[stunnel-users] Getting Stunnel working with Verizon.net SMTP
Gary Kuznitz
docfxit at theoffice.la
Thu Jun 13 00:31:43 CEST 2013
Hi Jochen,
With your help I selected "Do not use CRAM-MD5 authentication even if it is
advertised"
It's now woking.
Thank you very much for your help.
Do you know if there is any way to remove the emails with the user name and password
from the archives?
Thanks,
Gary
On 12 Jun 2013 at 23:08, Jochen (Jochen Bern <Jochen.Bern at LINworks.de>)
commented about Re: [stunnel-users] Getting Stunnel working with :
> On 12.06.2013 21:28, Gary Kuznitz wrote:
> > On your first post I didn't see the difference in port numbers. I have corrected that.
> > I'm getting this log from my email client:
> > --- Wed, 12 Jun 2013 12:22:46 ---
> > Connect to 'localhost' port 10115, timeout 60.
> > 12:22:46.960 [*] Connection established to 127.0.0.1
> > 12:22:47.226 >> 0120 220 vms173007pub.verizon.net -- Server ESMTP (Sun Java(tm)
> > System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))\0D\0A
>
> First and foremost, this shows that your e-mail client can now talk to
> the server, which means that stunnel's job (the SSL negotiation) gets
> done successfully.
>
> > 12:22:47.288 >> 0042 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5\0D\0A
> > 12:22:47.288 >> 0022 250-AUTH=LOGIN PLAIN\0D\0A
>
> This part of the server's reply to the EHLO command shows the auth
> mechanisms the server supports; CRAM-MD5 is listed ...
>
> > 12:22:47.288 << 0015 AUTH CRAM-MD5\0D\0A
>
> ... and your client requests it.
>
> > 12:22:47.335 >> 0050 334 PDEzNTYyOTY5MjEuMTIxMTA1NTFAdm1zMTczMDA3Pg==\0D\0A
>
> The servers issues (a base64 encoded version of)
> "<1356296921.12110551 at vms173007>" as a "random" string challenge.
>
> > 12:22:47.335 << 0058 YXR1cHJlcyBkYTlmZTI3MWFjODNjYWUxOTVjNmZhZWQ5ZGE0NTUzYg==\0D\0A
>
> This is a base64 encoded version of "atupres
> da9fe271ac83cae195c6faed9da4553b". "atupres" should be your username and
> da9fe271ac83cae195c6faed9da4553b the HMAC-MD5 digest of the challenge
> with your password as the key.
>
> I don't know a tool to compute HMAC-MD5 digests that is readily
> available under Windows, I'm afraid. If you're desperate, try
> http://www.freeformatter.com/hmac-generator.html
> (note that they won't know a) on which server and b) with what username
> you'll be using the password ...).
>
> > 12:22:47.397 >> 0066 500 5.7.0 Unknown AUTH error -1 (Internal authentication error).\0D\0A
>
> ... and there the server says it cannot verify that.
>
> > Do you have any idea why I am getting [that]?
>
> I can think of several *possible* reasons, but ultimately, the server
> doesn't tell us what exactly is wrong.
>
> 1. It may be that the server is announcing CRAM-MD5 auth though it
> actually does *not* support it. (The DIGEST-MD5 and CRAM-MD5 mechs
> require that the server *knows* the (plaintext) password, while for
> PLAIN and LOGIN, storing only a hash of the password is enough, and
> foils attackers who manage to steal a copy of the password database.)
> Enforcing use of a different mechanism can probably be done through
> your e-mail client's settings, but I'm afraid that it's usually
> rather cryptic how exactly to do that ...
> If you want to have a *manual* try at another mech, here's a web
> page explaining what to input for PLAIN and LOGIN:
> http://www.gadgetwiz.com/protocols/smtp-auth-example.html
> and here's an MS KB article with a base64 en-/decoder:
> http://support.microsoft.com/kb/191239
> Problem is that the strings to be base64 encoded are supposed *not*
> to have an end-of-line, and sometimes even to contain NUL bytes
> ("\0") ... Verify that your method of choice properly reproduces the
> examples in the howto page. :-C
> 2. I'm a bit surprised that your username supposedly is "atupres",
> rather than "atupres at your.dom.ain", "atupres%your.dom.ain" or
> something to that effect ... ?
> 3. The obvious one, a mistyped password ...
>
> Regards,
> J. Bern
> --
> *NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
> Server--Storage--Virtualisierung--Management SW--Passion for Performance
> Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
> Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
> PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
> Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
> Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel
More information about the stunnel-users
mailing list