Jump to content
halalabu

SMTP Authentication

Recommended Posts

Hi Folks,

 

I'm having trouble getting emails flowing from Snom. I have tested this account from other mail programs and webmail and everything works just fine, but I can't get it to work inside Snom. Please see attached screenshots of log files. Trying to send through a mail server on OS X 10.7 Lion. Any ideas? Thanks so much.

 

Hal

 

Here is my snom config:

 

post-21010-0-06262000-1337627336_thumb.png

 

Here is my snom log file after trying to send a message:

 

post-21010-0-17448000-1337627329_thumb.png

 

And here is my server mail log after trying to send a message:

 

post-21010-0-89164500-1337627322_thumb.png

Share this post


Link to post
Share on other sites

On many servers, the account name must include the domain name (e.g. voicemail@alabu.com); not sure if that is the problem here as the server seems to be local.

The PBX probably does not accept the certificate from the email server. You can either import the certificate into the PBX or disable TLS in the Encryption dropdown.

Share this post


Link to post
Share on other sites

On many servers, the account name must include the domain name (e.g. voicemail@alabu.com); not sure if that is the problem here as the server seems to be local.

The PBX probably does not accept the certificate from the email server. You can either import the certificate into the PBX or disable TLS in the Encryption dropdown.

 

I tried changing the username with no luck. I also tried adding the security certificate (the same one I have on the mail server), however when I I click "save", the PBX does not save. It just kicks me back to the same screen with the field blanked out. Am I doing something wrong in adding the security certificate? (Disabling TLS is not an option as this server requires it). Thanks.

 

Hal

Share this post


Link to post
Share on other sites

I also tried adding the security certificate (the same one I have on the mail server), however when I I click "save", the PBX does not save. It just kicks me back to the same screen with the field blanked out. Am I doing something wrong in adding the security certificate?

 

Certificates are unfortunately not an easy topic. You need to import the Root CA for that certificate (the one that signed the cert for the email server), in base64-encoded format. This starts with ----BEGIN CERTIFICATE--- and ends with -----END CERTIFICATE----. At the bottom of the import dialog, there is a select box, there you have to select certificate for server authentication. Please the field for the private key empty. Then the certificate should show up on the list of trusted Root CA (see http://wiki.snomone.com/index.php?title=Certificates).

Share this post


Link to post
Share on other sites

Certificates are unfortunately not an easy topic. You need to import the Root CA for that certificate (the one that signed the cert for the email server), in base64-encoded format. This starts with ----BEGIN CERTIFICATE--- and ends with -----END CERTIFICATE----. At the bottom of the import dialog, there is a select box, there you have to select certificate for server authentication. Please the field for the private key empty. Then the certificate should show up on the list of trusted Root CA (see http://wiki.snomone.com/index.php?title=Certificates).

 

Thanks for the help article. I followed the correct procedure (I think), but Snom just seems to refuse to save my certificate. Here I've pasted my certificate in:

 

post-21010-0-83389000-1337696661_thumb.png

 

And immediately after saving, I'm just returned to the same screen. The certificate doesn't add. Am I doing something wrong?

 

Thanks,

Hal

Share this post


Link to post
Share on other sites

Hmm. That looks good. Can you send me a private message with the base64-encoded certificate? Then we can try out to see what is wrong.

Share this post


Link to post
Share on other sites

Ok so I just upgraded to the latest version (i was on 4.3x), still no ability to save the security certificate. Is there an alternate way to add a security certificate? I see there are a couple of XML files and an index file in the certificate directory. Can I just add an XML file? If so, can someone send me the surrounding XML data for the type of certificate I'm trying to create?

 

Thanks so much,

Hal

Share this post


Link to post
Share on other sites

We tried it here and it did work. We could see the certificate in the list. Hard to say what the problem is... Maybe the browser has a problem to encode such a "long" packet?! Yes, you can try to edit one of the XML files and see if that way you can get it in. Also, double check if you have accidentially modified the reg_certifiate.htm web page in the web page control panel.

