I'm trying to authenticate myself against GMail SMTP Server by using the LOGIN authentication mechanism. AUTH LOGIN is advertised as supported in the response to the EHLO command, but when I'm trying to send AUTH LOGIN to the server, I'm getting "504 5.7.4 Unrecognized Authentication Type" response. Here is the dialog between the server and the client:
S: 220 mx.google.com ESMTP d9sm13589149wiy.2
C: EHLO client
S: 250-mx.google.com at your service, [x.x.x.x]
S: 250-SIZE 35882577
S: 250-8BITMIME
S: 250-AUTH LOGIN PLAIN XOAUTH
s: 250 ENHANCEDSTATUSCODES
C: AUTH LOGIN
S: 504 5.7.4 Unrecognized Authentication Type d9sm13589149wiy.2
Am I doing something wrong here?
Use STARTTLS first, negociate a security exchange SSL or TLS, then recall EHLO and then you can , i guess, use the PLAIN and LOGIN machanisms
What I've found out is that once I'm using "AUTH LOGIN base64username", which is not really how LOGIN should be working, it actually seems to work:
S: 220 mx.google.com ESMTP n3sm42168657wiz.9
C: EHLO client
S: 250-mx.google.com at your service, [x.x.x.x]
S: 250-SIZE 35882577
S: 250-8BITMIME
S: 250-AUTH LOGIN PLAIN XOAUTH
S: 250 ENHANCEDSTATUSCODES
C: AUTH LOGIN base64username
S: 334 UGFzc3dvcmQ6
C: base64password
S: 235 2.7.0 Accepted
Related
I'm trying to config openshift with my internal ldaps server as an IDP.
But the thing is my internal ldaps is self-signed without any root ca signed.
In master-config.yaml, I tried to config the self-signed certificate as ca attribute, but it always complain:
login.go:162] Error authenticating "xifeng" with provider "customer_own_ldap": LDAP Result Code 200 "": x509: certificate signed by unknown authority.
I understand the ca attribute in master-config.yaml might expect a ca-bundle certificate. but my case here its a self-signed cert.
Please advise how I can solve this issue ?
curl -cacert works fine, find below:
curl -v --cacert xf_ldaps_ca.crt ldaps://bogon:1636
About to connect() to bogon port 1636 (#0)
Trying 172.16.50.169...
Connected to bogon (172.16.50.169) port 1636 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: xf_ldaps_ca.crt
CApath: none
NSS: client certificate not found (nickname not specified)
SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Server certificate:
subject: CN=bogon,O=OpenDJ RSA Self-Signed Certificate
start date: Dec 23 12:11:19 2016 GMT
expire date: Dec 18 12:11:19 2036 GMT
common name: bogon
issuer: CN=bogon,O=OpenDJ RSA Self-Signed Certificate
LDAP local: ldaps://bogon:1636/
DN:
objectClass: top
objectClass: ds-root-dse
Connection #0 to host bogon left intact
openssl x509 -in xf_ldaps_ca.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1440710020 (0x55df7d84)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=OpenDJ RSA Self-Signed Certificate, CN=bogon
Validity
Not Before: Dec 23 12:11:19 2016 GMT
Not After : Dec 18 12:11:19 2036 GMT
Subject: O=OpenDJ RSA Self-Signed Certificate, CN=bogon
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9e:a4:46:41:d2:9d:32:ae:e3:60:f9:13:ac:40:
--------------
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
8c:c4:34:2b:af:dd:ec:bc:f0:68:6a:95:53:02:74:d9:9f:5e:
----------------
E1223 20:58:37.810976 12227 login.go:162] Error authenticating "xftest" with provider "xf_ldaps_test": LDAP Result Code 200 "": x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "bogon")
I am trying to change my sendmail configuration to deliver all "user unknown" emails to a specific account (baduser).
I added the DL definition to sendmail.mc and generated test.cf.
Then I tested this new config using:
echo who | sendmail -v -Ctest.cf noone
and the email was correctly delivered to the defined account.
I then renamed test.cf to sendmail.cf (in /etc/mail) and retested with:
echo what | sendmail -Csendmail.cf noone
and again the email was delivered to the baduser account.
Happy with this, I then restarted sendmail (via systemctl) and sent yet another email to an invalid account.
Instead of the email being delivered to baduser, I received a 550 5.1.1 user unknown reject email.
What have I missed here.
(Fedora 22 & sendmail 8.14.7/8.13.3)
Here are the log entries for a reject.
