halalabu Posted May 21, 2012 Report Share Posted May 21, 2012 Hi Folks, I'm having trouble getting emails flowing from Snom. I have tested this account from other mail programs and webmail and everything works just fine, but I can't get it to work inside Snom. Please see attached screenshots of log files. Trying to send through a mail server on OS X 10.7 Lion. Any ideas? Thanks so much. Hal Here is my snom config: Here is my snom log file after trying to send a message: And here is my server mail log after trying to send a message: Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 21, 2012 Report Share Posted May 21, 2012 On many servers, the account name must include the domain name (e.g. voicemail@alabu.com); not sure if that is the problem here as the server seems to be local. The PBX probably does not accept the certificate from the email server. You can either import the certificate into the PBX or disable TLS in the Encryption dropdown. Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 22, 2012 Author Report Share Posted May 22, 2012 On many servers, the account name must include the domain name (e.g. voicemail@alabu.com); not sure if that is the problem here as the server seems to be local. The PBX probably does not accept the certificate from the email server. You can either import the certificate into the PBX or disable TLS in the Encryption dropdown. I tried changing the username with no luck. I also tried adding the security certificate (the same one I have on the mail server), however when I I click "save", the PBX does not save. It just kicks me back to the same screen with the field blanked out. Am I doing something wrong in adding the security certificate? (Disabling TLS is not an option as this server requires it). Thanks. Hal Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 22, 2012 Report Share Posted May 22, 2012 I also tried adding the security certificate (the same one I have on the mail server), however when I I click "save", the PBX does not save. It just kicks me back to the same screen with the field blanked out. Am I doing something wrong in adding the security certificate? Certificates are unfortunately not an easy topic. You need to import the Root CA for that certificate (the one that signed the cert for the email server), in base64-encoded format. This starts with ----BEGIN CERTIFICATE--- and ends with -----END CERTIFICATE----. At the bottom of the import dialog, there is a select box, there you have to select certificate for server authentication. Please the field for the private key empty. Then the certificate should show up on the list of trusted Root CA (see http://wiki.snomone.com/index.php?title=Certificates). Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 22, 2012 Author Report Share Posted May 22, 2012 Certificates are unfortunately not an easy topic. You need to import the Root CA for that certificate (the one that signed the cert for the email server), in base64-encoded format. This starts with ----BEGIN CERTIFICATE--- and ends with -----END CERTIFICATE----. At the bottom of the import dialog, there is a select box, there you have to select certificate for server authentication. Please the field for the private key empty. Then the certificate should show up on the list of trusted Root CA (see http://wiki.snomone.com/index.php?title=Certificates). Thanks for the help article. I followed the correct procedure (I think), but Snom just seems to refuse to save my certificate. Here I've pasted my certificate in: And immediately after saving, I'm just returned to the same screen. The certificate doesn't add. Am I doing something wrong? Thanks, Hal Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 22, 2012 Report Share Posted May 22, 2012 Hmm. That looks good. Can you send me a private message with the base64-encoded certificate? Then we can try out to see what is wrong. Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 23, 2012 Author Report Share Posted May 23, 2012 Ok so I just upgraded to the latest version (i was on 4.3x), still no ability to save the security certificate. Is there an alternate way to add a security certificate? I see there are a couple of XML files and an index file in the certificate directory. Can I just add an XML file? If so, can someone send me the surrounding XML data for the type of certificate I'm trying to create? Thanks so much, Hal Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 23, 2012 Report Share Posted May 23, 2012 We tried it here and it did work. We could see the certificate in the list. Hard to say what the problem is... Maybe the browser has a problem to encode such a "long" packet?! Yes, you can try to edit one of the XML files and see if that way you can get it in. Also, double check if you have accidentially modified the reg_certifiate.htm web page in the web page control panel. Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 23, 2012 Author Report Share Posted May 23, 2012 We tried it here and it did work. We could see the certificate in the list. Hard to say what the problem is... Maybe the browser has a problem to encode such a "long" packet?! Yes, you can try to edit one of the XML files and see if that way you can get it in. Also, double check if you have accidentially modified the reg_certifiate.htm web page in the web page control panel. Ahhh ok. Turns out the certificate adds from Chrome but not Safari. I even downloaded the certificate and looked at it in keychain access and the certificate shows as a trusted, signed, valid, cert. Anyway, it's still not working, this is what I'm seeing in my log file. I really can't figure this out because I've tested this user name and password from other programs and it works fine. Any ideas? [0] 2012/05/23 13:45:20: Last message repeated 4 times [8] 2012/05/23 13:45:20: SMTP: Connect to 10.0.0.202:465 [5] 2012/05/23 13:45:20: SMTP: Connection refused on 10.0.0.202:465 [0] 2012/05/23 13:45:24: load: Index domain not set, check {ssi load domains} in dom_logfile.htm [8] 2012/05/23 13:45:25: SMTP: Connect to 10.0.0.202:465 [5] 2012/05/23 13:45:25: SMTP: Connection refused on 10.0.0.202:465 [0] 2012/05/23 13:45:26: load: Index domain not set, check {ssi load domains} in dom_logfile.htm [0] 2012/05/23 13:45:30: Last message repeated 4 times [8] 2012/05/23 13:45:30: SMTP: Connect to 10.0.0.202:465 [5] 2012/05/23 13:45:30: SMTP: Connection refused on 10.0.0.202:465 Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 23, 2012 Report Share Posted May 23, 2012 Okay, one step closer... So I assume that port 465 is the right one? The connection refused suggests that there is something wrong with the port number... You can also set TLS logging to log level 9, to see what is going on on the SSL level. There should be some handshake messages going back and forth. Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 23, 2012 Author Report Share Posted May 23, 2012 Okay, one step closer... So I assume that port 465 is the right one? The connection refused suggests that there is something wrong with the port number... You can also set TLS logging to log level 9, to see what is going on on the SSL level. There should be some handshake messages going back and forth. Hmmmm ok. 465 is the default and is working with other programs. Apple mail uses 587, so that is opened up as well, but no luck there either. I have all logging levels at 0 except for SMTP and TLS at 9. Here is what I'm seeing: [8] 2012/05/23 14:12:49: SMTP: Connect to 69.193.16.105:465 [9] 2012/05/23 14:12:49: SMTP mail.alabu.com: send_client_hello(03014fbd28a106fae3b87714d7036a00c5b23f68191f6b7f1f40e9c5acd2113ea528000004000400050100) [5] 2012/05/23 14:12:49: SMTP: Connection refused on 69.193.16.105:465 [8] 2012/05/23 14:12:54: SMTP: Connect to 69.193.16.105:587 [9] 2012/05/23 14:12:54: SMTP mail.alabu.com:587: send_client_hello(03014fbd28a66056a75f7ff3bf95123adb10a13eebe2677de5c0fc5ddaed191f335e000004000400050100) [5] 2012/05/23 14:14:54: SMTP: Timeout Interestingly it gets refused on 465, but times out on 587 (I know for a fact both of those are forwarded on the firewall). Come to think of it, they are forwarded on TCP only, could Snom be trying to use a UDP connection? Thanks again, Hal Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 23, 2012 Author Report Share Posted May 23, 2012 