Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Jul 2015 21:24:05 +0200
From:      Pietro Cerutti <gahr@FreeBSD.org>
To:        "Herbert J. Skuhra" <herbert@oslo.ath.cx>
Cc:        freebsd-ports@FreeBSD.org
Subject:   Re: opensmtpd-5.7.1 - cannot authenticate
Message-ID:  <20150728192405.GQ45849@ptrcrt.ch>
In-Reply-To: <20150728132433.GB45930@oslo.ath.cx>
References:  <20150727184747.GK45849@ptrcrt.ch> <20150728132433.GB45930@oslo.ath.cx>

next in thread | previous in thread | raw e-mail | index | archive | help

--DiL7RhKs8rK9YGuF
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2015-Jul-28, 15:24, Herbert J. Skuhra wrote:
> On Mon, Jul 27, 2015 at 08:47:47PM +0200, Pietro Cerutti wrote:
> > Hi,
> >=20
> > I tried to upgrade from 5.4.6 to 5.7.1, and suddenly I am unable to
> > authenticate.  This is from the log file:
> >=20
> > Jul 27 17:05:03 mail smtpd[12146]: smtp-in: Failed command on session
> > a0516551dc7a4dc4: "AUTH PLAIN (...)" =3D> 501 5.5.2 Syntax error: Syntax
> > error
> >=20
> > Relevant config lines area
> >=20
> > pki mydomain certificate   "/usr/local/etc/mail-admin/tls/server.crt"
> > pki mydomain key           "/usr/local/etc/mail-admin/tls/server.key"
> > table credentials file:/usr/local/etc/mail-admin/db/auth-smtp.db
> > listen on 192.168.1.1 secure auth-optional <credentials> pki mydomain
>=20
> What's the output of 'file /usr/local/etc/mail-admin/db/auth-smtp.db'?
> Maybe you need db: not file:?

it's an ASCII file, as it was with 5.4.6. As I said, no config
(including backend table files) has changed.

> > I am able to switch from the 5.4.6 to the 5.7.1 binary and reproduce
> > that I can send mail with the former and cannot with the latter. No
> > config has changed.
>=20
> Have you tried to run 'smtpd -dv' or 'smtpd -dv -T all'?

Here's the output from smtpd -dv -T all.

Thank you!

