external relay authentication bug
Hi,
I’m using outbound mail relay (I use both mail in + out services from Dynu as my ISP blocks port 25). I’m a longtime user of Poste.io but now my ISP has altered their smtp authentication mechanism. Logging on is not enough. I can’t use my own maildomain anymore. Since then I’m trying to configure poste.io’s outbound mail relay with the Dynu service.
Anyway, after a lot of analysis, I found that the AUTH PLAIN user+password hash is this
echo -ne “user\0user\0pass” | base64
while it should be
echo -ne “\0user\0pass” | base64
the result is posted in /data/log/s6/haraka-submission/current
I’ve doublechecked everything with telnet.
This seems like a bug. For me, this is critical. I can only receive mails, at the moment.
Can I change the authentication mechanism via haraka config?
Comments (5)
-
reporter -
repo owner It is not bug, but maybe it should not send first part...
Hash is right, string is defined at https://www.rfc-editor.org/rfc/rfc4616.html#section-2
You can try temporarily edit string at container following line: https://github.com/haraka/Haraka/blob/bb639db0dffab25adf179b9880de6a94b10bff11/outbound/hmail.js#L563
sudo docker exec -ti container nano /usr/lib/node_modules/Haraka/outbound/hmail.js
sudo docker exec -ti container pkill node… and test
Please let me know if this works, I will try to push PR to Haraka upstream
-
reporter As SMTP expects \0user\0pass, I would really think this is a haraka bug.
I’ll test this rightaway and let you know.ok, this works.
My two cents: add possibility to add a separate volume for
- roundcube
- harakaIt’s what I did now, as a workaround: I hardcoded the external relay in roundcube and my mailclients use the external relay as direct smtp.
https://forums.unraid.net/topic/129885-godaddy-domaindns-traefik-posteio-own-mailserver-isp-blocking-port-25-dynamic-ip/#comment-1182535Secondly: thanks for poste.io. I’m using it for 10 years now.
-
repo owner Actually according RFC it is identity\0user\0pass. I admit that “authorization identity” is something that should not be hardcoded but also it should be ignored at destination side (afaik no one really use it anyway). I’ve sent PR to Haraka and we will see…
-
repo owner - changed status to resolved
Please try latest version, should be ok by now
- Log in to comment
When I do not use roundcube, and configure poste.io on 993/imaps (behind traefik as reverse proxy with traefik letsencrypt certificates & https redirect) + the outbound relay directly in thunderbird, there is no problem.