This should be on misc not tech. But anyway, I didn't need to upgrade anything to get my iPhone to work with smtpd
I use listen on egress port 465 smtps certificate xxx.yy.zzz auth not optional. Fix the iphone to use ssl on port 465 and use password authentication in it. And here is the log for a test email for you. All setup according to man page, not external upgrades or information used for the setup. Feb 24 16:27:51 smtp1 smtpd[16535]: smtp-in: New session 00000ce41b1c2010 from host xxx.yyy.zz [xx.xx.xx.xx] Feb 24 16:27:53 smtp1 smtpd[16535]: smtp-in: Started TLS on session 00000ce41b1c2010: version=TLSv1/SSLv3, cipher=AES128-SHA, bits=128 Feb 24 16:27:53 smtp1 smtpd[16535]: smtp-in: Accepted authentication for user xxxxxx on session 00000ce41b1c2010 Feb 24 16:27:54 smtp1 smtpd[16535]: smtp-in: Accepted message f9601322 on session 00000ce41b1c2010: from=<x...@xxx.xx>, size=328, nrcpts=1, proto=ESMTP Feb 24 16:27:55 smtp1 smtpd[5092]: smtp-out: Connecting to smtp://xx.xx.xx.xx:25 (xxx.xxx.xxx) on session 00003892d2dc0581... Feb 24 16:27:55 smtp1 smtpd[5092]: smtp-out: Connected on session 00003892d2dc0581 Feb 24 16:27:55 smtp1 smtpd[5092]: relay: Ok for f96013222045fc19: from=<x...@xxx.xxx>, to=<x...@xxx.xxx>, relay=xx.xx.xx.xx (xxx.xxx.xxx), delay=1s, stat=250 2.0.0 Ok: queued as 0DA1B5F9E1 Feb 24 16:27:55 smtp1 smtpd[5092]: smtp-out: Closing session 00003892d2dc0581: 1 message sent. And you really should post this to misc@ not tech. Best, Daniel On 2/24/14, 3:40 PM, Vladimir Támara Patiño wrote: > Hi. > > I have an OpenSTMP server on OpenBSD 5.4 working fine, the configuration > (/etc/mail/smtpd.conf) includes: > > listen on all port 465 smtps certificate example.com auth-optional > > Sending email from thunderbird, roundcubemail and an android MUA works > fine, however I'm having problems to send email from an iPhone with its > default MUA. > The failed connections from the iPhone reported in /var/log/maillog show: > > Feb 24 15:31:32 www smtpd[20008]: smtp-in: New session 00000046b1672c2d > from host 191.71.116.146 [191.71.116.146] > Feb 24 15:31:33 www smtpd[20008]: smtp-in: Bad input on session > 00000046b1672c2d: 500 Pipelining not supported > Feb 24 15:31:33 www smtpd[20008]: smtp-in: Closing session > 00000046b1672c2d > Feb 24 15:31:35 www smtpd[20008]: smtp-in: New session 00000047fd78e967 > from host 191.71.116.146 [191.71.116.146] > Feb 24 15:31:36 www smtpd[20008]: smtp-in: Disconnecting session > 00000047fd78e967: IO error: error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > > I wonder if the problem is with the ciphers that OpenSMTPD offers. > Following the procedure of > https://www.owasp.org/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002) > > with nmap --script ssl-cert,ssl-enum-ciphers -p 465 www.example.com > > I can see the following list of ciphers : > > Starting Nmap 6.25 ( http://nmap.org ) at 2014-02-24 15:16 COT > Nmap scan report for example.com (ip.ip.ip.ip) > Host is up (0.15s latency). > PORT STATE SERVICE > 465/tcp open smtps > | ssl-cert: Subject: > commonName=www.example.com/organizationName=Example/stateOrProvinceName=Cundinamarca/countryName=co > > | Issuer: > commonName=www.example.com/organizationName=Example/stateOrProvinceName=Cundinamarca/countryName=co > > | Public Key type: dsa > | Public Key bits: 1024 > | Not valid before: 2010-11-08T13:43:04+00:00 > | Not valid after: 2020-11-05T13:43:04+00:00 > | MD5: 0b51 f652 8410 a427 8147 bc8f d917 e774 > |_SHA-1: c12d fe2c bca9 c186 98cb 2392 c21b 02db af90 726f > | ssl-enum-ciphers: | SSLv3: | ciphers: | > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | compressors: | NULL > | TLSv1.0: | ciphers: | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - > strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | compressors: | NULL > | TLSv1.1: | ciphers: | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - > strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | compressors: | NULL > | TLSv1.2: | ciphers: | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA - > strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 - strong > | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA - strong > | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 - strong > | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 - strong > | compressors: | NULL > |_ least strength: strong > > Could the problem be in the OpenSSL library? Even in OpenBSD-current it > is still in version 1.0.0c --while the most recent is 1.0.0l > Has anyone had this problem? The solution is to upgrade OpenSSL? > > Best regards.