smtp: 0x802523000: >>> 220 mail.example.com ESMTP OpenSMTPD
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ib=3D=
0 ob=3D0>
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ib=
=3D16 ob=3D0>
smtp: 0x802523000: <<< EHLO example.com
filter: new query QK_QUERY QUERY_HELO
filter: filter_drain_query 1746ec4c96a16e71[QK_QUERY,QUERY_HELO=3Dexample.c=
om,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: filter_end_query 1746ec4c96a16e71[QK_QUERY,QUERY_HELO=3Dexample.com=
,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: query 1746ec4c96a16e71 done: status=3DFILTER_OK code=3D0 response=
=3D"(null)"
smtp: 0x802523000: STATE_CONNECTED -> STATE_HELO
smtp: 0x802523000: >>> 250-mail.example.com Hello example.com [192.168.1.1]=
, pleased to meet you
smtp: 0x802523000: >>> 250-8BITMIME
smtp: 0x802523000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802523000: >>> 250-SIZE 36700160
smtp: 0x802523000: >>> 250-DSN
smtp: 0x802523000: >>> 250-STARTTLS
smtp: 0x802523000: >>> 250 HELP
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ib=3D=
0 ob=3D0>
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ib=
=3D10 ob=3D0>
smtp: 0x802523000: <<< STARTTLS
smtp: 0x802523000: >>> 220 2.0.0: Ready to start TLS
smtp: 0x802523000: STATE_HELO -> STATE_TLS
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ib=3D=
0 ob=3D0>
mproc: pony -> lka : 272 IMSG_SMTP_TLS_INIT
imsg: lka <- pony: IMSG_SMTP_TLS_INIT (len=3D272)
debug: lka: looking up pki "example.com"
mproc: lka -> pony : 2176 IMSG_SMTP_TLS_INIT
imsg: pony <- lka: IMSG_SMTP_TLS_INIT (len=3D2176)
debug: session_start_ssl: switching to SSL
debug: pony: rsae_priv_enc
mproc: pony -> ca: allocating 128
mproc: pony -> ca: realloc 128 -> 256
mproc: pony -> ca : 130 IMSG_CA_PRIVENC (flush)
imsg: ca <- pony: IMSG_CA_PRIVENC (len=3D130)
mproc: ca -> pony: allocating 128
mproc: ca -> pony: realloc 128 -> 1024
mproc: ca -> pony : 535 IMSG_CA_PRIVENC
imsg: pony <- ca: IMSG_CA_PRIVENC (len=3D535)
smtp: 0x802523000: IO_TLSREADY <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ss=
l=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp-in: session 1746ec49080e52e3: TLS started version=3DTLSv1/SSLv3 (TLSv1=
=2E2), cipher=3DECDHE-RSA-AES256-GCM-SHA384, bits=3D256
mproc: pony -> control : 43 IMSG_STAT_INCREMENT
smtp: 0x802523000: STATE_TLS -> STATE_HELO
ramstat: increment: smtp.tls
ramstat: smtp.tls (0x802418101): 0 -> 1
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D16 ob=3D0>
smtp: 0x802523000: <<< EHLO example.com
filter: new query QK_QUERY QUERY_HELO
filter: filter_drain_query 1746ec4d6ecf7513[QK_QUERY,QUERY_HELO=3Dexample.c=
om,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: filter_end_query 1746ec4d6ecf7513[QK_QUERY,QUERY_HELO=3Dexample.com=
,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: query 1746ec4d6ecf7513 done: status=3DFILTER_OK code=3D0 response=
=3D"(null)"
smtp: 0x802523000: STATE_HELO -> STATE_HELO
smtp: 0x802523000: >>> 250-mail.example.com Hello example.com [192.168.1.1]=
, pleased to meet you
smtp: 0x802523000: >>> 250-8BITMIME
smtp: 0x802523000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802523000: >>> 250-SIZE 36700160
smtp: 0x802523000: >>> 250-DSN
smtp: 0x802523000: >>> 250-AUTH PLAIN LOGIN
smtp: 0x802523000: >>> 250 HELP
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D65 ob=3D0>
smtp: 0x802523000: <<< AUTH PLAIN Z2FockBnYWhyLmNoAGdhaHJAZ2Foci5jaABQNkNyd=
DcsZ2Focg=3D=3D
smtp: 0x802523000: STATE_HELO -> STATE_AUTH_INIT
smtp: 0x802523000: >>> 501 5.5.2 Syntax error: Syntax error
smtp-in: Failed command on session 1746ec49080e52e3: "AUTH PLAIN (...)" =3D=
> 501 5.5.2 Syntax error: Syntax error
smtp: 0x802523000: STATE_AUTH_INIT -> STATE_HELO
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp: 0x802523000: IO_DISCONNECTED <io:0x802523048 fd=3D4 to=3D300000 fl=3D=
R ssl=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp-in: session 1746ec49080e52e3: connection from host 192.168.1.1 [192.16=
8.1.1] closed (client disconnected)
debug: smtp: 0x802523000: deleting session: disconnected
filter: new query QK_EVENT EVENT_DISCONNECT
filter: filter_drain_query 1746ec4e1b373188[QK_EVENT,EVENT_DISCONNECT,filte=
r_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: filter_end_query 1746ec4e1b373188[QK_EVENT,EVENT_DISCONNECT,filter_=
session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
mproc: pony -> control : 43 IMSG_STAT_DECREMENT
mproc: pony -> control : 47 IMSG_STAT_DECREMENT
ramstat: decrement: smtp.tls
ramstat: smtp.tls (0x802418101): 1 -> 0
ramstat: decrement: smtp.session
ramstat: smtp.session (0x802418101): 1 -> 0

--=20
Pietro Cerutti
The FreeBSD Project
gahr@FreeBSD.org

PGP Public Key:
http://gahr.ch/pgp

--DiL7RhKs8rK9YGuF
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJVt9bVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQTZERTEwNkE1Qjg1NEI4NUREODZENDlB
REQwRDM4RUExOTIwODlFAAoJEK3Q046hkgieewUP/2TQg7XTpfGU/6Px0TC2lQJe
mrmJhhBhCA2yxGV2OnBMy0YaOHAwyKVK+TsuWUEqSbMrFpEGLhRcnPwZFeOA6OxT
4kA/O1YrjFP3p0N0YUfwUcv1Bvh2t8Er9/7rBCuXA1xnV/TvioDoMwtQmR39Y9j9
xyj+cW+4LpZ1e8+ouGijtFh470YWyH6yJ5Fi4c/FE2Lgjcbl6rr01/eYekiLYg1A
pBkxlyQgwL4DB9JF6Q2KTyS2v/c3eB6Fs+tvvTjCR76I32juevk11fjHDsRXtyGc
HLIWw2/sPkuQ/ivKvnwC6dWDX7GH+ZIYan3toL93oykfrKLK5whxV8Bp6GegCeNi
ERGN0d7Z3tqBOOpGPdjPMYNdTs4yWBcn3JPuoXTS+MDEEFLHxxrI8veXnCgZr1zh
WSEHLEiMv8eg7Z0d8hpVS6kG4Z06KN0wXZtHYAIsSyLw3B3C77U51rs9kuvw36NZ
xZTUmS04XzPf79aYcd7Q5eCjvO2IJyCYxayC2RnYq1VbJSdHHVSkrMwOPtAiQ3GA
hRi6O+qlaTZrnR+l7r85fKJCF0QCs1EWGX9v1uDN9KLuOQrlATLOkSI6nL8Tfgj/
nubaNktqKLd7mZyO8AUgreTxS8CijVrpHx0qlzRpOZT995FxQpQPHI9EKIIX4ibv
r975DuZr/GyYhWP/MLX8
=JhIr
-----END PGP SIGNATURE-----

--DiL7RhKs8rK9YGuF--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150728192405.GQ45849>