Nov 27 09:59:19 server sendmail[46243]: tAQNTJQH046243: from=scldad, size=4, class=0, nrcpts=1, msgid=<201511262329.tAQNTJQH046243#server.benparts.com.au>, relay=scldad#localhost
Nov 27 09:59:19 server sendmail[46243]: tAQNTJQH046243: to=noone, ctladdr=scldad (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30004, relay=[127.0.0.1] [127.0.0.1], dsn=5.1.1, stat=User unknown
-v -i log:
No domain:
[scldad#server ~]$ (echo subject: test; echo) | /usr/sbin/sendmail -v -i noone
noone... Connecting to [127.0.0.1] via relay...
220 server.benparts.com.au ESMTP Sendmail 8.14.7/8.13.3; Sat, 28 Nov 2015 13:29:02 +1030
>>> EHLO server.benparts.com.au
250-server.benparts.com.au Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<scldad#server.benparts.com.au> SIZE=15
250 2.1.0 <scldad#server.benparts.com.au>... Sender ok
>>> RCPT To:<noone#server.benparts.com.au>
>>> DATA
550 5.1.1 <noone#server.benparts.com.au>... User unknown
503 5.0.0 Need RCPT (recipient)
>>> RSET
250 2.0.0 Reset state
/home/scldad/dead.letter... Saved message in /home/scldad/dead.letter
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 server.benparts.com.au closing connection
With domain:
[scldad#server ~]$ (echo subject: test; echo) | /usr/sbin/sendmail -v -i noone#benparts.com.au
noone#benparts.com.au... Connecting to [127.0.0.1] via relay...
220 server.benparts.com.au ESMTP Sendmail 8.14.7/8.13.3; Sat, 28 Nov 2015 13:27:38 +1030
>>> EHLO server.benparts.com.au
250-server.benparts.com.au Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<scldad#server.benparts.com.au> SIZE=15
250 2.1.0 <scldad#server.benparts.com.au>... Sender ok
>>> RCPT To:<noone#benparts.com.au>
>>> DATA
550 5.1.1 <noone#benparts.com.au>... User unknown
503 5.0.0 Need RCPT (recipient)
>>> RSET
250 2.0.0 Reset state
/home/scldad/dead.letter... Saved message in /home/scldad/dead.letter
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 server.benparts.com.au closing connection
As root:
[root#server ~]# (echo subject: test; echo) | /usr/sbin/sendmail -v -i noone
noone... Connecting to [127.0.0.1] via relay...
220 server.benparts.com.au ESMTP Sendmail 8.14.7/8.13.3; Sat, 28 Nov 2015 13:30:00 +1030
>>> EHLO server.benparts.com.au
250-server.benparts.com.au Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<scldad#server.benparts.com.au> SIZE=15
250 2.1.0 <scldad#server.benparts.com.au>... Sender ok
>>> RCPT To:<noone#server.benparts.com.au>
>>> DATA
550 5.1.1 <noone#server.benparts.com.au>... User unknown
503 5.0.0 Need RCPT (recipient)
>>> RSET
250 2.0.0 Reset state
>>> RSET
250 2.0.0 Reset state
scldad... Using cached ESMTP connection to [127.0.0.1] via relay...
>>> MAIL From:<> SIZE=1039
250 2.1.0 <>... Sender ok
>>> RCPT To:<scldad#server.benparts.com.au>
>>> DATA
250 2.1.5 <scldad#server.benparts.com.au>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
050 <scldad#server.benparts.com.au>... Connecting to local...
050 <scldad#server.benparts.com.au>... Sent
250 2.0.0 tAS300jh034101 Message accepted for delivery
scldad... Sent (tAS300jh034101 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 server.benparts.com.au closing connection
i have php mailer where i have contact form in my webpage. There if someone fill the details like Name, Contact, Email, message etc and click on Send button, the below error throwing in screen, but i could able to receive mails but this error message comes every time sending message.
