Re: [9front] using smtp port 587

Re: [9front] using smtp port 587

[Steve Simon]

I would modify /lib/mail/remotemail adding a line somthing like this:

	echo  /bin/upas/smtp -d -h $fd $addr $sender $* > /mail/tmp/smtp.cli
	exec /bin/upas/smtp -d -h $fd $addr $sender $* >[2] /mail/tmp/smtp.err

The important fact is that /mail/tmp exists in smtp(1)'s namespace.

This way you can see exactly what is happening.

There are two ways to implement tls on for smtp. Either a fully encrypted session,
which plan9 does not support, or switching from a non-encrypted to an encrypted session
if both ends agree (which plan9 does support). This is the HELO -v- EHLO greetingthe latter switches to TLS.

you may need to ensure your plan9 supports tls1.2 if your smtp relays needs it,
9front has the fixes necessary.

The labs distribution has the lines to confirm the TLS thumbprint of the relay
commented out - it causes many problems in environments where the relay was 
implemenetd by several different servers. This may or may not be the case for your
distro. the wiki has details of how to get and save the thumbprint.


authentication of smtp is another issue, LOGIN and BASIC are very similar and quite
insecure without TLS. NEGOIATE is a special microsoft protocol and is not supported,
this leaves MD5 digest and machap which are chalange response and fairly secure.

smtp tries to use tls but can be forced to talk insecurely by command line options.

hope this helps,

-Steve

using smtp port 587

[kokamoto]

I'm now facing a mail problem, which is my mail provider is blocked by
sip.invaluement.local to send a mail to 9fans list.  Then, I cannot post
anything to 9fans...

I asked my provider, and got an answer that I have to change smtp port to 587,
which I cann't find a way to be able to use it on Plan 9.
Our porvider doesn't support ssl.

Does anyone have a solution to it.

Kenji

Re: [9front] using smtp port 587

[Stanley Lieber]

On Nov 30, 2016, at 11:41 PM, kokamoto@hera.eonet.ne.jp wrote:
> 
> I'm now facing a mail problem, which is my mail provider is blocked by
> sip.invaluement.local to send a mail to 9fans list.  Then, I cannot post
> anything to 9fans...
> 
> I asked my provider, and got an answer that I have to change smtp port to 587,
> which I cann't find a way to be able to use it on Plan 9.
> Our porvider doesn't support ssl.
> 
> Does anyone have a solution to it.
> 
> Kenji

Are you trying to send mail from your 9front system to an SMTP server on port 587?

Is SSL or TLS required?

sl

Re: [9front] using smtp port 587

[kokamoto]

> Are you trying to send mail from your 9front system to an SMTP server on port 587?
 yes

> Is SSL or TLS required?

No they don't support it.

Kenji

Re: [9front] using smtp port 587

[Stanley Lieber]

On Dec 1, 2016, at 12:10 AM, kokamoto@hera.eonet.ne.jp wrote:
> 
> 
>> Are you trying to send mail from your 9front system to an SMTP server on port 587?
> yes
> 
>> Is SSL or TLS required?
> 
> No they don't support it.
> 
> Kenji

I'm typing on a phone and I can't test this, but have you tried using a dial string in your remotemail file?

Something like:

tcp!hostname.com!587

Instead of the usual:

hostname.com

sl

Re: [9front] using smtp port 587

[kokamoto]

> Something like:
> 
> tcp!hostname.com!587
> 
> Instead of the usual:
> 
> hostname.com

No, it doen't work.
I suppose smtp auth should be neccessary...

Kenji

Re: [9front] using smtp port 587

[kokamoto]

> No, it doen't work.
> I suppose smtp auth should be neccessary...

/sys/log/smtp.fail says:
titan Dec  1 16:50:45 delivery to net!smtp.eonet.ne.jp failed: 554 5.7.1 Command rejected

Kenji

Re: [9front] using smtp port 587

[Stanley Lieber]

When I get some time I will verify and document a procedure in fqa7 and/or fqa8.

