XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum [Powered by Invision Power Board]
Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > Documentation and Knowledge Base > External SMTP auth


Posted by: xenon Jan 13 2003, 07:55 AM
I've been using xmail on Linux for a while, though I'm not 100% about my settings.

I recently tried to use different external SMTP server (I want to xmail to send all
mails to this server), but this fails because xmail is not sending the
"AUTH PLAIN xxxxxxx" to the SMTP server in response to the Server's '250' message.

As described in the xmail manual, I tried setting up a file in userauth/smtp, but this
has had no effect (I restart xmail after all changes, just to be sure).

I know I can SMTP to the new server, because I tested using NetScape and mails
were sent ok (the AUTH PLAIN message was seen with ethereal).

I find the xmail manual very unclear & confusing, so I probably just need a simple
parameter change somewhere.

Any ideas where to start ?

Thanks

Posted by: hschneider Jan 13 2003, 08:26 AM
Did you also set your smtpfwd.tab to force XMail to forward mails to this specific SMTP ?
E.g.

aol.com[TAB]smtp.isp.com
will force all mails with a recipient in the aol.com domain through that SMTP server.
If you only put aol.com into your external auth config, then XMail looks up the MX entry of aol which points to another server than smtp.isp.com that does not need SMPT auth.

Posted by: xenon Jan 13 2003, 08:40 AM
I have a smtpfwd.tab file with -

"*"[TAB]"external.smtp.server"

Though, I have been confused between smtpfwd.tab & smtpgw.tab files. My current
smtpfwd.tab works when set to my ISPs server (as it doesn't require the AUTH
reply).

Also, another slight problem. I setup an extaliases.tab - under the assumtion that
this would prevent emails for internal users being sent to my external SMTP server
and then back in through pop3links.tab - even though the 'mailto' was an external name,
xmail would simply deliver it to the internal user.

This file didn't seem to have any effect as mails were sent externally. Since this isn't
such a big problem, it's not that important. But - any ideas ?

Thanks !




Posted by: hschneider Jan 13 2003, 08:52 AM
>"*"[TAB]"external.smtp.server"

With this entry you force all mail to be forwarded to this external SMTP.
Is this the server that needs SMTP auth ?
If yes, then you shoul use its address in you userauth/smtp config.

>I setup an extaliases.tab ...

How have you set up this file ?


Posted by: xenon Jan 13 2003, 09:03 AM
1. I setup the contents of userauth/smtp/fully-qualified-name.tab

"plain"[TAB]"username"[TAB]"password"[NEWLINE]

I don't see anywhere where the address is used !!! ?

(I also tried "login"[TAB]"username"[TAB]"password")


2. My extaliases.tab

"external-domain"[TAB]"external-account"[TAB]"local-domain"[TAB]"local-user"[NEWLINE]

as described in the manual. All internal users have an entry, which is the external
account (as in POP3links).


My basic problem is that I don't understand which SMTP parameters relate to xmail, and
which relate to an external SMTP server.



Posted by: hschneider Jan 13 2003, 09:12 AM
1. ... I don't see anywhere where the address is used !!! ?

Your address IS then name of the .tab file. I bet you used the user name instead, which is wrong.
If your target smtp is mailto.domain.com, then you .tab has to be named mailto.domain.com.tab.

2. ... My basic problem is that I don't understand which SMTP parameters relate to xmail,

Local means XMail and external means your ISP's SMTP. So your local domain is that thing defined in MailRoot\domains.

Posted by: xenon Jan 13 2003, 09:30 AM
> Your address IS then name of the .tab file. I bet you used the user name instead, which is wrong.
If your target smtp is mailto.domain.com, then you .tab has to be named mailto.domain.com.tab.

I used the fully qualified name with ".tab", which is "mailto.domain.com.tab" as you
describe.

I understand the difference between internal/external, local/remote etc. I meant I
do not understand in the manual which parameters refer to xmail itself and
which refer to an external SMTP server.



Posted by: hschneider Jan 13 2003, 09:43 AM
>.... do not understand in the manual ....

Can you give me the parameters or part of the manual that you exactly mean?

Posted by: xenon Jan 13 2003, 09:56 AM
Hang on - I'm asking the wrong question.

