Jump to content


Computer Nerd Kev

Member Since 12 Jul 2014
Offline Last Active Jul 26 2020 09:33 AM
-----

Topics I've Started

[Solved] Non-SSL SMTP Port Requires SSL

25 July 2020 - 09:11 AM

Hello,

I've come to the conclusion that the non-SSL SMTP email port on Tommy doesn't actually work without SSL (aka TLS).

The background is that some of my Email software is old and when Tommy was upgraded after the crash, the new encryption libraries were no longer compatible with my old software. I've been slowly working to get that software working with a newer OpenSSL library, and making do until then in various ways.

I recently set up a new email account (using a unique password) for which security isn't very important, so I tried going unencrypted using the non-SSL port for SMTP (587 on Tommy). But it wouldn't work.

Long story short, the email server software isn't providing any authentication methods to the client unless STARTTLS is used to enable encryption.

Here I'm trying to connect without SSL:
 

<-- 220-tommy.heliohost.org ESMTP Exim 4.92 #2 Sat, 25 Jul 2020 05:38:10 +0000 
<-- 220-We do not authorize the use of this system to transport unsolicited, 
<-- 220 and/or bulk e-mail.
--> EHLO heliohost.org
<-- 250-tommy.heliohost.org Hello heliohost.org [1.136.169.170]
<-- 250-SIZE 52428800
<-- 250-8BITMIME
<-- 250-PIPELINING
<-- 250-STARTTLS
<-- 250 HELP
--> QUIT
<-- 221 tommy.heliohost.org closing connection
msmtp: the server does not support authentication
msmtp: could not send mail

 


Here's what it looks like talking unencrypted to another server where it does work properly (some info redacted):
 
 

<-- 220 [SERVERNAME] ESMTP Postfix (Ubuntu)
--> EHLO localhost
<-- 250-[SERVERNAME]
<-- 250-PIPELINING
<-- 250-SIZE 10240000
<-- 250-VRFY
<-- 250-ETRN
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN     <---- We don't get this on Tommy!
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-DSN
<-- 250 SMTPUTF8
--> AUTH PLAIN [ENCODED PASSWORD]  <---- It tells us that we can do this
<-- 235 2.7.0 Authentication successful
--> MAIL FROM:<[MY EMAIL ADDRESS]>
--> RCPT TO:<[RECEIVER'S EMAIL ADDRESS]>
--> DATA
<-- 250 2.1.0 Ok
<-- 250 2.1.5 Ok
<-- 354 End data with <CR><LF>.<CR><LF>
--> Date: Sat, 25 Jul 2020 15:14:05 +1000
[MESSAGE]
--> .
<-- 250 2.0.0 Ok: queued as 7C7FE3B25F1
--> QUIT
<-- 221 2.0.0 Bye

 


Here I'm back with Tommy using another client where the SSL is new enough to work, and STARTTLS is enabled (this is still on the non-SSL port 587):
 
 

* Connecting to SMTP server: mail.ombertech.com ...
[17:02:20] SMTP< 220-tommy.heliohost.org ESMTP Exim 4.92 #2 Sat, 25 Jul 2020 06:56:29 +0000 
[17:02:20] SMTP< 220-We do not authorize the use of this system to transport unsolicited, 
[17:02:20] SMTP< 220 and/or bulk e-mail.
[17:02:20] ESMTP> EHLO The-Overheating-Giant
[17:02:20] ESMTP< 250-tommy.heliohost.org Hello The-Overheating-Giant [1.136.166.92]
[17:02:20] ESMTP< 250-SIZE 52428800
[17:02:20] ESMTP< 250-8BITMIME
[17:02:20] ESMTP< 250-PIPELINING
[17:02:20] ESMTP< 250-STARTTLS
[17:02:20] ESMTP< 250 HELP
[17:02:20] ESMTP> STARTTLS
[17:02:21] ESMTP< 220 TLS go ahead
* SSL certificate of mail.ombertech.com previously accepted
[17:02:21] ESMTP> EHLO The-Overheating-Giant
[17:02:21] ESMTP< 250-tommy.heliohost.org Hello The-Overheating-Giant [1.136.166.92]
[17:02:21] ESMTP< 250-SIZE 52428800
[17:02:21] ESMTP< 250-8BITMIME
[17:02:21] ESMTP< 250-PIPELINING
[17:02:21] ESMTP< 250-AUTH PLAIN LOGIN   <---- Now Tommy talks about AUTH, but only after STARTTLS has enabled TLS/SSL
[17:02:22] ESMTP< 250 HELP
[17:02:22] ESMTP> AUTH PLAIN ********
[17:02:22] ESMTP< 235 Authentication succeeded
[17:02:22] SMTP> MAIL FROM:<[MY EMAIL ADDRESS]>
[17:02:22] SMTP< 250 OK
[17:02:22] SMTP> RCPT TO:<[RECEIVER'S EMAIL ADDRESS]>
[17:02:22] SMTP< 250 Accepted
[17:02:22] SMTP> DATA
[17:02:23] SMTP< 354 Enter message, ending with "." on a line by itself
[17:02:23] SMTP> . (EOM)
[17:02:23] SMTP< 250 OK id=1jzE6i-000PnH-MD
[17:02:23] SMTP> QUIT
[17:02:24] SMTP< 221 tommy.heliohost.org closing connection