Share this post


Link to post
Share on other sites

We tried it here and it did work. We could see the certificate in the list. Hard to say what the problem is... Maybe the browser has a problem to encode such a "long" packet?! Yes, you can try to edit one of the XML files and see if that way you can get it in. Also, double check if you have accidentially modified the reg_certifiate.htm web page in the web page control panel.

 

Ahhh ok. Turns out the certificate adds from Chrome but not Safari. I even downloaded the certificate and looked at it in keychain access and the certificate shows as a trusted, signed, valid, cert. Anyway, it's still not working, this is what I'm seeing in my log file. I really can't figure this out because I've tested this user name and password from other programs and it works fine. Any ideas?

 

[0] 2012/05/23 13:45:20: Last message repeated 4 times

[8] 2012/05/23 13:45:20: SMTP: Connect to 10.0.0.202:465

[5] 2012/05/23 13:45:20: SMTP: Connection refused on 10.0.0.202:465

[0] 2012/05/23 13:45:24: load: Index domain not set, check {ssi load domains} in dom_logfile.htm

[8] 2012/05/23 13:45:25: SMTP: Connect to 10.0.0.202:465

[5] 2012/05/23 13:45:25: SMTP: Connection refused on 10.0.0.202:465

[0] 2012/05/23 13:45:26: load: Index domain not set, check {ssi load domains} in dom_logfile.htm

[0] 2012/05/23 13:45:30: Last message repeated 4 times

[8] 2012/05/23 13:45:30: SMTP: Connect to 10.0.0.202:465

[5] 2012/05/23 13:45:30: SMTP: Connection refused on 10.0.0.202:465

Share this post


Link to post
Share on other sites

Okay, one step closer...

 

So I assume that port 465 is the right one? The connection refused suggests that there is something wrong with the port number... You can also set TLS logging to log level 9, to see what is going on on the SSL level. There should be some handshake messages going back and forth.

Share this post


Link to post
Share on other sites

Okay, one step closer...

 

So I assume that port 465 is the right one? The connection refused suggests that there is something wrong with the port number... You can also set TLS logging to log level 9, to see what is going on on the SSL level. There should be some handshake messages going back and forth.

 

Hmmmm ok. 465 is the default and is working with other programs. Apple mail uses 587, so that is opened up as well, but no luck there either. I have all logging levels at 0 except for SMTP and TLS at 9. Here is what I'm seeing:

 

[8] 2012/05/23 14:12:49: SMTP: Connect to 69.193.16.105:465

[9] 2012/05/23 14:12:49: SMTP mail.alabu.com: send_client_hello(03014fbd28a106fae3b87714d7036a00c5b23f68191f6b7f1f40e9c5acd2113ea528000004000400050100)

[5] 2012/05/23 14:12:49: SMTP: Connection refused on 69.193.16.105:465

[8] 2012/05/23 14:12:54: SMTP: Connect to 69.193.16.105:587

[9] 2012/05/23 14:12:54: SMTP mail.alabu.com:587: send_client_hello(03014fbd28a66056a75f7ff3bf95123adb10a13eebe2677de5c0fc5ddaed191f335e000004000400050100)

[5] 2012/05/23 14:14:54: SMTP: Timeout

 

Interestingly it gets refused on 465, but times out on 587 (I know for a fact both of those are forwarded on the firewall). Come to think of it, they are forwarded on TCP only, could Snom be trying to use a UDP connection?

 

Thanks again,

Hal

Share this post


Link to post
Share on other sites

Interestingly, when I change the encryption type to automatic, I get this:

 

[8] 2012/05/23 14:28:48: SMTP: Connect to 69.193.16.105:25

[8] 2012/05/23 14:28:48: SMTP: Received 220 services.alabu.com ESMTP Postfix

[8] 2012/05/23 14:28:48: SMTP: Send EHLO localhost

[8] 2012/05/23 14:28:48: SMTP: Received 250-services.alabu.com

250-PIPELINING

250-SIZE 52428800

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN CRAM-MD5

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250-DSN

250-BINARYMIME

250 CHUNKING

[8] 2012/05/23 14:28:48: SMTP: Send STARTTLS

[8] 2012/05/23 14:28:48: SMTP: Received 220 2.0.0 Ready to start TLS

[9] 2012/05/23 14:28:48: SMTP mail.alabu.com: send_client_hello(03014fbd2c60249a7d868e42cc110c4be6f7a4aeba433d3c0fc1d33c244a566985f7000004000400050100)

