dma
dma copied to clipboard
corecode
AUTHPATH nor PORT taken into account - refuses to talk on submissions
I setup dma v0.13 on slackware linux 15.0 with those settings in view to do SASL on submissions (465/tcp).
MAILNAME (HOST).localdomain
SECURETRANSFER
AUTHPATH /etc/dma/auth.conf
PORT 465
I also tried adding SMARTHOST anyhow (as manual says PORT goes with it). And in auth.conf the following.
user@domain|SERVER:clear-text-password
That's correct setup right? However I see in the logs that DMA is still trying to reach the MSA on port 25/tcp instead of 465/tcp.
what is your goal?
If you want to use a smarthost, you have to set the SMARTHOST config. dma will then log "using smarthost".
On 31/05/2022 16:30, Pierre-Philipp Braun wrote:
I setup dma v0.13 on slackware linux 15.0 with those settings in view to do SASL on submissions (465/tcp).
|MAILNAME (HOST).localdomain SECURETRANSFER AUTHPATH /etc/dma/auth.conf PORT 465 |
I also tried adding SMARTHOST anyhow (as manual says PORT goes with it). And in auth.conf the following.
@.***|SERVER:clear-text-password |
That's correct setup right? However I see in the logs that DMA is still trying to reach the MSA on port 25/tcp instead of 465/tcp.
— Reply to this email directly, view it on GitHub https://github.com/corecode/dma/issues/109, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABLOO6GMSR4VWSHDKRUG4TVMYPB7ANCNFSM5XNZA2WQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>
My goal is to use a remote MSA on port 465/tcp with implicit SSL (not STARTTLS) by means of SASL.
In the SMTP realm, MSA stands for Mail Submission Agent. Some time in the past, IANA tried to make SMTP happen on port 465/tcp between MTAs and MXen. This was referenced as smtps in /etc/services. This attempt got eventually canceled and replaced by opportunistic STARTTLS on 25/tcp and that 465/tcp port became the new deal for secure submissions, same as 587/tcp but with implicit SSL from the start.
RFC6409 -- submission 587/tcp/udp RFC8314 -- submissions 465/tcp (was smtps)
Yes, I am trying to do SSL, not STARTTLS.
So, is it possible to send emails on the submissions/smtps/465 port with implicit SSL using dma?
$ grep submission /etc/services
submissions 465/tcp ssmtp smtps urd # Submission over TLS [RFC8314]
submission 587/tcp # Submission [RFC4409]
I think you just need to set SECURETRANSFER, do not set STARTTLS, and set PORT 465.
Maybe it's just me being incompetent here, but I haven't been able to send emails from dma with my Postfix server that only accepts port 465 for submissions :/
You mean my dma configuration or postfix one?
Here's dma.conf:
SMARTHOST smtp.pappacoda.it
PORT 465
SECURETRANSFER
MAILNAME /etc/mailname
NULLCLIENT
And here are the Postfix logs:
postfix/smtps/smtpd: connect from myhost.pappacoda.it[128.116..]
postfix/smtps/smtpd: NOQUEUE: reject: RCPT from myhost.pappacoda.it[128.116..]: 554 5.7.1 <myhost.pappacoda.it[128.116..]>: Client host rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<myhost>
postfix/smtps/smtpd: lost connection after RCPT from myhost.pappacoda.it[128.116..]
postfix/smtps/smtpd: disconnect from myhost.pappacoda.it[128.116..] ehlo=1 mail=1 rcpt=0/1 commands=2/3
And here's the command I used:
echo this is a test message | /usr/sbin/dma -D -f '[email protected]' '[email protected]'
I've tried using nullmailer and it seems to work, so maybe my Postfix setup is unsupported by dma?
looks like your postfix is rejecting the mail. you might have to adjust your permissions on the postfix side or configure dma so that its submission meets those permissions. I don't know why postfix rejects the client host.
On 27/07/2022 18:49, Andrea Pappacoda wrote:
You mean my dma configuration or postfix one?
Here's dma.conf:
|SMARTHOST smtp.pappacoda.it PORT 465 SECURETRANSFER MAILNAME /etc/mailname NULLCLIENT |
And here are the Postfix logs:
|postfix/smtps/smtpd: connect from myhost.pappacoda.it[128.116..] postfix/smtps/smtpd: NOQUEUE: reject: RCPT from myhost.pappacoda.it[128.116..]: 554 5.7.1 <myhost.pappacoda.it[128.116..]>: Client host rejected: Access denied; @.> @.> proto=ESMTP helo=
postfix/smtps/smtpd: lost connection after RCPT from myhost.pappacoda.it[128.116..] postfix/smtps/smtpd: disconnect from myhost.pappacoda.it[128.116..] ehlo=1 mail=1 rcpt=0/1 commands=2/3 | I've tried using nullmailer and it seems to work, so maybe my Postfix setup is unsupported by dma?
— Reply to this email directly, view it on GitHub https://github.com/corecode/dma/issues/109#issuecomment-1197495683, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABLOO5RPSPGVOIDQBKN2OLVWHDH5ANCNFSM5XNZA2WQ. You are receiving this because you commented.Message ID: @.***>
@Tachi107 you can try add that 128.116.. IP to mynetworks but as I remember, for me the issue was that DMA wasn't able to talk implicit SSL.
what do you mean by implicit SSL? SSL port instead of starttls?
On November 14, 2023 1:09:10 AM CST, Pierre-Philipp Braun @.***> wrote:
@Tachi107 you can try add that
128.116..IP tomynetworksbut as I remember, for me the issue was that DMA wasn't able to talk implicit SSL.-- Reply to this email directly or view it on GitHub: https://github.com/corecode/dma/issues/109#issuecomment-1809652036 You are receiving this because you commented.
Message ID: @.***> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
He probably means using the "submissions" port (aka port 465), which requires establishing a TLS connection between client and sever before talking SMTP (hence without STARTTLS). I have personally stopped using dma because of this issue, but I'd be really happy to try it again if this gets fixed (either by pointing out what we are doing wrong or by implementing the missing pieces in dma)