XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum [Powered by Invision Power Board]
Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > Documentation and Knowledge Base > ASSP SMTP Auth Problem after Upgrade to 1.24


Posted by: Andy Aug 4 2007, 12:08 PM
I have a weird problem - I have tried to upgrade from 2.22 to 2.24 (just by placing new files in the bin directory) mostly seems to work except for users authenticating and sending mail. I use assp infront of xmail and this just gives a connection timeout error.
I have put 2.22 back and that works fine.
I have tried manual telnet and sent mail to a local user ok
Users can POP ok.
I have run xmail in debug mode and this shows nothing except open smtp connection and then close smtp connection
The logs don't have an entry for these transactions.

I am stumped and all I can think of is its a problem with authenticating?

Can anyone suggest how I can find the problem?

Thanks

Andy.

Posted by: Andy Aug 5 2007, 05:37 PM
After doing more tests it would appear that there is a problem between assp and ver 2.24 of xmail. If I connect my email client directly to port 225 the email is sent fine but if I use port 25 and go through assp nothing appears to happen and I get a timeout error.

I have now duplicated this on a test machine - very weird all works fine with ver 2.22 but as soon as I use 2.24 I can't send email - still guessing it is something to do with authentication as I can manually telnet to port 25 and send a local email. I don't know how to telnet and authenticate so I can't test that.

I am stuck - I don't know how to find the problem. Is anyone else using assp with this version?

Andy.

Posted by: hschneider Aug 5 2007, 08:13 PM
Use a mail client (e.g. Thunderbird) to send a test mail with authentication. Any errors ?

Posted by: Andy Aug 5 2007, 09:06 PM
I have tried with outlook and outlook express - it fails

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity.

The error tells me nothing of what is actually happening. I know it is something to do with the new version - I can put the old version back it works fine.

Thanks

Andy.

Posted by: Andy Aug 5 2007, 09:17 PM
I am even more stumped - I have done a manual telnet session where I authenticate as well and it works fine?

It just appears that the email clients have the problem - i am totally confused!

Is there anyway to monitor the actually smtp communication?

I have tried the pre-release of 2.25 as well - same problem.

ASSP shows the SMTP connection but no details - not even the helo response - so it doesn't look like it does anything except open the connection??

Interesting - I have a message in my outbox that I have been trying to send but getting timeout error, but if I then go into the properties and turn off the option that says "my outgoing server requires authentication" I then get the expected error relaying not allowed - but the relaying error will come from assp not xmail so it must be a problem with assp and xmail communicating?

Andy.

Posted by: hschneider Aug 6 2007, 06:34 AM
Solve the problem with the regular mail client, then the prob with ASSP will be solved too. You can monitor a SMTP session with e.g. Wireshark: http://wireshark.org/

Pls post your server.tab


Posted by: Andy Aug 6 2007, 08:11 AM
I will download wireshark

I have the following command line parameters (normally with a public ip but on my test system I have changed them to 127.0.0.1)
-ci 127.0.0.1 -fi 127.0.0.1 -SI 127.0.0.1:225 -pi 127.0.0.1 -Mr 24 -Pl -Sl -Ql -Yl -Fl -Ll -Qg

server tab

#
# Example configuration file.
# Note : remember to use _REAL_ TABs and " to format this file
#
"RootDomain" "xxx.co.uk"
"POP3Domain" "xxx.co.uk"
"HeloDomain" "mail.xxx.co.uk"
"PostMaster" "postmaster@xxx.co.uk"
"ErrorsAdmin" "postmaster@xxx.co.uk"
"SmtpServerDomain" "mail.xxx.co.uk"
#"TempErrorsAdmin" "send-failures@xmailserver.test"
#"DefaultSMTPGateways" "192.168.1.2,192.168.1.15"
"RemoveSpoolErrors" "1"
#"DisableEmitAuthUser" "1"
#"NotifyMsgLine***tra" "8"
#"NotifySendLogToSender" "0"
#"NotifyTryPattern" "1"
"MaxMTAOps" "16"
"ReceivedHdrType" "0"
"FetchHdrTags" "+X-Deliver-To,+Received,To,Cc"
#"CustomSMTPMessage" "Please open http://www.xmailserver.test/smtp_errors.html to get more informations about this error"
#"MaxMessageSize" "20000"
"EnableAuthSMTP-POP3" "0"
#"Pop3SyncErrorAccount" "psync-errors@xmailserver.test"
#"AllowNullSender" "1"
#"AllowSmtpVRFY" "1"
#"AllowSmtpETRN" "1"
#"SmtpMinDiskSpace" "100000"
#"SmtpMinVirtMemSpace" "64000"
#"Pop3MinVirtMemSpace" "64000"
#"CustMapsList" "sbl-xbl.spamhaus.org.:0,bl.spamcop.net.:0"
#"SMTP-RDNSCheck" "1"
#"CheckMailerDomain" "1"
#"SmartDNSHost" "dns.home.bogus.net:tcp,192.168.1.1:udp"
#"DynDnsSetup" "www.dns4ever.com,80,/sys/u.cgi?d=MYDOMAIN&u=MYUSERNAME&p=MYPASSWORD&i=%s"
#"DynDnsSetup" "members.dyndns.org,80,/nic/dyndns?action=edit&started=1&hostname=YES&host_id=yourhost.ourdomain.ext&myip=%

s&wildcard=OFF&mx=mail.exchanger.ext&backmx=NO,foouser,foopasswd"
#"SmtpConfig" "mail-auth"
#"SmtpConfig-192.168.0.1" "mail-auth"
"DefaultSmtpPerms" "MRVZ"
#"SMTP-TLS" "0"

Posted by: hschneider Aug 6 2007, 08:41 AM
This looks OK. Additionally you should

- Stop XMail
- Delete all inside MailRoot/tabindex
- Start XMail



Posted by: Andy Aug 6 2007, 09:18 AM
I have sniffed the conversations - first with 2.22 which works and then with 2.24 which doesn't

I have no ideas - 2.24. just stops at the point where AUTH LOGIN should be sent - I still have to assume it is something to do with the assp proxy because it works fine if I point the client direct to port 225 but the only change is xmail 2.22 to 2.24??????? I can't be the only one with this problem?