 


In that same client if I disable STARTTLS it fails like on the other system. Here though I can force it to attempt the AUTH command even though no AUTH methods are provided by the server, but the server won't accept that:
 
 

* Connecting to SMTP server: mail.ombertech.com ...
[16:31:38] SMTP< 220-tommy.heliohost.org ESMTP Exim 4.92 #2 Sat, 25 Jul 2020 06:25:47 +0000 
[16:31:38] SMTP< 220-We do not authorize the use of this system to transport unsolicited, 
[16:31:38] SMTP< 220 and/or bulk e-mail.
[16:31:38] ESMTP> EHLO The-Overheating-Giant
[16:31:38] ESMTP< 250-tommy.heliohost.org Hello The-Overheating-Giant [1.136.169.176]
[16:31:38] ESMTP< 250-SIZE 52428800
[16:31:38] ESMTP< 250-8BITMIME
[16:31:38] ESMTP< 250-PIPELINING
[16:31:38] ESMTP< 250-STARTTLS
[16:31:38] ESMTP< 250 HELP
[16:31:38] ESMTP> AUTH PLAIN ********
[16:31:38] ESMTP< 503 AUTH command used when not advertised     <---- Tommy knows when I'm trying to cheat
** LibSylph-WARNING: [16:31:38] error occurred on SMTP session

** error occurred on SMTP session
** Sylpheed-WARNING: send: error: 503 AUTH command used when not advertised

** LibSylph-WARNING: [16:31:38] Error occurred while sending the message.

** Error occurred while sending the message.

 
The intended SSL Port 465 works fine, if the client's encryption library is new enough. Perhaps port 587 is actually supposed to only work with STARTTLS and therefore SSL, even though the CPanel info suggests differently. So if it's intentional I'll go away with my tail between my legs and try to wrestle my old systems into the modern encrypted world (which I'm working on anyway). If it's a mistake in Exim's configuration though, I'd be glad to see it fixed.
 
PS. No my current ISP doesn't have an authentication-free SMTP server available to customers, which I could use for sending by using my Heliohost-hosted email address in the "From:" header.


Server Ports on Wiki

25 July 2020 - 07:42 AM

Hello,

 

I notice that there's a new (since I last checked) wiki. Trouble is that it seems to be missing the one thing that I always checked the wiki for, which was the table of server ports for connecting over SFTP and similar protocols.

 

I found the specific port number that I was after by looking in the configuration of another PC, but for the future I'd really like that info restored on the Wiki, and I think I'll save a copy this time - the Wayback Machine didn't even capture it!


[Solved] Account Inactivity Immunity Lost

28 May 2020 - 07:41 AM

Hello,

 

I donated during the fundraiser for the Lilly server and even though the terms for that don't seem to be online anymore, I believe I received 4 months inactivity immunity.

 

It was apparantly restored after I was moved from Ricky back to Tommy after the hardware failure in this thread:

https://www.helionet...ve/#entry164633

 

My account just got locked out after what I'm pretty sure was more like one month. Could someone check the setting for this again please?

 

Thanks.