Since I wasn't able to make ASSP authenticate I ended up using stunnel for TLS
and use sasl on postfix to perform the authentication. ASSP is still playing a
bit part in the email flow, just a shame I couldn't fix the auth issue as it
would have been simpler. Regardless is this can help other users this is what
it looks like:
+------------------------------+ +------------------------------+
| Internet emails | | email clients |
+-----+-----------------+------+ +-----+------------------+-----+
^ | | |
|25 | | |
| | | |
+-----+------------+ | | |
| MailJet | | | |
+-----+------------+ | | |
^ | | |
|587 +------+------+ +-----+------------------+-----+
| |fail2ban assp| | fail2ban postfix sasl |
| +------+------+ +-----+------------------+-----+
| | | |
+-----+------------+ | | |
| stunnel | | | |
+-----+------------+ |25 645|587 |993
^ | | |
|11125 | | |
| v v v
+-----+-----------------+------+ 125 +-----+------------------+-----+
| +------------->+ |
| ASSP | | Postfix |
| +<-------------+ |
+------------------------------+ 225 +------------------------------+
🙂
________________________________
From: Ercolino De Spiacico <[email protected]>
Sent: 05 June 2020 07:32 AM
To: For Users of ASSP <[email protected]>
Subject: Re: [Assp-user] TLS outbound
So defined that normal password in Thunderbird means PLAIN as I see from the
logs my ASSP tries to log using LOGIN. Regardless looking at the supported AUTH
list they are all supported:
AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
Thunderbird does work with the same username and password I'm using in ASSP so
they are correct indeed. Can this be a char encoding issue or something? Or can
ASSP be forced to use PLAIN perhaps?
Don't know what to think about any more...
Did anybody ever used MailJet with ASSP? It's a free service to send up to 200
email/day perfect for personal usage.
________________________________
From: James Moe via Assp-user <[email protected]>
Sent: 04 June 2020 10:02 PM
To: For Users of ASSP <[email protected]>
Cc: James Moe <[email protected]>
Subject: Re: [Assp-user] TLS outbound
On 2020-06-04 5:53 AM, Ercolino De Spiacico wrote:
> I have set the the ASSP RelayHost to:
> SSL:in-v3.mailjet.com:587
> populated the RelayAuthUser and RelayAuthPass accordingly, and I now get this
> error in the ASSP logs:
>
> Jun-04-20 13:31:36 m1-73895-03416 [Worker_1] [TLS-out] 46.x.x.252 info:
> authentication - login is used
> Jun-04-20 13:31:43 m1-73895-03416 [Worker_1] [TLS-out] 46.x.x.252 [SMTP
> Error] 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
>
> The very same RelayHost:port + username/password works just fine if I set this
> directly in e.g. Thunderbird selecting "Normal Password" whatever that means
> but
> I guess is the same as LOGIN.
>
"Normal Password" means authentication is done in the clear. Not really a
problem if a secure connection is established previously, which your log shows
is the case.
Are you sure the name/pass are EXACTLY the same?
> I'm confused because MailJet as per output above says to support many
> authentication mechanism including LOGIN but eventually it doesn't like it. Is
> there any way to force a different AUTH mechanism outbound in the RelayHost
> setup of ASSP?
>
Yes. Tell Thunderbird to use anything except "Normal Password." "Encrypted
Password" is a reasonable choice. (Although "OAuth2" might be a challenge to
setup.)
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
