1. SH Avatar SH
  2. Untitled project
  3. MailServer
  4. Issues

external relay authentication bug

Issue #961 resolved
Tim Chaubet created an issue

Hi,

I’m using outbound mail relay (I use both mail in + out services from Dynu as my ISP blocks port 25). I’m a longtime user of Poste.io but now my ISP has altered their smtp authentication mechanism. Logging on is not enough. I can’t use my own maildomain anymore. Since then I’m trying to configure poste.io’s outbound mail relay with the Dynu service.

Anyway, after a lot of analysis, I found that the AUTH PLAIN user+password hash is this

echo -ne “user\0user\0pass” | base64

while it should be

echo -ne “\0user\0pass” | base64

the result is posted in /data/log/s6/haraka-submission/current
I’ve doublechecked everything with telnet.

This seems like a bug. For me, this is critical. I can only receive mails, at the moment.
Can I change the authentication mechanism via haraka config?

Comments (5)

  1. Tim Chaubet reporter

    When I do not use roundcube, and configure poste.io on 993/imaps (behind traefik as reverse proxy with traefik letsencrypt certificates & https redirect) + the outbound relay directly in thunderbird, there is no problem.

  2. SH repo owner

    It is not bug, but maybe it should not send first part...

    Hash is right, string is defined at https://www.rfc-editor.org/rfc/rfc4616.html#section-2

    You can try temporarily edit string at container following line: https://github.com/haraka/Haraka/blob/bb639db0dffab25adf179b9880de6a94b10bff11/outbound/hmail.js#L563

    sudo docker exec -ti container nano /usr/lib/node_modules/Haraka/outbound/hmail.js
    sudo docker exec -ti container pkill node

    … and test

    Please let me know if this works, I will try to push PR to Haraka upstream

  3. Tim Chaubet reporter

    As SMTP expects \0user\0pass, I would really think this is a haraka bug.
    I’ll test this rightaway and let you know.

    ok, this works.

    My two cents: add possibility to add a separate volume for
    - roundcube
    - haraka

    It’s what I did now, as a workaround: I hardcoded the external relay in roundcube and my mailclients use the external relay as direct smtp.
    https://forums.unraid.net/topic/129885-godaddy-domaindns-traefik-posteio-own-mailserver-isp-blocking-port-25-dynamic-ip/#comment-1182535

    Secondly: thanks for poste.io. I’m using it for 10 years now.

  4. SH repo owner

    Actually according RFC it is identity\0user\0pass. I admit that “authorization identity” is something that should not be hardcoded but also it should be ignored at destination side (afaik no one really use it anyway). I’ve sent PR to Haraka and we will see…

  6. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!