Interestingly, when I change the encryption type to automatic, I get this: [8] 2012/05/23 14:28:48: SMTP: Connect to 69.193.16.105:25 [8] 2012/05/23 14:28:48: SMTP: Received 220 services.alabu.com ESMTP Postfix [8] 2012/05/23 14:28:48: SMTP: Send EHLO localhost [8] 2012/05/23 14:28:48: SMTP: Received 250-services.alabu.com 250-PIPELINING 250-SIZE 52428800 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN CRAM-MD5 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-BINARYMIME 250 CHUNKING [8] 2012/05/23 14:28:48: SMTP: Send STARTTLS [8] 2012/05/23 14:28:48: SMTP: Received 220 2.0.0 Ready to start TLS [9] 2012/05/23 14:28:48: SMTP mail.alabu.com: send_client_hello(03014fbd2c60249a7d868e42cc110c4be6f7a4aeba433d3c0fc1d33c244a566985f7000004000400050100) [8] 2012/05/23 14:28:48: SMTP: Send EHLO localhost [9] 2012/05/23 14:28:48: SMTP mail.alabu.com: process_server_hello(03014fbd2c60ffdf2a9b918e5525255ce347fabed44a7840a43c67f1a2382504e7c5205ea9088e7debff9aa69d88b6f2c1a8d41f621e69e2dfaee89cfe55410d72c425000400) [9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] process_certificate(000eac0005bd308205b9308204a1a00302…. ------- I CUT THIS PART OUT, IT'S REALLY LONG ------- [4] 2012/05/23 14:28:48: Certificate for Go Daddy Class 2 Certification Authority not available [9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] send_alert(022b) [9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] process_server_hello_done() [9] 2012/05/23 14:28:48: SMTP mail.alabu.com: [5ea9088e] send_alert(0230) [5] 2012/05/23 14:28:48: SMTP: Connection refused on 69.193.16.105:25 Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 23, 2012 Report Share Posted May 23, 2012 Import the following certificate (available from https://certs.godaddy.com/anonymous/repository.seam): -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h /t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE----- Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 23, 2012 Author Report Share Posted May 23, 2012 Import the following certificate (available from https://certs.godadd...repository.seam): -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h /t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE----- Thank you for that. I think we're getting somewhere. Now it seems it's saying authentication failed? Thanks so much for your help. See log below: [8] 2012/05/23 16:44:46: SMTP: Received 535 Error: authentication failed [5] 2012/05/23 16:44:46: SMTP Server returned 535 [8] 2012/05/23 16:44:46: SMTP: Connect to 69.193.16.105:25 [8] 2012/05/23 16:44:46: SMTP: Received 220 services.alabu.com ESMTP Postfix [8] 2012/05/23 16:44:46: SMTP: Send EHLO localhost [8] 2012/05/23 16:44:46: SMTP: Received 250-services.alabu.com 250-PIPELINING 250-SIZE 52428800 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN CRAM-MD5 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-BINARYMIME 250 CHUNKING [8] 2012/05/23 16:44:46: SMTP: Send STARTTLS [8] 2012/05/23 16:44:46: SMTP: Received 220 2.0.0 Ready to start TLS [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: send_client_hello(03014fbd4c3e8d7bef50e9c137a193c8449dcd5d505a5aecb508b05ddbb9b8e0a53c000004000400050100) [8] 2012/05/23 16:44:46: SMTP: Send EHLO localhost [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: process_server_hello(03014fbd4c3e8f30abfc8156707fdf7e17d992c1e8971c894c0d433f19cb07e4788b201e8d60fb3e22a35a5c72a8b081cd35ac06a1ee391536218b031da2f209518b6a000400) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_certificate(000eac0005bd30…… removed this for brevity [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_server_hello_done() [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] rsa_n(ad526a4c6a2a25827ca1a41ad2d80529c35b8f65ffe72095f3f8dc65abf74a849472341f6c2413be000149556542ba4af46895e816b1460cd41aac40b697f16ebdb30354f62366e3f4987205c6a4c888bd2866c6851c5452ca70234a6281666cd69c625ab27895dd54f8dfa54cd265b9435192db7a01f87823c485a3ff31a3e8e8b89d2d8e4da20cd3caa7114a732e81e9b62af483acf4d56446b1adeef1d67873630ec6bce6864e91a8faa6b2f6e98e9d3e77c2f33e9081fce04d4642b2ab2f2f828748db243a351bc92f86d671e1d4caa3596cd5c8648be254f830b84d518baff1acced82d62abe0e628c9591b3d8c7aadf0d116a2d3be9f0e28158f3a1033) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] rsa_e(010001) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Pre