Re: msmtp Questions
Quoting Martin G. McCormick (martin@server1.shellworld.net):
> David Wright writes:
> > > Supported authentication methods:
> > > PLAIN LOGIN
> >
> > I see no encryption here. I think this is why it is telling you that
> > it "cannot use a secure authentication method". I wrote "You might
> > want to check out port 587 but I think you'll be disappointed"
> > just this morning. As I wrote there, you should try port 465.
>
> I'd like to tell you it is working but you are right about the
> port. I tried your suggestion but turned off starttls this time
> as starttls turned on causes a short hang followed by a message
> stating that starttls won't work.
That's right. Starttls can't work on port 465 because starttls starts
in plaintext and then, as the name suggests, starts encryption
whereas port 465 is encrypted from the start.
> I freely admit I do not understand the fine details of
> TLS other than it is a trust system based on certificates and
> you get end-to-end encryption of the session. Here's how this
> session went. I assume the text came encrypted with TLS. The
> lines now have a carriage return after them. Since I piped all
> output to a file, the standard error came in first.
>
> msmtp: authentication failed (method PLAIN)
> msmtp: server message: 535 Authentication failed
> msmtp: could not send mail (account default from /home/martin/.msmtprc)
> loaded system configuration file /etc/msmtprc
> loaded user configuration file /home/martin/.msmtprc
> using account default from /home/martin/.msmtprc
> host = smtp.suddenlink.net
> port = 465
> timeout = off
> protocol = smtp
> domain = localhost
> auth = choose
I would set this to plain (though I'd be surprised if any other choice
was made).
> user = martin.m@suddenlink.net
> password = *
> passwordeval = eval
↑↑↑↑
I don't think you want this. As far as I know this would be the name
of a script which, when run, emits your password in the clear. But I
assume you've just specified that in the previous line, as in
password = 'this is my password in the clear'
> ntlmdomain = (not set)
> tls = on
> tls_starttls = off
> tls_trust_file = /etc/ssl/certs/ca-certificates.crt
> tls_crl_file = (not set)
> tls_fingerprint = (not set)
> tls_key_file = (not set)
> tls_cert_file = (not set)
> tls_certcheck = on
> tls_force_sslv3 = off
> tls_min_dh_prime_bits = (not set)
> tls_priorities = (not set)
> auto_from = off
> maildomain = (not set)
> from = martin.m@suddenlink.net
> dsn_notify = (not set)
> dsn_return = (not set)
> keepbcc = off
> logfile = /home/martin/.msmtp.log
> syslog = LOG_MAIL
> aliases = (not set)
> reading recipients from the command line
> TLS certificate information:
> Owner:
> Common Name: *.suddenlink.net
> Organization: Suddenlink Communications
>
> snip
>
> >From the server:
>
> <-- 220 txofep01.suddenlink.net ESMTP server (InterMail vM.8.04.03.20 201-2389-100-164-20150330) ready Sat, 18 Jul 2015 06:45:58 -0500
> --> EHLO localhost
> <-- 250-txofep01.suddenlink.net
> <-- 250-HELP
> <-- 250-XREMOTEQUEUE
> <-- 250-ETRN
> <-- 250-AUTH=LOGIN PLAIN
> <-- 250-AUTH LOGIN PLAIN
> <-- 250-PIPELINING
> <-- 250-DSN
> <-- 250-8BITMIME
> <-- 250 SIZE 52428800
>
> The password
>
> --> AUTH PLAIN (encoded to end of line)
> <-- 535 Authentication failed
>
> I see what msmtp means about the password. I bet the
> encoded string is the base64 password you mentioned.
Obviously, don't show me the AUTH PLAIN encoded string. But take a
look at it and see if it exactly corresponds to the string that you
can generate with that command I posted earlier:
$ echo -e -n '\0martin.m@suddenlink.net\0SECRET' | base64
AG1hcnRpbi5tQHN1ZGRlbmxpbmsubmV0AFNFQ1JFVA==
In other words, replace SECRET with your password and check that the
output of this command is exactly what msmtp says that it sent to the
server. If "passwordeval eval" does what I think it does, you may well
find that msmtp sent AG1hcnRpbi5tQHN1ZGRlbmxpbmsubmV0AA== instead.
Cheers,
David.
Reply to: