From owner-freebsd-ports@freebsd.org  Tue Jul 28 19:24:16 2015
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A34B9AD651
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 28 Jul 2015 19:24:16 +0000 (UTC)
 (envelope-from gahr@FreeBSD.org)
Received: from mail.ptrcrt.ch (ptrcrt.ch [37.252.124.203])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F1280FCD
 for <freebsd-ports@FreeBSD.org>; Tue, 28 Jul 2015 19:24:15 +0000 (UTC)
 (envelope-from gahr@FreeBSD.org)
Received: from ptrcrt.ch (192.168.1.1 [192.168.1.1]);
 by mail.ptrcrt.ch (OpenSMTPD) with ESMTPSA id b689ab1a;
 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; 
 Tue, 28 Jul 2015 19:24:07 +0000 (UTC)
Date: Tue, 28 Jul 2015 21:24:05 +0200
From: Pietro Cerutti <gahr@FreeBSD.org>
To: "Herbert J. Skuhra" <herbert@oslo.ath.cx>
Cc: freebsd-ports@FreeBSD.org
Subject: Re: opensmtpd-5.7.1 - cannot authenticate
Message-ID: <20150728192405.GQ45849@ptrcrt.ch>
Reply-To: gahr@FreeBSD.org
References: <20150727184747.GK45849@ptrcrt.ch>
 <20150728132433.GB45930@oslo.ath.cx>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="DiL7RhKs8rK9YGuF"
Content-Disposition: inline
In-Reply-To: <20150728132433.GB45930@oslo.ath.cx>
X-PGP-Key: fp="DA6D E106 A5B8 54B8 5DD8  6D49 ADD0 D38E A192 089E";
 id="0xA192089E";
 get=<hkp://pgp.mit.edu/pks/lookup?search=0xADD0D38EA192089E&op=get>;
 get=<https://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xADD0D38EA192089E>;
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2015 19:24:16 -0000


--DiL7RhKs8rK9YGuF
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2015-Jul-28, 15:24, Herbert J. Skuhra wrote:
> On Mon, Jul 27, 2015 at 08:47:47PM +0200, Pietro Cerutti wrote:
> > Hi,
> >=20
> > I tried to upgrade from 5.4.6 to 5.7.1, and suddenly I am unable to
> > authenticate.  This is from the log file:
> >=20
> > Jul 27 17:05:03 mail smtpd[12146]: smtp-in: Failed command on session
> > a0516551dc7a4dc4: "AUTH PLAIN (...)" =3D> 501 5.5.2 Syntax error: Syntax
> > error
> >=20
> > Relevant config lines area
> >=20
> > pki mydomain certificate   "/usr/local/etc/mail-admin/tls/server.crt"
> > pki mydomain key           "/usr/local/etc/mail-admin/tls/server.key"
> > table credentials file:/usr/local/etc/mail-admin/db/auth-smtp.db
> > listen on 192.168.1.1 secure auth-optional <credentials> pki mydomain
>=20
> What's the output of 'file /usr/local/etc/mail-admin/db/auth-smtp.db'?
> Maybe you need db: not file:?

it's an ASCII file, as it was with 5.4.6. As I said, no config
(including backend table files) has changed.

> > I am able to switch from the 5.4.6 to the 5.7.1 binary and reproduce
> > that I can send mail with the former and cannot with the latter. No
> > config has changed.
>=20
> Have you tried to run 'smtpd -dv' or 'smtpd -dv -T all'?

Here's the output from smtpd -dv -T all.