Master Secret(03016120f00fbd306235d2aa05d66283378c5585c569baf08971c9da720cbf57807b65b3f3070917537d72711f1b08bc) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Block Padded(00026e22222f5cb4d3eaab081b352b77442eda4eb69c900d5a5b7da65ea125e68e24e4f248b82e062e89593283e3c9eb8b90bef90934313a4ff72cf7a75e415a0190ddf00d84578639a66625dc3e94649002a5c3f5019e7b79a43db32943bdd7adf2768a9d6a821b96d1658d78cc37574260dc4d36aeaae494386a5a7f07931ddfb260f6a0477e0ab4920bf2a5bbfdd690d816d25e5aad6259e67fe3f61245ed7e235c9e668b62bf77c13e3a725563fe6738d8e98f858a8d1774cd8021482b75bc63cf685ca826350630b15775d7290003016120f00fbd306235d2aa05d66283378c5585c569baf08971c9da720cbf57807b65b3f3070917537d72711f1b08bc) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Encrypted Pre Master(9482817e2d45abd4d58abc7e094e60cfcb843852457e85614593c01869ca0cb69c9aaa2eddb0db4e7486e30520e3941234d395d96bb4866646e706bcadeb45fcb1fe0f08e3c457ef793383a96e2c8f27b131fa7b38f9f4f954c6ad628475768b4fe695f97bbdb258eab4eef19c994d774795ff9f989bc7593ed8423bfffa7d93f14a4644dc26dc75297e8b424909bd40f9d4a589308299df3aa1c8b88227c2427d457fb7035a7b7ee0c59583a3081789351231a129d7378d15175164a62a05c10b108c0ee0d8556e407a56e780ebf89bc34164a87c4a45f78f418cb4423d656ca42fb796441455b4e08bbd6077c5b23dcba34e9a36642b08d97c4e0feb0ea083) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Client Random(4fbd4c3e8d7bef50e9c137a193c8449dcd5d505a5aecb508b05ddbb9b8e0a53c) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Server Random(4fbd4c3e8f30abfc8156707fdf7e17d992c1e8971c894c0d433f19cb07e4788b) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Master Secret(babca53700ed80dc64b4bc34a4e311e21bc23296b45af2b307ed63ae05f8b3b69396f92945dd1978b33fa1b5dcde8838) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] send_client_key_exchange(01009482817e2d45abd4d58abc7e094e60cfcb843852457e85614593c01869ca0cb69c9aaa2eddb0db4e7486e30520e3941234d395d96bb4866646e706bcadeb45fcb1fe0f08e3c457ef793383a96e2c8f27b131fa7b38f9f4f954c6ad628475768b4fe695f97bbdb258eab4eef19c994d774795ff9f989bc7593ed8423bfffa7d93f14a4644dc26dc75297e8b424909bd40f9d4a589308299df3aa1c8b88227c2427d457fb7035a7b7ee0c59583a3081789351231a129d7378d15175164a62a05c10b108c0ee0d8556e407a56e780ebf89bc34164a87c4a45f78f418cb4423d656ca42fb796441455b4e08bbd6077c5b23dcba34e9a36642b08d97c4e0feb0ea083) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] send_change_cipher_spec(01) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] perform_change_cipher_spec(0004) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Key Block(07eeb8ee7f96f59c627691b9ea7ed8d2d4d592fae6ff030d74e3ac6c82918906d83a53db9b59585b7df019ba3192880229fd26fb0b5c1e5dea8a0d39863b2d973bdc3e9fdc2be2b1) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Client Write MAC Secret(07eeb8ee7f96f59c627691b9ea7ed8d2) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Server Write MAC Secret(d4d592fae6ff030d74e3ac6c82918906) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Client Write Key(d83a53db9b59585b7df019ba31928802) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] Server Write Key(29fd26fb0b5c1e5dea8a0d39863b2d97) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] send_finished(33bef80150ee1bd431bc8c1b) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_change_cipher_spec(01) [9] 2012/05/23 16:44:46: SMTP mail.alabu.com: [1e8d60fb] process_finished(0eb0249bef4d1e23d1270597) [8] 2012/05/23 16:44:46: SMTP: Received 250-services.alabu.com 250-PIPELINING 250-SIZE 52428800 250-VRFY 250-AUTH LOGIN PLAIN CRAM-MD5 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-BINARYMIME 250 CHUNKING [8] 2012/05/23 16:44:46: SMTP: Send AUTH PLAIN dm9pY2AtYWlsAHJDsjghdFdfgFfkjSJSJHhjSAS=F Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 23, 2012 Report Share Posted May 23, 2012 Okay, now we are talking secure... So are you sure your username is voicemail, and not voicemail@mail.alabu.com? If you have other clients working, that should be easy to figure out. Also, did you double check the password? For PLAIN authentication, it is possible to have authorization identity and authentication identity different (though the PBX does not support that difference). Could this be the problem? Any log from the mail server? I think we are close. Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 24, 2012 Author Report Share Posted May 24, 2012 (edited) Okay, now we are talking secure... So are you sure your username is voicemail, and not voicemail@mail.alabu.com? If you have other clients working, that should be easy to figure out. Also, did you double check the password? For PLAIN authentication, it is possible to have authorization identity and authentication identity different (though the PBX does not support that difference). Could this be the problem? Any log from the mail server? I think we are close. Alright, got the security part squared away now. Great! (and thanks!). I tried alternate usernames voicemail@alabu.com and voicemail@mail.alabu.com with no luck. I added this account to apple mail, and it works fine (screenshots of configuration are attached). Also, here is what the log file on my server looks like: May 24 09:13:28 services postfix/postscreen[4585]: CONNECT from [10.0.0.202]:53907 May 24 09:13:28 services postfix/postscreen[4585]: WHITELISTED [10.0.0.202]:53907 May 24 09:13:28 services postfix/smtpd[5122]: connect from services.alabu.com[10.0.0.202] May 24 09:13:28 services postfix/smtpd[5122]: error: CF: user voicemail: Credentials could not be verified, username or password is invalid. May 24 09:13:28 services postfix/smtpd[5122]: warning: services.alabu.com[10.0.0.202]: SASL PLAIN authentication failed May 24 09:13:28 services postfix/smtpd[5122]: lost connection after AUTH from services.alabu.com[10.0.0.202] May 24 09:13:28 services postfix/smtpd[5122]: disconnect from services.alabu.com[10.0.0.202] May 24 09:13:28 services postfix/postscreen[4585]: CONNECT from [10.0.0.202]:53909 May 24 09:13:28 services postfix/postscreen[4585]: WHITELISTED [10.0.0.202]:53909 May 24 09:13:28 services postfix/smtpd[5122]: connect from services.alabu.com[10.0.0.202] May 24 09:13:28 services postfix/smtpd[5122]: error: CF: user voicemail: Credentials could not be verified, username or password is invalid. May 24 09:13:28 services postfix/smtpd[5122]: warning: services.alabu.com[10.0.0.202]: SASL PLAIN authentication failed May 24 09:13:28 services postfix/smtpd[5122]: lost connection after AUTH from services.alabu.com[10.0.0.202] May 24 09:13:28 services postfix/smtpd[5122]: disconnect from services.alabu.com[10.0.0.202] No idea why this is happening. Any ideas? Thanks again. Hal ETA: Don't know if this helps, but here are my server logs after a successful test send from apple mail: May 24 09:47:49 services postfix/qmgr[210]: B70F428D1D3: removed May 24 09:48:05 services postfix/smtpd[8663]: 037A028D1F3: client=unknown[10.0.0.1], sasl_method=PLAIN, sasl_username=voicemail May 24 09:48:05 services postfix/cleanup[11172]: 037A028D1F3: message-id=<F4EA0647-F1F8-49CD-8541-C1D4A870E5B1@alabu.com> May 24 09:48:05 services postfix/qmgr[210]: 037A028D1F3: from=<voicemail@alabu.com>, size=528, nrcpt=1 (queue active) May 24 09:48:05 services postfix/smtpd[11189]: connect from localhost[127.0.0.1] May 24 09:48:05 services postfix/smtpd[11189]: E135928D201: client=localhost[127.0.0.1] May 24 09:48:05 services postfix/cleanup[11172]: E135928D201: message-id=<F4EA0647-F1F8-49CD-8541-C1D4A870E5B1@alabu.com> May 24 09:48:05 services postfix/smtpd[11189]: disconnect from localhost[127.0.0.1] May 24 09:48:05 services postfix/qmgr[210]: E135928D201: from=<voicemail@alabu.com>, size=955, nrcpt=1 (queue active) May 24 09:48:05 services postfix/smtp[11174]: 037A028D1F3: to=<hal@alabu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.93, delays=0.16/0/0/0.76, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E135928D201) May 24 09:48:05 services postfix/qmgr[210]: 037A028D1F3: removed Edited May 24, 2012 by halalabu Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 24, 2012 Report Share Posted May 24, 2012 May 24 09:13:28 services postfix/smtpd[5122]: error: CF: user voicemail: Credentials could not be verified, username or password is invalid. Well, I would triple-check if the password is really the same... And what else you can do is to take a look at the log messages when another client registeres. Also, check if the PLAIN authentication is okay for the user voicemail. Maybe the server does advertize it, but does not accept if this this user. Quote Link to comment Share on other sites More sharing options...
