plugin auth::auth_flat_file, hook auth-cram-md5
returned DENY, authflat/cram-md5 - wrong password
@400000004b7ac0e606de04bc 44729 535 Authentication failed for
m...@dvconsulting.dk - authflat/cram-md5 - wrong password
@400000004b7ac0e606e196cc 44729 Authentication failed for m...@dvconsulting.dk
- authflat/cram-md5 - wrong password
@400000004b7ac0e60afddd9c 44729 dispatching QUIT
@400000004b7ac0e60b00854c 44729 running plugin (quit): quit_fortune
@400000004b7ac0e60b03d10c 44729 Plugin quit_fortune, hook quit returned
DECLINED,
@400000004b7ac0e60b0678bc 44729 221 denene.dvconsulting.dk closing connection.
Have a wonderful day.
@400000004b7ac0e60b09f35c 44729 click, disconnecting
@400000004b7ac0e60b0bfecc 44729 running plugin (disconnect): rhsbl
@400000004b7ac0e60b0e0e24 44729 Plugin rhsbl, hook disconnect returned
DECLINED,
@400000004b7ac0e60b0f61fc 44729 running plugin (disconnect): dnsbl
@400000004b7ac0e60b130f64 44729 Plugin dnsbl, hook disconnect returned
DECLINED,
@400000004b7ac0e60b16091c 44729 running plugin (post-connection): tls
@400000004b7ac0e60b1d0a14 44729 Plugin tls, hook post-connection returned
DECLINED,
@400000004b7ac0e60b563ab4 tcpserver: end 44729 status 0
@400000004b7ac0e60b5705d4 tcpserver: status: 0/10
(I replaced my username with <secretu...@secretdomain.invalid>)
I've made some small changes to auth_file_flat to make it display the
additional info in the middle, here's the code:
if ( defined $passClear ) {
$self->log(LOGINFO, "passClear defined: $passClear");
} else {
$self->log(LOGINFO, "passClear NOT defined");
}
if ( defined $passHash ) {
$self->log(LOGINFO, "passHash defined: $passHash - $ticket - " .
hmac_md5_hex($ticket, $auth_pass));
} else {
$self->log(LOGINFO, "passHash NOT defined");
}
I guarantee that the password I enter in config/flat_auth_pw and on Googles
webpage are identical, but as you can see $passHash and hmac_md5_hex($ticket,
$auth_pass) are not the same.
Has it something to do with using both TLS and auth_flat_file?
Best regards,
Rasmus Skaarup