I think in this case Kenji is saying the host does not do encryption at all. The requirement for authentication has not to my knowledge been mentioned.

sl

Re: [9front] using smtp port 587

[Steve Simon]

I was confused as to what the problem was, and given the slow turn around time of emails
I thought it best to pass on more, rather than less information.

-Steve

Re: [9front] using smtp port 587

[kokamoto]

> I thought it best to pass on more, rather than less information.

Of course, thank you very much to pay attention to my problem.

My provider doesn't support tls/ssl for mail service.
They only support SMTP AUTH mechanism, which is
>authentication of smtp is another issue, LOGIN and BASIC are very similar and quite
>insecure without TLS. 

When I setup this new environment on my Ubuntu and macos, I was told
its not secure, DO YOU WANT TO CONTINUE... like that.
However, I have no choise to select, and said YES...

Is my smtp environment is rare?

Kenji

Re: [9front] using smtp port 587

[kokamoto]

I have now problem to send my username as kokamoto%hera.eonet.ne.jp.

eric's nupas has smtpcram() function to authenticate cram(CRAM-MD5) proto,
which is our provider supports.

It calls auth_respond() in the function, which calls auth_getkey() in libauth.a like:
auth_getkey -g 'proto=cram server=... user=kokamoto%hera.eonet.ne.jp !password?'.

Actually, It says:
!Adding key: proto=cram server=... user=kokamoto1.633937e-312ra.eonet.ne.jp
password:
In fact I see a line in /mnt/factotum/ctl as same as above prompt.

Here, '%he' is converted wrongly to '1.633937e-312'.
(the value of above line changes every time)
This is very strange...

When I call auth/factotum like:
auth/factotum -g 'proto=cram server=... user=kokamoto%hera.eonet.ne.jp !password?',
it writes an expected(=correct) line like:
Proto=cram server=... user=kokamoto%hera.eonet.ne.jp password?.

What's going on here?

Kenji

Re: [9front] using smtp port 587

[kokamoto]

> Here, '%he' is converted wrongly to '1.633937e-312'.

I added the lines in /sys/src/libauth/auth_respond.c like:
int
auth_respond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthGetkey *getkey, char *fmt, ...)
{

...

	if((a = auth_attr(rpc)) != nil
	&& (s = _strfindattr(a, "user")) != nil && strlen(s) < nuser)
		strcpy(user, s);
	else if(nuser > 0)
		user[0] = '\0';
/*  for testing K.Okamoto */						<======
	testfd=open("/usr/kokamoto/test", ORDWR);
	fprint(testfd, "user=%q¥n", user);
/* to here */									<======

...
}

Then,, I got the content of "user" as the same as that wrong conversion
of %he to '1.633937e-312'.

How do you think this?

Kenji

Re: [9front] using smtp port 587

[cinap_lenrek]

the first thing that auth_respond() does is to interpret the argument
after the getkey function pointer as a format string and render it out
with its arguments. this is where things go wrong when you pass literal
string in that contains % characters. given that erik already renders
everything out, and there should be no formats interpreted, he should
pass "%s" instead and the already formated string as the argument:

so in smtpcram():

	e = abuf + sizeof abuf;
	p = seprint(abuf, e, "proto=cram role=client server=%q", ds->host);
	if(user != nil)
		seprint(p, e, " user=%q", user);
-	n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, abuf);
+   n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, "%s", abuf);

... should fix it.

--
cinap

Re: [9front] using smtp port 587

[kokamoto]

Thank you very much, cinap.

> -	n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, abuf);
> +   n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, "%s", abuf);

Yes, it solved the user name of 'kokamoto%hera.eonet.ne.jp' problem.
I'm facing another problem which I should get answer by myself, though.
(My password dosn't send correctly...)

Kenji

PS. sorry my delay of respose.  I was off the line.

Re: [9front] using smtp port 587

[Steve Simon]

as i remember you need to add the password to your hostowner's secstore (probably bootes) as upas/send us run by hostowner.