pbx support Posted May 24, 2012 Report Share Posted May 24, 2012 Check out the reply "Server Admin > Access menu bar >mail:click "Allow all users and groups" under post https://discussions.apple.com/thread/2651030?threadID=2651030 Not sure if that would solve your problem. Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 24, 2012 Author Report Share Posted May 24, 2012 Ok folks THANK YOU for your help so far. I've made an important discovery, if I disable PLAIN authentication for SMTP on our mail server, then SNOM reverts to CRAM MD5. This works, and the test email is sent (hooray!). However, I need to have PLAIN authentication enabled for another program that does not support CRAM MD5. Is there a way to force SNOM to use CRAM MD5, even if the server reports that it supports PLAIN (I would think it would default to the highest authentication method, but apparently it doesn't). Thanks! Hal Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 24, 2012 Report Share Posted May 24, 2012 Hmm. Actually the PBX does not support CRAM MD5; it supports only PLAIN and LOGIN. Is there something in the middle?! Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 24, 2012 Author Report Share Posted May 24, 2012 Hmm. Actually the PBX does not support CRAM MD5; it supports only PLAIN and LOGIN. Is there something in the middle?! Ahhh yep my bad. It was reverting to LOGIN not CRAM MD5. In any event, is there a way to force it to use LOGIN instead of PLAIN? Thanks, Hal Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted May 24, 2012 Report Share Posted May 24, 2012 Right now thats hard coded. We can change it or make it a setting, this would be a safe path for you to get this problem solved finally. However, it would be good to know why other programs can use PLAIN and we cant. Can we give you a test build where try one more time to use PLAIN, but with only one ID? (What OS are you using?) Quote Link to comment Share on other sites More sharing options...
halalabu Posted May 25, 2012 Author Report Share Posted May 25, 2012 Right now thats hard coded. We can change it or make it a setting, this would be a safe path for you to get this problem solved finally. However, it would be good to know why other programs can use PLAIN and we cant. Can we give you a test build where try one more time to use PLAIN, but with only one ID? (What OS are you using?) Hmm alright. Yeah I don't have a problem using a test build. I'm using Mac OS X 10.7.4 Lion Server. Thanks for your help figuring this out. Hal Quote Link to comment Share on other sites More sharing options...
yurak Posted July 12, 2012 Report Share Posted July 12, 2012 I have exactly the same problem here with exactly the same symptoms. Mac OS X 10.6.8 with Kerberos, CRAM-MD5, Login and PLAIN methods enabled. We have about a hundred users authenticated all the time and they use PCs Macs, mobiles... with different setups... I spent number of hours trying to get a test message but no success so far. I even tried a completely different Mac server at another company and got the same result. There is no point to show my logs as they are identical to the ones mentioned before and that is how I found this thread. It basically means that SnomOne email facility is unusable on a standard Mac Server. Otherwise it is a great product and a pleasure to work with. I am willing to participate in any tests to get it right. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted July 13, 2012 Report Share Posted July 13, 2012 Hmm. I assume you are using the latest build (Epsilon)? Do you have your server running on an address where we can try to connect and send out an email from a debug system? We definitevely want to close the chapter. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.