Closed TopicStart new topicStart Poll

> External SMTP auth
xenon
Posted: Jan 14 2003, 07:15 AM
Quote Post


Newbie
*

Group: Members
Posts: 15
Member No.: 420
Joined: 13-January 03



The good news is that I got it working. I changed the following, then it worked
- removed all lines (which were all comments anyway) from smtpgw.tab
- removed DefaultSMTPGateways from server.tab
- commented out all entries in extaliases.tab

Also related, maybe, is that the "AUTH PLAIN" message from xmail is split over
several messages, whereas NetScape sent it as once complete message.

The bad news is that the SMTP server I'm using rejects mails if the "MAIL From:" does not
match the AUTH PLAIN login information. So what I'd need is to send an AUTH PLAIN which
does match the "MAIL From:". I see that authorisation file in "userauth/smtp" supports
type "external". This could be what I need, but do you have any experience or examples?






PM
Top
hschneider
Posted: Jan 14 2003, 08:50 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



With "external" you can customize your auth process, but not the mail headers you send AFTER authentication.

If you auth with another username than your account, then the server won't let you in. If you send with an (for the server) invalid Mail_From then the server will let you in, but your mail bounces back after its verification process. If you send a valid header, your recipients get confused.

So you see, you can't bypass that header verification ...

Can't you use an alternate server ?

Don't know idf this still works, but maybe you should give it a try:
http://groups.google.de/groups?hl=de&lr=&i...s.de%26rnum%3D1


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
xenon
Posted: Jan 14 2003, 09:24 AM
Quote Post


Newbie
*

Group: Members
Posts: 15
Member No.: 420
Joined: 13-January 03



Yes, I see the problem. Now, if the "Mail From:<xxxx>" string could be sent to the
external auth program/script, it could return the appropriate AUTH string. So ....

userauth/smpt/xxx.tab contains
"external"[TAB]"PLAIN"[TAB]"????"[TAB]"script/prog name"[TAB]"@@FROM"[TAB]"@@RFILE"

Source file SMTPUtils.cpp has to be modified to pass the From Address for the @@FROM
token (a simple task)

All the auth script/prog as to do is return (in the @@RFILE) the appropriate AUTH string
according to the From name.

I've modified the code, but is too hard to test here - it will have to wait until tonight.


PM
Top
hschneider
Posted: Jan 14 2003, 09:57 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



I see. Is it right, that you have valid GMX accounts for the users that send mails from your system?
In that case your solution will fit. As long as the mails you send pass the server's verification, the only prob to be solved is to get in ...



--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
xenon
Posted: Jan 15 2003, 07:42 AM
Quote Post


Newbie
*

Group: Members
Posts: 15
Member No.: 420
Joined: 13-January 03



I'm getting somewhere, slowly.

1. I've modified SMTPUtils.cpp as previously described.

2. userauth/smpt/xxx.tab contains
"external"[TAB]"LOGIN"[TAB]"what-is-this-string-for?"[TAB]"script/progname"[TAB]"@@FROM"[TAB]"@@RFILE"

3. My script is called - and @@FROM is passed as my from address (xxx@xxx.xxx). I setup
my return file and this is where things stop working.

Debugging SMTPUtils.cpp, I see this is all to do with the format of the response file. Using
ethereal on a NetScape SMTP session, I see AUTH LOGIN is sent, then the encoded
username, then the encoded password. SMTPUtils.cpp only sends a single response. So
the question now is - what is the format of this "output response file" that the
documentation refers to?

If I were to use AUTH PLAIN, the same question - as both username & password have to
be sent.

Every seen examples of this "output response file"?

Another "funny" - my external auth script was being called with a from address of
"root@myinternaldomain" - I can look into that later.