-Steve


> On 11 Dec 2016, at 03:56, kokamoto@hera.eonet.ne.jp wrote:
> 
> Thank you very much, cinap.
> 
>> -    n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, abuf);
>> +   n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, "%s", abuf);
> 
> Yes, it solved the user name of 'kokamoto%hera.eonet.ne.jp' problem.
> I'm facing another problem which I should get answer by myself, though.
> (My password dosn't send correctly...)
> 
> Kenji
> 
> PS. sorry my delay of respose.  I was off the line.

Re: [9front] using smtp port 587

[kokamoto]

Thanks, steve.

> as i remember you need to add the password to your hostowner's secstore (probably bootes) as upas/send us run by hostowner.

As I'm using ci5dell 9front terminal and macos/windows/ubuntu drawterm at random.
When I use ci5dell 9front terminal, the hostowner is kokamoto, and mail authentication
user is kokamoto%hera,eonet.ne.jp.
I have secstore password for kokamoto, but not for kokamoto%hera.eonet.ne.jp.

When I use drawterm, the hostowner is glenda (this is 9front system:-), 
and mail authentication user is kokamoto%hera.eonet.ne.jp.
In this case, I have neither glenda's nor kokamoto%hera.eonet.ne.jp's secstore password.

However, in both case, I was asked from factoum to enter the password, then
I enter the paswword for kokamoto%hera.eonet.ne.jp user's password, which is
given from our provider.

At present, I have no success in both case.
I'll try further again and again using different situations.

Kenji

Re: [9front] using smtp port 587

[kokamoto]

I got success to send  submission mail using port 587.
I'm using eric's nupas on 9front system.

His nupas has smtpcram() function in smtp/smtp.c, which I'm
using now to connect to our MD5-CRAM protocol server.

The changed points are as follows:

1) /change the source of smtpcram() function in smtp/smtp.c like:
	n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, abuf);
===>
	n = auth_respond(ch, l, usr, sizeof usr, rbuf, sizeof rbuf, auth_getkey, "%s", abuf);

This was taught by cinap here.

	dBprint("%s\r\n", ch);
===>
	dBprint("%s\r\n", ebuf);

2) /mail/lib/rewrite
 at the last line to like:
# send all mail to the gateway or mail server, $smtp,  for delivery
([^!]*)!(.*) 		| 		"/mail/lib/qmail '\s' 'tcp!smtpauth.eonet.ne.jp!587'" "'\2@\1'"

3) /mail/lib/
   at the last line to like:
exec /bin/upas/smtp -a -i -h $fd -u kokamoto%hera.eonet.ne.jp $addr $sender $* 

I hope this may help someone.

Kenji

Re: [9front] using smtp port 587

[kokamoto]

I forgot the most important one.

I made secstore password at first for
key proto=cram server=smtpauth.eonet.ne.jp user=kokamoto%hera.eonet.ne.jp !password=xxxxx

Don't try to enter password at sending smtp mail!

The user name and password was given from our provider for pop3 mail.

Kenji

Re: [9front] using smtp port 587

[Steve Simon]

glad you got it sorted finally.

i am still struggling with sending email via davmail - a microsoft exchange gateway app,
what is most annoying is if i get the auth wrong more than 5 times it locks out my account (sigh)

uncle bill has a lot to answer for.

-Steve

> On 17 Dec 2016, at 06:23, kokamoto@hera.eonet.ne.jp wrote:
> 
> I forgot the most important one.
> 
> I made secstore password at first for
> key proto=cram server=smtpauth.eonet.ne.jp user=kokamoto%hera.eonet.ne.jp !password=xxxxx
> 
> Don't try to enter password at sending smtp mail!
> 
> The user name and password was given from our provider for pop3 mail.
> 
> Kenji

Re: [9front] using smtp port 587

[kokamoto]

> what is most annoying is if i get the auth wrong more than 5 times it locks out my account (sigh)

Hmmm, I think it's impossible to test changes...

Kenji