Solved Zulip server cannot send mail to opensmtpd server, complains that 'SMTP AUTH extension not supported by server.'

F

Ferocious1881

I have setup a zulip server as well an opensmtpd server in my intranet. With the opensmtpd server being in a FreeBSD Jail and the zulip server being in a debian bookworm bhyve guest.

I know the opensmpt server is working properly, as have login in with my an email client an successfully send mail from an account to another account in the mail server.

Now the Zulip server is failing to send emails to the other account in the mail server, and is spamming the logs with:
Code: 
2024-10-06 06:48:49.833 WARN [zerver.management.commands.deliver_scheduled_emails] <ScheduledEmail: 1 [<UserProfile: user1@example.com <Realm:  2>>] 2024-10-06 06:47:11.204879+00:00> not delivered
2024-10-06 06:48:49.859 INFO [zulip.send_email] Sending account_registered email to ['Some Name <user1@example.com>']
2024-10-06 06:48:49.864 ERR  [zulip.send_email] Error sending account_registered email to ['Some Name <user1@example.com>']: SMTP AUTH extension not supported by server.

The opensmtpd server has this `smtpd.conf`:
Code: 
table passwd passwd:/usr/local/etc/mail/passwd
table virtuals file:/usr/local/etc/mail/virtuals

pki mail.example.com cert "/usr/local/etc/letsencrypt/archive/mail.example.com/fullchain1.pem"
pki mail.example.com key "/usr/local/etc/letsencrypt/archive/mail.example.com/privkey1.pem"

filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \
    disconnect "550 no residential connections - Thou shalt not pass"

filter check_rdns phase connect match !rdns \
    disconnect "550 no rdns - Thou shalt not pass"

filter check_fcrdns phase connect match !fcrdns \
    disconnect "550 no FCrDNS - Thou shalt not pass"

filter rspamd proc-exec "/usr/local/libexec/opensmtpd/opensmtpd-filter-rspamd"

listen on 0.0.0.0 tls pki mail.example.com \
    filter { check_dyndns, check_rdns, check_fcrdns, rspamd } auth-optional <passwd>

listen on 0.0.0.0 port submission tls-require pki mail.example.com  auth <passwd> filter rspamd mask-src

listen on 0.0.0.0 port 465 smtps pki mail.example.com  auth <passwd> filter rspamd mask-src

action "local_mail" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals>
action "outbound" relay helo mail.example.com

match from any for domain example.com action "local_mail"
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"
Based as my entire mail server setup in this article .
 
Checked it again and my mail log have come from having
Code: 
Oct  6 06:47:23 mail smtpd[99099]: 7d7df7f6940b1cc0 smtp disconnected reason=disconnect
Oct  6 06:47:23 mail smtpd[99099]: 7d7df7f762a0b35e smtp connected address=192.168.0.19 host=zulip.example.com
repeated ad infinitum, reason for which did not even consider them.
Now is a less nonsensical
Code: 
Oct  6 09:45:00 mail smtpd[99099]: 7d7e5d74323814a1 smtp connected address=192.168.0.19 host=zulip.example.com
Oct  6 09:45:00 mail smtpd[99099]: 7d7e5d74323814a1 smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  6 09:45:00 mail smtpd[99099]: 7d7e5d74323814a1 smtp authentication user=zulip@example.com result=permfail
Oct  6 09:45:01 mail smtpd[99099]: 7d7e5d74323814a1 smtp failed-command command="AUTH PLAIN (...)" result="535 Authentication failed"
Oct  6 09:45:01 mail smtpd[99099]: 7d7e5d74323814a1 smtp authentication user=zulip@example.com result=permfail
Oct  6 09:45:01 mail smtpd[99099]: 7d7e5d74323814a1 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed"
Oct  6 09:45:01 mail smtpd[99099]: 7d7e5d7599c0bf6f smtp connected address=192.168.0.19 host=zulip.example.com
Oct  6 09:45:02 mail smtpd[99099]: 7d7e5d7599c0bf6f smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  6 09:45:02 mail smtpd[99099]: 7d7e5d7599c0bf6f smtp authentication user=zulip@example.com result=permfail
^LOct  6 09:45:02 mail smtpd[99099]: 7d7e5d7599c0bf6f smtp failed-command command="AUTH PLAIN (...)" result="535 Authentication failed"
Oct  6 09:45:02 mail smtpd[99099]: 7d7e5d7599c0bf6f smtp authentication user=zulip@example.com result=permfail
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d7599c0bf6f smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed"
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d718a5200e3 smtp disconnected reason="io-error: read failed: error:0A000126:SSL routines::unexpected eof while reading"
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d72e93aa7e0 smtp disconnected reason="io-error: read failed: error:0A000126:SSL routines::unexpected eof while reading"
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d732fe0df88 smtp disconnected reason="io-error: read failed: error:0A000126:SSL routines::unexpected eof while reading"
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d74323814a1 smtp disconnected reason="io-error: read failed: error:0A000126:SSL routines::unexpected eof while reading"
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d76457ea123 smtp connected address=192.168.0.19 host=zulip.example.com
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d76457ea123 smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  6 09:45:03 mail smtpd[99099]: 7d7e5d76457ea123 smtp authentication user=zulip@example.com result=permfail