[8] 2012/05/23 14:28:48: SMTP: Send EHLO localhost

[9] 2012/05/23 14:28:48: SMTP mail.alabu.com: process_server_hello(03014fbd2c60ffdf2a9b918e5525255ce347fabed44a7840a43c67f1a2382504e7c5205ea9088e7debff9aa69d88b6f2c1a8d41f621e69e2dfaee89cfe55410d72c425000400)

[9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] process_certificate(000eac0005bd308205b9308204a1a00302…. ------- I CUT THIS PART OUT, IT'S REALLY LONG -------

[4] 2012/05/23 14:28:48: Certificate for Go Daddy Class 2 Certification Authority not available

[9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] send_alert(022b)

[9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] process_server_hello_done()

[9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] send_alert(0230)

[5] 2012/05/23 14:28:48: SMTP: Connection refused on 69.193.16.105:25

Share this post


Link to post
Share on other sites

Import the following certificate (available from https://certs.godaddy.com/anonymous/repository.seam):

 

 

-----BEGIN CERTIFICATE-----

MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh

MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE

YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3

MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo

ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg

MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN

ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA

PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w

wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi

EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY

avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+

YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE

sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h

/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5

IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj

YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD

ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy

OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P

TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ

HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER

dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf

ReYNnyicsbkqWletNw+vHX/bvZ8=

-----END CERTIFICATE-----

Share this post


Link to post
Share on other sites

Import the following certificate (available from https://certs.godadd...repository.seam):

 

 

-----BEGIN CERTIFICATE-----

MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh

MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE

YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3

MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo

ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg

MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN

ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA

PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w

wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi

EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY

avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+

YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE

sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h

/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5

IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj

YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD

ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy

OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P

TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ

HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER

dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf

ReYNnyicsbkqWletNw+vHX/bvZ8=

-----END CERTIFICATE-----

Thank you for that. I think we're getting somewhere. Now it seems it's saying authentication failed? Thanks so much for your help. See log below:

 

[8] 2012/05/23 16:44:46: SMTP: Received 535 Error: authentication failed

[5] 2012/05/23 16:44:46: SMTP Server returned 535

[8] 2012/05/23 16:44:46: SMTP: Connect to 69.193.16.105:25

[8] 2012/05/23 16:44:46: SMTP: Received 220 services.alabu.com ESMTP Postfix

[8] 2012/05/23 16:44:46: SMTP: Send EHLO localhost

[8] 2012/05/23 16:44:46: SMTP: Received 250-services.alabu.com

250-PIPELINING

250-SIZE 52428800

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN CRAM-MD5

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250-DSN

250-BINARYMIME

250 CHUNKING

[8] 2012/05/23 16:44:46: SMTP: Send STARTTLS

[8] 2012/05/23 16:44:46: SMTP: Received 220 2.0.0 Ready to start TLS

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: send_client_hello(03014fbd4c3e8d7bef50e9c137a193c8449dcd5d505a5aecb508b05ddbb9b8e0a53c000004000400050100)

[8] 2012/05/23 16:44:46: SMTP: Send EHLO localhost

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: process_server_hello(03014fbd4c3e8f30abfc8156707fdf7e17d992c1e8971c894c0d433f19cb07e4788b201e8d60fb3e22a35a5c72a8b081cd35ac06a1ee391536218b031da2f209518b6a000400)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_certificate(000eac0005bd30…… removed this for brevity

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_server_hello_done()