Thank you!

smtp: 0x802523000: >>> 220 mail.example.com ESMTP OpenSMTPD
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ib=3D=
0 ob=3D0>
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ib=
=3D16 ob=3D0>
smtp: 0x802523000: <<< EHLO example.com
filter: new query QK_QUERY QUERY_HELO
filter: filter_drain_query 1746ec4c96a16e71[QK_QUERY,QUERY_HELO=3Dexample.c=
om,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: filter_end_query 1746ec4c96a16e71[QK_QUERY,QUERY_HELO=3Dexample.com=
,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: query 1746ec4c96a16e71 done: status=3DFILTER_OK code=3D0 response=
=3D"(null)"
smtp: 0x802523000: STATE_CONNECTED -> STATE_HELO
smtp: 0x802523000: >>> 250-mail.example.com Hello example.com [192.168.1.1]=
, pleased to meet you
smtp: 0x802523000: >>> 250-8BITMIME
smtp: 0x802523000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802523000: >>> 250-SIZE 36700160
smtp: 0x802523000: >>> 250-DSN
smtp: 0x802523000: >>> 250-STARTTLS
smtp: 0x802523000: >>> 250 HELP
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ib=3D=
0 ob=3D0>
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ib=
=3D10 ob=3D0>
smtp: 0x802523000: <<< STARTTLS
smtp: 0x802523000: >>> 220 2.0.0: Ready to start TLS
smtp: 0x802523000: STATE_HELO -> STATE_TLS
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ib=3D=
0 ob=3D0>
mproc: pony -> lka : 272 IMSG_SMTP_TLS_INIT
imsg: lka <- pony: IMSG_SMTP_TLS_INIT (len=3D272)
debug: lka: looking up pki "example.com"
mproc: lka -> pony : 2176 IMSG_SMTP_TLS_INIT
imsg: pony <- lka: IMSG_SMTP_TLS_INIT (len=3D2176)
debug: session_start_ssl: switching to SSL
debug: pony: rsae_priv_enc
mproc: pony -> ca: allocating 128
mproc: pony -> ca: realloc 128 -> 256
mproc: pony -> ca : 130 IMSG_CA_PRIVENC (flush)
imsg: ca <- pony: IMSG_CA_PRIVENC (len=3D130)
mproc: ca -> pony: allocating 128
mproc: ca -> pony: realloc 128 -> 1024
mproc: ca -> pony : 535 IMSG_CA_PRIVENC
imsg: pony <- ca: IMSG_CA_PRIVENC (len=3D535)
smtp: 0x802523000: IO_TLSREADY <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ss=
l=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp-in: session 1746ec49080e52e3: TLS started version=3DTLSv1/SSLv3 (TLSv1=
=2E2), cipher=3DECDHE-RSA-AES256-GCM-SHA384, bits=3D256
mproc: pony -> control : 43 IMSG_STAT_INCREMENT
smtp: 0x802523000: STATE_TLS -> STATE_HELO
ramstat: increment: smtp.tls
ramstat: smtp.tls (0x802418101): 0 -> 1
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D16 ob=3D0>
smtp: 0x802523000: <<< EHLO example.com
filter: new query QK_QUERY QUERY_HELO
filter: filter_drain_query 1746ec4d6ecf7513[QK_QUERY,QUERY_HELO=3Dexample.c=
om,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: filter_end_query 1746ec4d6ecf7513[QK_QUERY,QUERY_HELO=3Dexample.com=
,filter_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: query 1746ec4d6ecf7513 done: status=3DFILTER_OK code=3D0 response=
=3D"(null)"
smtp: 0x802523000: STATE_HELO -> STATE_HELO
smtp: 0x802523000: >>> 250-mail.example.com Hello example.com [192.168.1.1]=
, pleased to meet you
smtp: 0x802523000: >>> 250-8BITMIME
smtp: 0x802523000: >>> 250-ENHANCEDSTATUSCODES
smtp: 0x802523000: >>> 250-SIZE 36700160
smtp: 0x802523000: >>> 250-DSN
smtp: 0x802523000: >>> 250-AUTH PLAIN LOGIN
smtp: 0x802523000: >>> 250 HELP
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp: 0x802523000: IO_DATAIN <io:0x802523048 fd=3D4 to=3D300000 fl=3DR ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D65 ob=3D0>
smtp: 0x802523000: <<< AUTH PLAIN Z2FockBnYWhyLmNoAGdhaHJAZ2Foci5jaABQNkNyd=
DcsZ2Focg=3D=3D
smtp: 0x802523000: STATE_HELO -> STATE_AUTH_INIT
smtp: 0x802523000: >>> 501 5.5.2 Syntax error: Syntax error
smtp-in: Failed command on session 1746ec49080e52e3: "AUTH PLAIN (...)" =3D=
> 501 5.5.2 Syntax error: Syntax error
smtp: 0x802523000: STATE_AUTH_INIT -> STATE_HELO
smtp: 0x802523000: IO_LOWAT <io:0x802523048 fd=3D4 to=3D300000 fl=3DW ssl=
=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp: 0x802523000: IO_DISCONNECTED <io:0x802523048 fd=3D4 to=3D300000 fl=3D=
R ssl=3DTLSv1/SSLv3:ECDHE-RSA-AES256-GCM-SHA384:256 ib=3D0 ob=3D0>
smtp-in: session 1746ec49080e52e3: connection from host 192.168.1.1 [192.16=
8.1.1] closed (client disconnected)
debug: smtp: 0x802523000: deleting session: disconnected
filter: new query QK_EVENT EVENT_DISCONNECT
filter: filter_drain_query 1746ec4e1b373188[QK_EVENT,EVENT_DISCONNECT,filte=
r_session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
filter: filter_end_query 1746ec4e1b373188[QK_EVENT,EVENT_DISCONNECT,filter_=
session@0x8024c7480[datalen=3D0,eom=3D0x0,ofile=3D0x0]]
mproc: pony -> control : 43 IMSG_STAT_DECREMENT
mproc: pony -> control : 47 IMSG_STAT_DECREMENT
ramstat: decrement: smtp.tls
ramstat: smtp.tls (0x802418101): 1 -> 0
ramstat: decrement: smtp.session
ramstat: smtp.session (0x802418101): 1 -> 0