How do I setup xmail to send the "AUTH PLAIN xxxxxxx" to an external SMTP server in response to the Server's '250' message ? This external SMTP server will handle all
mails sent from my localdomain.

The SMTP server is "mail.gmx.de" and it responds -
250-
AUTH=LOGIN CRAM-MD5 PLAIN
PIPELINING
8BITMIME

Maybe there is an example somewhere I can copy?


Posted by: hschneider Jan 13 2003, 10:18 AM
Create a file
\MailRoot\userauth\smtp\mail.gmx.de.tab

In that file set
"plain" "username@gmx.de" "your_gmx_password"

divided by TABs.

Restart XMail.




Posted by: xenon Jan 13 2003, 10:31 AM
Thanks - that's exactly what I have. Any ideas why xmail is not using it?
Some parameter (server.tab maybe?)

Posted by: xenon Jan 13 2003, 11:00 AM
Further to this topic.

1. I don't understand the significant difference between smtpgw.tab & smtpfwd.tab.
Which should I be using (or both) ? I want to send ALL external emails to 'mail.gmx.de'
However, those email addresses which are mapped to internal users (pop3links.tab)
don't need to go out and back again, xmail could simply deliver them internally.

2. Does smtpextauth.tab refer to SMTP within xmail, or an external SMTP server?

3. Within 'server.tab'.
- DefaultSMTPGateway maybe this is conflicting with smtpgw.tab ?
- smtpConfig-xxx.xxx.xxx.xxx maybe I need to use this ?


Posted by: hschneider Jan 13 2003, 11:34 AM
One little preface: Many things in the manual are unclear and deserverve further investigations. That's why this forum here exists. So please don't look at my answers as the ultimate solution (cause I have not tested everything deeply -- still learning smile.gif, better look at them as a hint how to solve a problem ... Let's see what we can do together:

1) Both forward mail to another SMTP. If you want e.g. complex routing across a chain of 3 servers, you'll have to use smtpgw. If you want to e.g. multiplex to several target servers, that means choose 1 out of a given list, use smtpfwd.

2) Seems (not sure about that) to concern the local XMail server only. That means you can customize how YOUR clients are handled.


3) Within 'server.tab'.
- DefaultSMTPGateway maybe this is conflicting with smtpgw.tab ?
I think so. Leave this blank, if you use the .tab. Also when you use smtpfwd.tab.

- smtpConfig-xxx.xxx.xxx.xxx maybe I need to use this ?
NO, this only forces your machine to use SMTP auth for your clients.


Posted by: xenon Jan 13 2003, 02:38 PM
I have just done a bit of testing using xmail under Windows. Since I'm stuck
behind my company's firewall, there's not too much I can do.
However, the userauth/smtp/mail.server.tab & smtpfwd.tab did indeed function
as you describe. The "AUTH PLAIN" was sent.

I shall try tonight on my home system (Linux) - I'm guessing that I'll find a conflict
in server.tab, smtpgw.tab & whatever else has to do with SMTP values.

Thanks for the help, I'll report tomorrow on my success tonight.....

xmail seems a great product, it's just a shame the documentation is hard to get along with.

Posted by: hschneider Jan 13 2003, 06:14 PM
>...it's just a shame the documentation is hard to get along with.

That's absolutely right. So if you dig into that prob and get a solution, please post it to the forum. In the near future I'll compile a FAQ that will be a very useful reference. So any help will be apreciated ...

Thanks!

If it helps, here my server.tab:

CODE

"RootDomain" "intra.net"
"POP3Domain" "intra.net"
"HeloDomain" "intra.net"
"PostMaster" "root@intra.net"
"ErrorsAdmin" "root@intra.net"
#"DisableEmitAuthUser" "1"
#"CustomSMTPMessage" "Please open http://www.intra.net/smtp_errors.html to get more informations about this error"
#"TempErrorsAdmin" "send-failures@intra.net"
#"DefaultSMTPGateways" "192.168.1.2,192.168.1.15"
"RemoveSpoolErrors" "0"
#"NotifyMsgLinesExtra" "8"
#"NotifySendLogToSender" "0"
#"NotifyTryPattern" "1"
"MaxMTAOps" "16"
"ReceivedHdrType" "0"
"FetchHdrTags" "+X-Deliver-To,+Received,To,Cc"
#"MaxMessageSize" "20000"
#"EnableAuthSMTP-POP3" "0"
#"Pop3SyncErrorAccount" "psync-errors@intra.net"
#"AllowNullSender" "1"
#"AllowSmtpVRFY" "1"
#"AllowSmtpETRN" "1"
#"SmtpMinDiskSpace" "100000"
#"SmtpMinVirtMemSpace" "64000"
#"Pop3MinVirtMemSpace" "64000"
#"CustMapsList" "list.dsbl.org.:1,blackholes.mail-abuse.org.:1,dialups.mail-abuse.org.:0"
#"SMTP-RDNSCheck" "1"
#"CheckMailerDomain" "1"
#"SmartDNSHost" "dns.home.bogus.net:tcp,192.168.1.1:udp"
#"DynDnsSetup" "www.dns4ever.com,80,/sys/u.cgi?d=MYDOMAIN&u=MYUSERNAME&p=MYPASSWORD&i=%s"
#"DynDnsSetup" "members.dyndns.org,80,/nic/dyndns?action=edit&started=1&hostname=YES&host_id=yourhost.ourdomain.ext&myip=%s&wildcard=OFF&mx=mail.exchanger.ext&backmx=NO,foouser,foopasswd"
#"SmtpConfig" "mail-auth"
#"SmtpConfig-192.168.0.1" "mail-auth"
"DefaultSmtpPerms" "MRVZ"


Posted by: xenon Jan 14 2003, 07:15 AM
The good news is that I got it working. I changed the following, then it worked
- removed all lines (which were all comments anyway) from smtpgw.tab
- removed DefaultSMTPGateways from server.tab
- commented out all entries in extaliases.tab

Also related, maybe, is that the "AUTH PLAIN" message from xmail is split over
several messages, whereas NetScape sent it as once complete message.

The bad news is that the SMTP server I'm using rejects mails if the "MAIL From:" does not
match the AUTH PLAIN login information. So what I'd need is to send an AUTH PLAIN which
does match the "MAIL From:". I see that authorisation file in "userauth/smtp" supports
type "external". This could be what I need, but do you have any experience or examples?







Posted by: hschneider Jan 14 2003, 08:50 AM
With "external" you can customize your auth process, but not the mail headers you send AFTER authentication.

If you auth with another username than your account, then the server won't let you in. If you send with an (for the server) invalid Mail_From then the server will let you in, but your mail bounces back after its verification process. If you send a valid header, your recipients get confused.

So you see, you can't bypass that header verification ...

Can't you use an alternate server ?

Don't know idf this still works, but maybe you should give it a try:
http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&oe=UTF-8&threadm=a7keva.3vg6f8p.1%40ID-9590.user.dfncis.de&rnum=1&prev=/groups%3Fq%3Dsmtp%2Bauth%2Bmail%2Bfrom%2Bpostman%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Da7keva.3vg6f8p.1%2540ID-9590.user.dfncis.de%26rnum%3D1

Posted by: xenon Jan 14 2003, 09:24 AM
Yes, I see the problem. Now, if the "Mail From:<xxxx>" string could be sent to the
external auth program/script, it could return the appropriate AUTH string. So ....

userauth/smpt/xxx.tab contains
"external"[TAB]"PLAIN"[TAB]"????"[TAB]"script/prog name"[TAB]"@@FROM"[TAB]"@@RFILE"

Source file SMTPUtils.cpp has to be modified to pass the From Address for the @@FROM
token (a simple task)

All the auth script/prog as to do is return (in the @@RFILE) the appropriate AUTH string
according to the From name.

I've modified the code, but is too hard to test here - it will have to wait until tonight.



Posted by: hschneider Jan 14 2003, 09:57 AM
I see. Is it right, that you have valid GMX accounts for the users that send mails from your system?
In that case your solution will fit. As long as the mails you send pass the server's verification, the only prob to be solved is to get in ...


Posted by: xenon Jan 15 2003, 07:42 AM
I'm getting somewhere, slowly.