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] rsa_n(ad526a4c6a2a25827ca1a41ad2d80529c35b8f65ffe72095f3f8dc65abf74a849472341f6c2413be000149556542ba4af46895e816b1460cd41aac40b697f16ebdb30354f62366e3f4987205c6a4c888bd2866c6851c5452ca70234a6281666cd69c625ab27895dd54f8dfa54cd265b9435192db7a01f87823c485a3ff31a3e8e8b89d2d8e4da20cd3caa7114a732e81e9b62af483acf4d56446b1adeef1d67873630ec6bce6864e91a8faa6b2f6e98e9d3e77c2f33e9081fce04d4642b2ab2f2f828748db243a351bc92f86d671e1d4caa3596cd5c8648be254f830b84d518baff1acced82d62abe0e628c9591b3d8c7aadf0d116a2d3be9f0e28158f3a1033)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] rsa_e(010001)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Pre Master Secret(03016120f00fbd306235d2aa05d66283378c5585c569baf08971c9da720cbf57807b65b3f3070917537d72711f1b08bc)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Block Padded(00026e22222f5cb4d3eaab081b352b77442eda4eb69c900d5a5b7da65ea125e68e24e4f248b82e062e89593283e3c9eb8b90bef90934313a4ff72cf7a75e415a0190ddf00d84578639a66625dc3e94649002a5c3f5019e7b79a43db32943bdd7adf2768a9d6a821b96d1658d78cc37574260dc4d36aeaae494386a5a7f07931ddfb260f6a0477e0ab4920bf2a5bbfdd690d816d25e5aad6259e67fe3f61245ed7e235c9e668b62bf77c13e3a725563fe6738d8e98f858a8d1774cd8021482b75bc63cf685ca826350630b15775d7290003016120f00fbd306235d2aa05d66283378c5585c569baf08971c9da720cbf57807b65b3f3070917537d72711f1b08bc)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Encrypted Pre Master(9482817e2d45abd4d58abc7e094e60cfcb843852457e85614593c01869ca0cb69c9aaa2eddb0db4e7486e30520e3941234d395d96bb4866646e706bcadeb45fcb1fe0f08e3c457ef793383a96e2c8f27b131fa7b38f9f4f954c6ad628475768b4fe695f97bbdb258eab4eef19c994d774795ff9f989bc7593ed8423bfffa7d93f14a4644dc26dc75297e8b424909bd40f9d4a589308299df3aa1c8b88227c2427d457fb7035a7b7ee0c59583a3081789351231a129d7378d15175164a62a05c10b108c0ee0d8556e407a56e780ebf89bc34164a87c4a45f78f418cb4423d656ca42fb796441455b4e08bbd6077c5b23dcba34e9a36642b08d97c4e0feb0ea083)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Client Random(4fbd4c3e8d7bef50e9c137a193c8449dcd5d505a5aecb508b05ddbb9b8e0a53c)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Server Random(4fbd4c3e8f30abfc8156707fdf7e17d992c1e8971c894c0d433f19cb07e4788b)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Master Secret(babca53700ed80dc64b4bc34a4e311e21bc23296b45af2b307ed63ae05f8b3b69396f92945dd1978b33fa1b5dcde8838)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] send_client_key_exchange(01009482817e2d45abd4d58abc7e094e60cfcb843852457e85614593c01869ca0cb69c9aaa2eddb0db4e7486e30520e3941234d395d96bb4866646e706bcadeb45fcb1fe0f08e3c457ef793383a96e2c8f27b131fa7b38f9f4f954c6ad628475768b4fe695f97bbdb258eab4eef19c994d774795ff9f989bc7593ed8423bfffa7d93f14a4644dc26dc75297e8b424909bd40f9d4a589308299df3aa1c8b88227c2427d457fb7035a7b7ee0c59583a3081789351231a129d7378d15175164a62a05c10b108c0ee0d8556e407a56e780ebf89bc34164a87c4a45f78f418cb4423d656ca42fb796441455b4e08bbd6077c5b23dcba34e9a36642b08d97c4e0feb0ea083)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] send_change_cipher_spec(01)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] perform_change_cipher_spec(0004)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Key Block(07eeb8ee7f96f59c627691b9ea7ed8d2d4d592fae6ff030d74e3ac6c82918906d83a53db9b59585b7df019ba3192880229fd26fb0b5c1e5dea8a0d39863b2d973bdc3e9fdc2be2b1)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Client Write MAC Secret(07eeb8ee7f96f59c627691b9ea7ed8d2)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Server Write MAC Secret(d4d592fae6ff030d74e3ac6c82918906)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Client Write Key(d83a53db9b59585b7df019ba31928802)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Server Write Key(29fd26fb0b5c1e5dea8a0d39863b2d97)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] send_finished(33bef80150ee1bd431bc8c1b)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_change_cipher_spec(01)