SMTP -> FROM SERVER:220-astro.websitewelcome.com ESMTP Exim 4.85 #2
Thu, 30 Jul 2015 02:14:10 -0500 220-We do not authorize the use of
this system to transport unsolicited, 220 and/or bulk e-mail. CLIENT
-> SMTP: EHLO dpaxis.com SMTP -> FROM SERVER: 250-astro.websitewelcome.com Hello dpaxis.com [192.185.13.234]
250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN
250-STARTTLS 250 HELP CLIENT -> SMTP: AUTH LOGIN CLIENT -> SMTP:
aW5mb0BkcGF4aXMuY29t CLIENT -> SMTP: RGViYUA5ODE1UGVndQ== CLIENT ->
SMTP: MAIL FROM: SMTP -> FROM SERVER:250 OK CLIENT -> SMTP: RCPT TO:
SMTP -> FROM SERVER:250 Accepted CLIENT -> SMTP: DATA SMTP -> FROM
SERVER:354 Enter message, ending with "." on a line by itself CLIENT
-> SMTP: Date: Thu, 30 Jul 2015 02:14:10 -0500 CLIENT -> SMTP: Return-Path: CLIENT -> SMTP: To: dpaxis CLIENT -> SMTP: From: Test
Name CLIENT -> SMTP: Reply-To: Test Name CLIENT -> SMTP: Subject: TEST
CLIENT -> SMTP: Message-ID:
<7d74be28b53bdecd9f9eb5c06e9cd7ea#dpaxis.com> CLIENT -> SMTP:
X-Priority: 3 CLIENT -> SMTP: X-Mailer: PHPMailer 5.2.6
(https://github.com/PHPMailer/PHPMailer/) CLIENT -> SMTP:
MIME-Version: 1.0 CLIENT -> SMTP: Content-Type: multipart/alternative;
CLIENT -> SMTP: boundary="b1_7d74be28b53bdecd9f9eb5c06e9cd7ea" CLIENT
-> SMTP: Content-Transfer-Encoding: 8bit CLIENT -> SMTP: CLIENT -> SMTP: --b1_7d74be28b53bdecd9f9eb5c06e9cd7ea CLIENT -> SMTP:
Content-Type: text/plain; charset=iso-8859-1 CLIENT -> SMTP:
Content-Transfer-Encoding: 8bit CLIENT -> SMTP: CLIENT -> SMTP: Name:
Test Name Email: test#gmail.com Phone: 787848788748 Service: PHP /
MySQL Message: TEST This Form was submitted from:
http://dpaxis.com/dpaxisuc/coming-soon.html CLIENT -> SMTP: CLIENT ->
SMTP: CLIENT -> SMTP: --b1_7d74be28b53bdecd9f9eb5c06e9cd7ea CLIENT ->
SMTP: Content-Type: text/html; charset=iso-8859-1 CLIENT -> SMTP:
Content-Transfer-Encoding: 8bit CLIENT -> SMTP: CLIENT -> SMTP: Name:
Test Name
This is not an error message, it's just debug output. Disable it by setting $mail->SMTPDebug = 0;.
PHPMailer 5.2.6 is very old and buggy. Get the latest version and base your code on one of the examples you'll find on there too.
Also, please learn how to format your question so that it's actually readable.
I am trying to start tls in sendmail, but I do not know how to use certificate. Please suggest me way
> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 <machinename> ESMTP Sendmail <version>; <date>;localhost(OK)-localhost [127.0.0.1]
EHLO localhost
250-<mahinename> Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS
When and How should I use/provide the certificate?
You can't, because as soon as you start using TLS, the conversation becomes encrypted, and you probably don't speak that language ;)
Here is what you can do instead:
openssl s_client -debug -starttls smtp -crlf -connect localhost:25
OpenSSL will do the STARTTLS handshake for you and you will be able to pick up the conversation from there (decrypted automatically on the fly).
I've been trying to use openssl to establish a connection with smtp.gmail.com port 587 or 465 with:
openssl s_client -host smtp.gmail.com -port 587 -starttls smtp
and the authentication, mail from, rcpt to, and data were all successful. but my problem is, after i write . in a new line, no 250 OK response from the server.
here is the process:
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
(certification)
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1910 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 28E597C0025A93C82AD4A7C517F699B37D106D760597467B522C1041F1BC17C8
Session-ID-ctx:
Master-Key: 1CC83A8A4B7864DF9BBD9E9742B4E5A5937941EB2A28B88A1D4214920B77AC976D3ADC2DA7B60CF8BD6BC2B0712A42A2
Key-Arg : None
Start Time: 1296911515
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
250 ENHANCEDSTATUSCODES
ehlo
250-mx.google.com at your service, [121.94.150.147]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH
250 ENHANCEDSTATUSCODES
auth login
334 VXNlcm5hbWU6
<my email>
334 UGFzc3dvcmQ6
<my password>
235 2.7.0 Accepted
mail from:<email>
250 2.1.0 OK t14sm1471936icd.10
rcpt to:<email>
250 2.1.5 OK t14sm1471936icd.10
data
from: someone <email>
354 Go ahead t14sm1471936icd.10
to : someone <email>
subject: test
test
test2
.
451 4.4.2 Timeout - closing connection. t14sm1471936icd.10
read:errno=0
I am using cygwin in win7 32.
I've been searching for all of the possible keywords on google but no solution comes out.
PLEASE HELP!
Maybe add the '-crlf' option to the comand line :
openssl s_client -host smtp.gmail.com -port 587 -starttls smtp -crlf