1. I've modified SMTPUtils.cpp as previously described.

2. userauth/smpt/xxx.tab contains
"external"[TAB]"LOGIN"[TAB]"what-is-this-string-for?"[TAB]"script/progname"[TAB]"@@FROM"[TAB]"@@RFILE"

3. My script is called - and @@FROM is passed as my from address (xxx@xxx.xxx). I setup
my return file and this is where things stop working.

Debugging SMTPUtils.cpp, I see this is all to do with the format of the response file. Using
ethereal on a NetScape SMTP session, I see AUTH LOGIN is sent, then the encoded
username, then the encoded password. SMTPUtils.cpp only sends a single response. So
the question now is - what is the format of this "output response file" that the
documentation refers to?

If I were to use AUTH PLAIN, the same question - as both username & password have to
be sent.

Every seen examples of this "output response file"?

Another "funny" - my external auth script was being called with a from address of
"root@myinternaldomain" - I can look into that later.




Posted by: hschneider Jan 15 2003, 09:17 AM
Hi,

the example says:
CODE

    "external" "RSA-AUTH" "mysecret" "/usr/bin/myrsa-auth" "-c" "@@CHALL" "-s"=>
      "@@SECRT" "-f" "@@RFILE"


I think the => is a bug here. Try:

CODE

    "external" "RSA-AUTH" "mysecret" "/usr/bin/myrsa-auth" "-c" "@@CHALL" "-s" "@@SECRT" " -f" "@@RFILE"


Posted by: xenon Jan 16 2003, 12:31 PM
I think "external" isn't going to work. I'm not an expert on SMTP, but it seems to me that
xmail does dot correctly support "LOGIN". "PLAIN" should have been ok, but xmail
isn't calling my scipt - and of course xmail does not seem to log anything useful anywhere.
There isn't any useful information in the "documentation" about the format of the response
file either.

I've given up on using "external". What I've done is modify SMPTUtils.cpp to add a new
authentication type and add code to read in an authentication file - which contains a
list of external SMTP Usernames & Passwords for that particular SMTP server based on
the MAIL FROM address.

If anybody wants the code - and sample authentication files, I'm happy to supply.

eg:-

userauth/smtp/mail.gmx.de.tab contains
"gmx"[TAB]"mail.gmx.de.tab.auth"

userauth/smtp/mail.gmx.de.tab.auth contains
"localuser@localdomain"[TAB]"SMPTUserName"[TAB]"SMPTPassword"
"anotheruser@localdomain"[TAB]"AnotherUser"[TAB]"AnotherPass"


Posted by: hschneider Jan 16 2003, 01:13 PM
Fine, but isn't it too hard to maintain from release to release ?

For the format of the auth file, you should contact Davide directly. Maybe he's also interested in your modification. See http://xmailserver.org for contact details.



Posted by: xenon Jan 16 2003, 01:31 PM
From previous experience, I'd say the author isn't too interested in modifiications.
Once I have it fully working, I hope not to be making any software changes for a long time.
(It's Firewall/server/proxy for a small home network.)


Posted by: hschneider Jan 16 2003, 02:25 PM
I see. If it's not too big, you can also enclose your mods in this thread inside CODE tags.
Would be nice example for other users here ...

Posted by: xenon Jan 17 2003, 01:16 PM
Care must be taken with those .tab files. The [CR][LF] used on NT will cause problems
on Linux. In my case,

"SMTPuser"[TAB]"SMPTPass"[CR][LF]

this caused "SMPTPass"[CR] to be encoded as the response string send on AUTH PLAIN,
which was rejected by the SMTP server.

Since I was testing on NT and using for real on Linux, I was using some common files.
I wont do this in future - I'll make sure I keep two sets of completely independant
config files.

I'm also somewhat dismayed at the lack of log messages.

Posted by: hschneider Jan 17 2003, 01:27 PM
Have you enabled logging with -Sl -Pl -Ll -Ql -Md ?