[9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_finished(0eb0249bef4d1e23d1270597)

[8] 2012/05/23 16:44:46: SMTP: Received 250-services.alabu.com

250-PIPELINING

250-SIZE 52428800

250-VRFY

250-AUTH LOGIN PLAIN CRAM-MD5

250-ETRN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250-DSN

250-BINARYMIME

250 CHUNKING

[8] 2012/05/23 16:44:46: SMTP: Send AUTH PLAIN dm9pY2AtYWlsAHJDsjghdFdfgFfkjSJSJHhjSAS=F

Share this post


Link to post
Share on other sites

Okay, now we are talking secure...

 

So are you sure your username is voicemail, and not voicemail@mail.alabu.com? If you have other clients working, that should be easy to figure out. Also, did you double check the password?

 

For PLAIN authentication, it is possible to have authorization identity and authentication identity different (though the PBX does not support that difference). Could this be the problem? Any log from the mail server?

 

I think we are close.

Share this post


Link to post
Share on other sites

Okay, now we are talking secure...

 

So are you sure your username is voicemail, and not voicemail@mail.alabu.com? If you have other clients working, that should be easy to figure out. Also, did you double check the password?

 

For PLAIN authentication, it is possible to have authorization identity and authentication identity different (though the PBX does not support that difference). Could this be the problem? Any log from the mail server?

 

I think we are close.

 

Alright, got the security part squared away now. Great! (and thanks!). I tried alternate usernames voicemail@alabu.com and voicemail@mail.alabu.com with no luck. I added this account to apple mail, and it works fine (screenshots of configuration are attached).

 

Also, here is what the log file on my server looks like:

 

May 24 09:13:28 services postfix/postscreen[4585]: CONNECT from [10.0.0.202]:53907

May 24 09:13:28 services postfix/postscreen[4585]: WHITELISTED [10.0.0.202]:53907

May 24 09:13:28 services postfix/smtpd[5122]: connect from services.alabu.com[10.0.0.202]

May 24 09:13:28 services postfix/smtpd[5122]: error: CF: user voicemail: Credentials could not be verified, username or password is invalid.

May 24 09:13:28 services postfix/smtpd[5122]: warning: services.alabu.com[10.0.0.202]: SASL PLAIN authentication failed

May 24 09:13:28 services postfix/smtpd[5122]: lost connection after AUTH from services.alabu.com[10.0.0.202]

May 24 09:13:28 services postfix/smtpd[5122]: disconnect from services.alabu.com[10.0.0.202]

May 24 09:13:28 services postfix/postscreen[4585]: CONNECT from [10.0.0.202]:53909

May 24 09:13:28 services postfix/postscreen[4585]: WHITELISTED [10.0.0.202]:53909

May 24 09:13:28 services postfix/smtpd[5122]: connect from services.alabu.com[10.0.0.202]

May 24 09:13:28 services postfix/smtpd[5122]: error: CF: user voicemail: Credentials could not be verified, username or password is invalid.

May 24 09:13:28 services postfix/smtpd[5122]: warning: services.alabu.com[10.0.0.202]: SASL PLAIN authentication failed

May 24 09:13:28 services postfix/smtpd[5122]: lost connection after AUTH from services.alabu.com[10.0.0.202]

May 24 09:13:28 services postfix/smtpd[5122]: disconnect from services.alabu.com[10.0.0.202]

 

No idea why this is happening. Any ideas? Thanks again.