Similary my Zulip logs now say:
Code: 
2024-10-06 09:49:40.151 INFO [zulip.send_email] Sending account_registered email to ['My User Name <user1@example.com>']
2024-10-06 09:49:41.402 ERR  [zulip.send_email] Error sending account_registered email to ['My User Name <user1@example.com>'] with error code 535: b'Authentication failed'
2024-10-06 09:49:41.414 WARN [zerver.management.commands.deliver_scheduled_emails] <ScheduledEmail: 1 [<UserProfile: user1@example.com <Realm:  2>>] 2024-10-06 06:47:11.204879+00:00> not delivered
2024-10-06 09:49:41.507 INFO [zulip.send_email] Sending account_registered email to ['My User Name <user1@example.com>']
repeated ad infinitum.
 
Using Zulip's Troubleshooting tool su zulip -c '/home/zulip/deployments/current/manage.py send_test_email user1@example.com'
I get this which calls Full SMTP log.
Code: 
connect: to ('mail.example.com', 587) None
reply: b'220 example.com ESMTP OpenSMTPD\r\n'
reply: retcode (220); Msg: b'example.com ESMTP OpenSMTPD'
connect: b'example.com ESMTP OpenSMTPD'
send: 'ehlo zulip.example.com\r\n'
reply: b'250-example.com Hello zulip.example.com [192.168.0.19], pleased to meet you\r\n'
reply: b'250-8BITMIME\r\n'
reply: b'250-ENHANCEDSTATUSCODES\r\n'
reply: b'250-SIZE 36700160\r\n'
reply: b'250-DSN\r\n'
reply: b'250-STARTTLS\r\n'
reply: b'250 HELP\r\n'
reply: retcode (250); Msg: b'example.com Hello zulip.example.com [192.168.0.19], pleased to meet you\n8BITMIME\nENHANCEDSTATUSCODES\nSIZE 36700160\nDSN\nSTARTTLS\nHELP'
send: 'STARTTLS\r\n'
reply: b'220 2.0.0 Ready to start TLS\r\n'
reply: retcode (220); Msg: b'2.0.0 Ready to start TLS'
send: 'ehlo zulip.example.com\r\n'
reply: b'250-example.com Hello zulip.example.com [192.168.0.19], pleased to meet you\r\n'
reply: b'250-8BITMIME\r\n'
reply: b'250-ENHANCEDSTATUSCODES\r\n'
reply: b'250-SIZE 36700160\r\n'
reply: b'250-DSN\r\n'
reply: b'250-AUTH PLAIN LOGIN\r\n'
reply: b'250 HELP\r\n'
reply: retcode (250); Msg: b'example.com Hello zulip.example.com [192.168.0.19], pleased to meet you\n8BITMIME\nENHANCEDSTATUSCODES\nSIZE 36700160\nDSN\nAUTH PLAIN LOGIN\nHELP'
send: 'AUTH PLAIN AHp1bGlwADlPclMwUlVUdmRuNWlVVjVWVjRFSlBiQm1SYmNWcmc5MVhhUnVuY2h0Q1Ju\r\n'
reply: b'535 Authentication failed\r\n'
reply: retcode (535); Msg: b'Authentication failed'
send: 'AUTH LOGIN enVsaXA=\r\n'
reply: b'334 UGFzc3dvcmQ6\r\n'
reply: retcode (334); Msg: b'UGFzc3dvcmQ6'
send: 'OU9yUzBSVVR2ZG41aVVWNVZWNEVKUGJCbVJiY1ZyZzkxWGFSdW5jaHRDUm4=\r\n'
reply: b'535 Authentication failed\r\n'
reply: retcode (535); Msg: b'Authentication failed'
 
You must log in or register to reply here.
Back
Top