Posted by: xenon Jan 21 2003, 01:56 PM
I have made the following code changes to xmail-1.11

1. Remove the password from the logs.
Easy to do, just small changes to CTRLSvr.cpp & POP3Svr.cpp (you can see where pszPassword is logged)

2. Receiving mail without domain.
Xmail rejects mails with Rcpt To:<name> as opposed to Rcpt To:<name@domain>
Mail is received either on SMTP port 25, or by placing a file directly in XMail's directory.
By default, your system may send mails to "root" and not "root@yourlocaldomain". XMail will reject those
even if you have defined an alias in "aliases.tab"
Two files need changing
a) LMAILSvr.cpp, function LMAILProcessList

///////////////////////////////////////////////////////////////////////////////
// Write "RCPT TO:"
///////////////////////////////////////////////////////////////////////////////

CODE

// (sometimes RCPT To:<name> is received without '@domain'. Add local domain name)
   char           szDomain[MAX_ADDR_NAME] = "";
   SVRCFG_HANDLE  hSvrConfig = SvrGetConfigHandle();
   if (SvrConfigVar("RootDomain", szDomain, sizeof(szDomain), hSvrConfig) == 0)
     {
      if (strchr(szSpoolLine, '@') == NULL)
        {
         char  szWork[MAX_SPOOL_LINE+25] = "";
         char *p1 = NULL;
         p1 = strchr(szSpoolLine, '>');
         if (p1 != NULL)
           {
            *p1 = 0;
            sprintf(szWork, "%s@%s>%s", szSpoolLine, szDomain, p1+1);
           }
         strcpy(szSpoolLine, szWork);
        }
      if (hSvrConfig != INVALID_SVRCFG_HANDLE)
        SvrReleaseConfigHandle(hSvrConfig);
     }

fprintf(pSpoolFile, "%s\r\n", szSpoolLine);

cool.gif SMTPSvr.cpp, function SMTPHandleCmd_RCPT

///////////////////////////////////////////////////////////////////////////////
// Check recipients count
///////////////////////////////////////////////////////////////////////////////

if (SMTPS.iRcptCount >= SMTPS.pSMTPCfg->iMaxRcpts)
{
if (SMTPLogEnabled(SMTPS.hShbSMTP, SMTPS.pSMTPCfg))
SMTPLogSession(SMTPS, SMTPS.pszFrom, "", "RCPT=ENBR", 0);
SMTPSendError(hBSock, SMTPS, "552 Too many recipients");
ErrSetErrorCode(ERR_SMTP_TOO_MANY_RECIPIENTS);
return (ERR_SMTP_TOO_MANY_RECIPIENTS);
}

CODE

/*
   For each name extracted from "Rcpt To:<name1, name2>", add the RootDomain as
   name@RootDomain for each name which does not have a domain.
*/
  int            iDomainCount = StrStringsCount(ppszFwdDomains);
  SVRCFG_HANDLE  hSvrConfig = SvrGetConfigHandle();
  char           szUserAndDomain[MAX_ADDR_NAME] = "";
  char           szDestDomain[MAX_ADDR_NAME] = "";

  if (SvrConfigVar("RootDomain", szDestDomain, sizeof(szDestDomain), hSvrConfig) != 0)
    {
     ErrorPush();

     if (SMTPLogEnabled(SMTPS.hShbSMTP, SMTPS.pSMTPCfg))
         SMTPLogSession(SMTPS, SMTPS.pszFrom, ppszFwdDomains[0], "RCPT=ESYNTAX", 0);

     SMTPSendError(hBSock, SMTPS, "451 Requested action aborted: (%d) local error in processing",
                   ErrorFetch());

     return (ErrorPop());
    }

  for (int n = 0; n < iDomainCount; n++)
    {
     if (strchr(ppszFwdDomains[n], '@') == NULL)
       {
        strcpy(szUserAndDomain, ppszFwdDomains[n]);
        strcat(szUserAndDomain, "@");
        strcat(szUserAndDomain, szDestDomain);
        SysFree(ppszFwdDomains[n]);
        ppszFwdDomains[n] = SysStrDup(szUserAndDomain);
       }
    }


I have also made many changes to produce some meaning log messages at the appropriate time, but these are
too numerous to repeat here.


Posted by: hschneider Jan 21 2003, 02:03 PM
Some cool hacks - thanks for the contrib! ;-)


Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)