 

Hal

 

ETA: Don't know if this helps, but here are my server logs after a successful test send from apple mail:

 

May 24 09:47:49 services postfix/qmgr[210]: B70F428D1D3: removed

May 24 09:48:05 services postfix/smtpd[8663]: 037A028D1F3: client=unknown[10.0.0.1], sasl_method=PLAIN, sasl_username=voicemail

May 24 09:48:05 services postfix/cleanup[11172]: 037A028D1F3: message-id=<F4EA0647-F1F8-49CD-8541-C1D4A870E5B1@alabu.com>

May 24 09:48:05 services postfix/qmgr[210]: 037A028D1F3: from=<voicemail@alabu.com>, size=528, nrcpt=1 (queue active)

May 24 09:48:05 services postfix/smtpd[11189]: connect from localhost[127.0.0.1]

May 24 09:48:05 services postfix/smtpd[11189]: E135928D201: client=localhost[127.0.0.1]

May 24 09:48:05 services postfix/cleanup[11172]: E135928D201: message-id=<F4EA0647-F1F8-49CD-8541-C1D4A870E5B1@alabu.com>

May 24 09:48:05 services postfix/smtpd[11189]: disconnect from localhost[127.0.0.1]

May 24 09:48:05 services postfix/qmgr[210]: E135928D201: from=<voicemail@alabu.com>, size=955, nrcpt=1 (queue active)

May 24 09:48:05 services postfix/smtp[11174]: 037A028D1F3: to=<hal@alabu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.93, delays=0.16/0/0/0.76, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E135928D201)

May 24 09:48:05 services postfix/qmgr[210]: 037A028D1F3: removed

post-21010-0-61164400-1337864257_thumb.png

post-21010-0-69102400-1337864265_thumb.png

post-21010-0-07326800-1337864273_thumb.png

Edited by halalabu

Share this post


Link to post
Share on other sites

May 24 09:13:28 services postfix/smtpd[5122]: error: CF: user voicemail: Credentials could not be verified, username or password is invalid.

 

Well, I would triple-check if the password is really the same... And what else you can do is to take a look at the log messages when another client registeres.

 

Also, check if the PLAIN authentication is okay for the user voicemail. Maybe the server does advertize it, but does not accept if this this user.

Share this post


Link to post
Share on other sites

Ok folks THANK YOU for your help so far. I've made an important discovery, if I disable PLAIN authentication for SMTP on our mail server, then SNOM reverts to CRAM MD5. This works, and the test email is sent (hooray!). However, I need to have PLAIN authentication enabled for another program that does not support CRAM MD5. Is there a way to force SNOM to use CRAM MD5, even if the server reports that it supports PLAIN (I would think it would default to the highest authentication method, but apparently it doesn't). Thanks!

 

Hal

Share this post


Link to post
Share on other sites

Hmm.

 

Actually the PBX does not support CRAM MD5; it supports only PLAIN and LOGIN. Is there something in the middle?!

 

Ahhh yep my bad. It was reverting to LOGIN not CRAM MD5. In any event, is there a way to force it to use LOGIN instead of PLAIN?

 

Thanks,

Hal

Share this post


Link to post
Share on other sites

Right now thats hard coded. We can change it or make it a setting, this would be a safe path for you to get this problem solved finally. However, it would be good to know why other programs can use PLAIN and we cant. Can we give you a test build where try one more time to use PLAIN, but with only one ID? (What OS are you using?)

Share this post


Link to post
Share on other sites

Right now thats hard coded. We can change it or make it a setting, this would be a safe path for you to get this problem solved finally. However, it would be good to know why other programs can use PLAIN and we cant. Can we give you a test build where try one more time to use PLAIN, but with only one ID? (What OS are you using?)

 

Hmm alright. Yeah I don't have a problem using a test build. I'm using Mac OS X 10.7.4 Lion Server. Thanks for your help figuring this out.

 

Hal

Share this post


Link to post
Share on other sites

I have exactly the same problem here with exactly the same symptoms. Mac OS X 10.6.8 with Kerberos, CRAM-MD5, Login and PLAIN methods enabled. We have about a hundred users authenticated all the time and they use PCs Macs, mobiles... with different setups... I spent number of hours trying to get a test message but no success so far. I even tried a completely different Mac server at another company and got the same result. There is no point to show my logs as they are identical to the ones mentioned before and that is how I found this thread. It basically means that SnomOne email facility is unusable on a standard Mac Server. Otherwise it is a great product and a pleasure to work with. I am willing to participate in any tests to get it right.

Share this post


Link to post
Share on other sites

Hmm. I assume you are using the latest build (Epsilon)? Do you have your server running on an address where we can try to connect and send out an email from a debug system? We definitevely want to close the chapter.

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...