2.22

220 <1186387304.5532@mail.xxx.co.uk> [XMail 1.22 ESMTP Server] service ready; Mon, 6 Aug 2007 09:01:44 +0100
EHLO ASUMMERS
250-xxx.co.uk
250-VRFY
250-ETRN
250-8BITMIME
250-AUTH LOGIN PLAIN CRAM-MD5
250 SIZE
AUTH LOGIN
334 VXNlcm5hbWU6
YW5keUBzcGlkZXJ3ZWJzb2Z0d2FyZS5jby51aw==
334 UGFzc3dvcmQ6
TG90dGll
235 Authentication successful
MAIL FROM: <andy@xxx.co.uk>
250 OK
RCPT TO: <xxxx@xxxx.com>
250 OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Message-ID: <B2A3E3ACCA2E418D9D9BB51DDEC4F292@zzz.local>
From: "rtrettre" <andy@xxx.co.uk>
To: <xxxx@xxxx.com>
Subject: test
Date: Mon, 6 Aug 2007 09:01:44 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
.boundary="----=_NextPart_000_000E_01C7D808.694D2570"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16480
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16480

This is a multi-part message in MIME format.

------=_NextPart_000_000E_01C7D808.694D2570
Content-Type: text/plain;
.charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

test
------=_NextPart_000_000E_01C7D808.694D2570
Content-Type: text/html;
.charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.6000.16481" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>test</FONT></DIV></BODY></HTML>

------=_NextPart_000_000E_01C7D808.694D2570--

.
250 OK <SE357F>
QUIT
221 [XMail 1.22 ESMTP Server] service closing transmission channel




2.24


220 mail.xxx.co.uk <1186387448.3084@mail.xxx.co.uk> [XMail 1.24 ESMTP Server] service ready; Mon, 6 Aug 2007 09:04:08 +0100
EHLO ASUMMERS
250-xxx.co.uk
250-VRFY
250-ETRN
250-8BITMIME
250-AUTH LOGIN PLAIN CRAM-MD5
250-SIZE

Posted by: Andy Aug 6 2007, 09:41 AM
Just a small difference - but could it be because 2.22 has "250 SIZE" and 2.24 has "250-SIZE"??

If you telnet directly to port 225 and do ehlo xxx you get
250-SIZE
250 STARTTLS

but if you telnet to port 25 (assp) you just get
250-SIZE

Is the client waiting for last line?

Thanks

Andy.

Posted by: hschneider Aug 6 2007, 09:46 AM
OK ... this shows definitely a client side (in this case ASSP) problem. XMail lists its protocol capabilites and waits for the client's next command which is not issued.

Why not skipping SMTP AUTH for ASSP by entering

"127.0.0.1" "255.255.255.0"

in your smtprelay.tab ?





Posted by: Andy Aug 6 2007, 09:56 AM
I can't do that because assp doen't authenticate my users, I would be an open relay if I did that.

I will have to see if I can figure out why assp misses the last command.

Was a tricky issue to track down - Thanks for your help - its been invaluable!

Would it be worth making this problem more obvious on the forum - there is bound to be others that come across it.

Thanks again,

Andy.

Posted by: hschneider Aug 6 2007, 10:12 AM
Seen this one ?

http://assp.sourceforge.net/fom/cache/162.html

QUOTE

Problem: All email is being rejected with the error 'Relaying denied'.
Solution: Get a list of all your domains into a file, and set 'Local Domains File' to it.
Problem: I copied my /etc/postfix/virtual file (list of local domains) to my assp directory, but all incoming email was still being rejected.
Solution: Get rid of all comments, delete everything except for the actual domain names of emails to accept. Debugging showed that ASSP was gluing all the words on the same line together, and calling that a domain name. Alternatively, edit assp.pl to cut everything but the first word on a line when it reads the file.
Problem: Still rejecting email?
Solution: Since I had turned on the chroot option, instead of /usr/local/lib/assp/virtual, I should have typed /virtual into the settings. Oh, and made sure that the file was readable by the user assp. In the end, I edited assp.pl to check permissions and complain if they were wrong.


Posted by: Andy Aug 6 2007, 12:53 PM
ASSP delibrately removes the starttls command because it doesn't support it. I have added a bug ticket to the project

http://sourceforge.net/tracker/index.php?func=detail&aid=1768223&group_id=69172&atid=523647

I have modified the assp script - is only a workaround as my perl script is very dodgy but I think it will do the trick for now!

Posted by: ndoeberlein Oct 15 2007, 04:26 PM
Sorry to tap onto this late...

You shouldn't need to modify the script as this is a client issue. You would have the mail clients use 995 (SSL-POP3) and 465 (SSL-SMTP) for your secure connections to XMail, and then 25 is for normal SMTP traffic. ASSP doesn't get involved except for port 25 traffic.

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)