--=20
Pietro Cerutti
The FreeBSD Project
gahr@FreeBSD.org

PGP Public Key:
http://gahr.ch/pgp

--DiL7RhKs8rK9YGuF
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJVt9bVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQTZERTEwNkE1Qjg1NEI4NUREODZENDlB
REQwRDM4RUExOTIwODlFAAoJEK3Q046hkgieewUP/2TQg7XTpfGU/6Px0TC2lQJe
mrmJhhBhCA2yxGV2OnBMy0YaOHAwyKVK+TsuWUEqSbMrFpEGLhRcnPwZFeOA6OxT
4kA/O1YrjFP3p0N0YUfwUcv1Bvh2t8Er9/7rBCuXA1xnV/TvioDoMwtQmR39Y9j9
xyj+cW+4LpZ1e8+ouGijtFh470YWyH6yJ5Fi4c/FE2Lgjcbl6rr01/eYekiLYg1A
pBkxlyQgwL4DB9JF6Q2KTyS2v/c3eB6Fs+tvvTjCR76I32juevk11fjHDsRXtyGc
HLIWw2/sPkuQ/ivKvnwC6dWDX7GH+ZIYan3toL93oykfrKLK5whxV8Bp6GegCeNi
ERGN0d7Z3tqBOOpGPdjPMYNdTs4yWBcn3JPuoXTS+MDEEFLHxxrI8veXnCgZr1zh
WSEHLEiMv8eg7Z0d8hpVS6kG4Z06KN0wXZtHYAIsSyLw3B3C77U51rs9kuvw36NZ
xZTUmS04XzPf79aYcd7Q5eCjvO2IJyCYxayC2RnYq1VbJSdHHVSkrMwOPtAiQ3GA
hRi6O+qlaTZrnR+l7r85fKJCF0QCs1EWGX9v1uDN9KLuOQrlATLOkSI6nL8Tfgj/
nubaNktqKLd7mZyO8AUgreTxS8CijVrpHx0qlzRpOZT995FxQpQPHI9EKIIX4ibv
r975DuZr/GyYhWP/MLX8
=JhIr
-----END PGP SIGNATURE-----

--DiL7RhKs8rK9YGuF--