PM
Top
hschneider
Posted: Jan 15 2003, 09:17 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Hi,

the example says:
CODE

    "external" "RSA-AUTH" "mysecret" "/usr/bin/myrsa-auth" "-c" "@@CHALL" "-s"=>
      "@@SECRT" "-f" "@@RFILE"


I think the => is a bug here. Try:

CODE

    "external" "RSA-AUTH" "mysecret" "/usr/bin/myrsa-auth" "-c" "@@CHALL" "-s" "@@SECRT" " -f" "@@RFILE"



--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
xenon
Posted: Jan 16 2003, 12:31 PM
Quote Post


Newbie
*

Group: Members
Posts: 15
Member No.: 420
Joined: 13-January 03



I think "external" isn't going to work. I'm not an expert on SMTP, but it seems to me that
xmail does dot correctly support "LOGIN". "PLAIN" should have been ok, but xmail
isn't calling my scipt - and of course xmail does not seem to log anything useful anywhere.
There isn't any useful information in the "documentation" about the format of the response
file either.

I've given up on using "external". What I've done is modify SMPTUtils.cpp to add a new
authentication type and add code to read in an authentication file - which contains a
list of external SMTP Usernames & Passwords for that particular SMTP server based on
the MAIL FROM address.

If anybody wants the code - and sample authentication files, I'm happy to supply.

eg:-

userauth/smtp/mail.gmx.de.tab contains
"gmx"[TAB]"mail.gmx.de.tab.auth"

userauth/smtp/mail.gmx.de.tab.auth contains
"localuser@localdomain"[TAB]"SMPTUserName"[TAB]"SMPTPassword"
"anotheruser@localdomain"[TAB]"AnotherUser"[TAB]"AnotherPass"

PM
Top
hschneider
Posted: Jan 16 2003, 01:13 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Fine, but isn't it too hard to maintain from release to release ?

For the format of the auth file, you should contact Davide directly. Maybe he's also interested in your modification. See http://xmailserver.org for contact details.




--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
xenon
Posted: Jan 16 2003, 01:31 PM
Quote Post


Newbie
*

Group: Members
Posts: 15
Member No.: 420
Joined: 13-January 03



From previous experience, I'd say the author isn't too interested in modifiications.
Once I have it fully working, I hope not to be making any software changes for a long time.
(It's Firewall/server/proxy for a small home network.)

PM
Top
hschneider
Posted: Jan 16 2003, 02:25 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



I see. If it's not too big, you can also enclose your mods in this thread inside CODE tags.
Would be nice example for other users here ...


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
xenon
Posted: Jan 17 2003, 01:16 PM
Quote Post


Newbie
*

Group: Members
Posts: 15
Member No.: 420
Joined: 13-January 03



Care must be taken with those .tab files. The [CR][LF] used on NT will cause problems
on Linux. In my case,

"SMTPuser"[TAB]"SMPTPass"[CR][LF]

this caused "SMPTPass"[CR] to be encoded as the response string send on AUTH PLAIN,
which was rejected by the SMTP server.

Since I was testing on NT and using for real on Linux, I was using some common files.
I wont do this in future - I'll make sure I keep two sets of completely independant
config files.

I'm also somewhat dismayed at the lack of log messages.


Attached File ( Number of downloads: 384 )
Attached File  SMTPUtils.cpp
PM
Top
hschneider
Posted: Jan 17 2003, 01:27 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Have you enabled logging with -Sl -Pl -Ll -Ql -Md ?


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
xenon
Posted: Jan 21 2003, 01:56 PM
Quote Post


Newbie
*

Group: Members
Posts: 15
Member No.: 420
Joined: 13-January 03



I have made the following code changes to xmail-1.11

1. Remove the password from the logs.
Easy to do, just small changes to CTRLSvr.cpp & POP3Svr.cpp (you can see where pszPassword is logged)

2. Receiving mail without domain.
Xmail rejects mails with Rcpt To:<name> as opposed to Rcpt To:<name@domain>
Mail is received either on SMTP port 25, or by placing a file directly in XMail's directory.
By default, your system may send mails to "root" and not "root@yourlocaldomain". XMail will reject those
even if you have defined an alias in "aliases.tab"
Two files need changing
a) LMAILSvr.cpp, function LMAILProcessList

///////////////////////////////////////////////////////////////////////////////
// Write "RCPT TO:"
///////////////////////////////////////////////////////////////////////////////

CODE

// (sometimes RCPT To:<name> is received without '@domain'. Add local domain name)
   char           szDomain[MAX_ADDR_NAME] = "";
   SVRCFG_HANDLE  hSvrConfig = SvrGetConfigHandle();
   if (SvrConfigVar("RootDomain", szDomain, sizeof(szDomain), hSvrConfig) == 0)
     {
      if (strchr(szSpoolLine, '@') == NULL)
        {
         char  szWork[MAX_SPOOL_LINE+25] = "";
         char *p1 = NULL;
         p1 = strchr(szSpoolLine, '>');
         if (p1 != NULL)
           {
            *p1 = 0;
            sprintf(szWork, "%s@%s>%s", szSpoolLine, szDomain, p1+1);
           }
         strcpy(szSpoolLine, szWork);
        }
      if (hSvrConfig != INVALID_SVRCFG_HANDLE)
        SvrReleaseConfigHandle(hSvrConfig);
     }

fprintf(pSpoolFile, "%s\r\n", szSpoolLine);

cool.gif SMTPSvr.cpp, function SMTPHandleCmd_RCPT

///////////////////////////////////////////////////////////////////////////////
// Check recipients count
///////////////////////////////////////////////////////////////////////////////

if (SMTPS.iRcptCount >= SMTPS.pSMTPCfg->iMaxRcpts)
{
if (SMTPLogEnabled(SMTPS.hShbSMTP, SMTPS.pSMTPCfg))
SMTPLogSession(SMTPS, SMTPS.pszFrom, "", "RCPT=ENBR", 0);
SMTPSendError(hBSock, SMTPS, "552 Too many recipients");
ErrSetErrorCode(ERR_SMTP_TOO_MANY_RECIPIENTS);
return (ERR_SMTP_TOO_MANY_RECIPIENTS);
}

CODE

/*
   For each name extracted from "Rcpt To:<name1, name2>", add the RootDomain as
   name@RootDomain for each name which does not have a domain.
*/
  int            iDomainCount = StrStringsCount(ppszFwdDomains);
  SVRCFG_HANDLE  hSvrConfig = SvrGetConfigHandle();
  char           szUserAndDomain[MAX_ADDR_NAME] = "";
  char           szDestDomain[MAX_ADDR_NAME] = "";

  if (SvrConfigVar("RootDomain", szDestDomain, sizeof(szDestDomain), hSvrConfig) != 0)
    {
     ErrorPush();

     if (SMTPLogEnabled(SMTPS.hShbSMTP, SMTPS.pSMTPCfg))
         SMTPLogSession(SMTPS, SMTPS.pszFrom, ppszFwdDomains[0], "RCPT=ESYNTAX", 0);

     SMTPSendError(hBSock, SMTPS, "451 Requested action aborted: (%d) local error in processing",
                   ErrorFetch());

     return (ErrorPop());
    }

  for (int n = 0; n < iDomainCount; n++)
    {
     if (strchr(ppszFwdDomains[n], '@') == NULL)
       {
        strcpy(szUserAndDomain, ppszFwdDomains[n]);
        strcat(szUserAndDomain, "@");
        strcat(szUserAndDomain, szDestDomain);
        SysFree(ppszFwdDomains[n]);
        ppszFwdDomains[n] = SysStrDup(szUserAndDomain);
       }
    }


I have also made many changes to produce some meaning log messages at the appropriate time, but these are
too numerous to repeat here.

PM
Top
hschneider
Posted: Jan 21 2003, 02:03 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Some cool hacks - thanks for the contrib! ;-)



--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | Documentation and Knowledge Base | Next Newest »

Closed TopicStart new topicStart Poll