SMTP on 2.10

Hi,

I’ve been trying to configure the new feature on 2.10 that allows you to
add SMTP servers, I have used the same credentials as I used before in the
old setup for emails but am now getting an 535 authentication error. I
have also noticed that when the configuration is saved and clicked back on,
the password disappears - is this normal or could it be this that is
causing the connection to fail?

Thanks,
Conan

Hello Conan,

the password is saved in the database table “smtpserver”.
Can you please check, if it is save in your table?

There is a minor flaw in the UI, which only allows you to enter
email-addresses as usernames.
Is your username an email address, that contains “@” or is it a normal
name?

Kind regards
CorneliusAm Dienstag, den 16.02.2016, 06:36 -0800 schrieb Conan Malone:

Hi,

I’ve been trying to configure the new feature on 2.10 that allows you
to add SMTP servers, I have used the same credentials as I used before
in the old setup for emails but am now getting an 535 authentication
error. I have also noticed that when the configuration is saved and
clicked back on, the password disappears - is this normal or could it
be this that is causing the connection to fail?

Thanks,
Conan

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d6f4e19a-f40f-4ccc-8e37-e2b01042015d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

FAILED TO DECRYPT PASSWORD is a message by privacyIDEA which occurs
during the decryption of encrpyted values (like the SMTP password)

This happens if for whichever reason the password can not be decrypted
(as the error message suggests :wink:

This can be:

  1. you changed the encryption key
  2. you chose a password that gets not correctly encrypted
    and then decrypted like
    • strange characters in the password that confuse the API
      (You can monitor the transmisstion/API when saving the password
      enabling the Developer mode in the broswer)
    • To long password that is encrypted that long that is does not fit
      into the database table (don’t think so)

I suggest using Ctrl-I in your browser to watch the network traffic
during saving the SMTP settings.

Kind regards
CorneliusAm Mittwoch, den 17.02.2016, 04:41 -0800 schrieb Conan Malone:

Hi Cornelius,

I have checked the smtpserver table and the password is in there along
with ip address, port, username etc.

(1,‘MY-SMTP’,‘IP ADDRESS’,PORT,‘user@domain.com’,‘Encyrpted
Password’,‘user@domain.com’,0,‘Description’)

The username is an email address so I have no problem with that as
that saves when I save the configuration, just the password that
disappears…

I’ve checked the log on my SMTP server and this is what comes through
when I send a test email from the UI.

“SMTPD” 2120 12733 “2016-02-17 11:28:09.200” “192.168.XX.X”
“SENT: 220 OurDomain.com
“SMTPD” 3712 12733 “2016-02-17 11:28:09.200” “192.168.XX.X”
“RECEIVED: ehlo [127.0.0.1]”
“SMTPD” 3712 12733 “2016-02-17 11:28:09.200” “192.168.XX.X”
“SENT: 250-OurDomain.com[nl]250-SIZE
20480000[nl]250-STARTTLS[nl]250-AUTH LOGIN PLAIN[nl]250 HELP”
“SMTPD” 3180 12733 “2016-02-17 11:28:09.216” “192.168.XX.X”
“RECEIVED: AUTH PLAIN
AHVzZXJAZG9tYWluLmNvbQBGQUlMRUQgVE8gREVDUllQVCBQQVNTV09SRCE=”
“SMTPD” 3180 12733 “2016-02-17 11:28:09.216” “192.168.XX.X”
“SENT: 535 Authentication failed. Restarting authentication
process.”

The decoded version of the AUTH PLAIN part seems to give back this
result…

AUTH PLAIN
AHVzZXJAZG9tYWluLmNvbQBGQUlMRUQgVE8gREVDUllQVCBQQVNTV09SRCE=" =
user@domain.com FAILED TO DECRYPT PASSWORD!

Any ideas on what might be the problem?

Thanks,
Conan

On Tuesday, February 16, 2016 at 2:54:34 PM UTC, Cornelius Kölbel wrote:
Hello Conan,

    the password is saved in the database table "smtpserver". 
    Can you please check, if it is save in your table? 
    
    There is a minor flaw in the UI, which only allows you to
    enter 
    email-addresses as usernames. 
    Is your username an email address, that contains "@" or is it
    a normal 
    name? 
    
    Kind regards 
    Cornelius 
    
    Am Dienstag, den 16.02.2016, 06:36 -0800 schrieb Conan
    Malone: 
    > Hi, 
    > 
    > 
    > I've been trying to configure the new feature on 2.10 that
    allows you 
    > to add SMTP servers, I have used the same credentials as I
    used before 
    > in the old setup for emails but am now getting an 535
    authentication 
    > error.  I have also noticed that when the configuration is
    saved and 
    > clicked back on, the password disappears - is this normal or
    could it 
    > be this that is causing the connection to fail? 
    > 
    > 
    > Thanks, 
    > Conan 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/d6f4e19a-f40f-4ccc-8e37-e2b01042015d%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/f2e21365-47e0-48fe-b719-0349d450d414%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Cornelius,

I have checked the smtpserver table and the password is in there along with
ip address, port, username etc.

(1,‘MY-SMTP’,‘IP ADDRESS’,PORT,‘user@domain.com’,‘Encyrpted
Password’,‘user@domain.com’,0,‘Description’)

The username is an email address so I have no problem with that as that
saves when I save the configuration, just the password that disappears…

I’ve checked the log on my SMTP server and this is what comes through when
I send a test email from the UI.

“SMTPD” 2120 12733 “2016-02-17 11:28:09.200” “192.168.XX.X”
“SENT: 220 OurDomain.com
“SMTPD” 3712 12733 “2016-02-17 11:28:09.200” “192.168.XX.X”
“RECEIVED: ehlo [127.0.0.1]”
“SMTPD” 3712 12733 “2016-02-17 11:28:09.200” “192.168.XX.X”
“SENT: 250-OurDomain.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250-AUTH
LOGIN PLAIN[nl]250 HELP”
“SMTPD” 3180 12733 “2016-02-17 11:28:09.216” “192.168.XX.X”
“RECEIVED: AUTH PLAIN
AHVzZXJAZG9tYWluLmNvbQBGQUlMRUQgVE8gREVDUllQVCBQQVNTV09SRCE=”
“SMTPD” 3180 12733 “2016-02-17 11:28:09.216” “192.168.XX.X”
“SENT: 535 Authentication failed. Restarting authentication process.”

The decoded version of the AUTH PLAIN part seems to give back this result…

AUTH PLAIN AHVzZXJAZG9tYWluLmNvbQBGQUlMRUQgVE8gREVDUllQVCBQQVNTV09SRCE="
= user@domain.com FAILED TO DECRYPT PASSWORD!

Any ideas on what might be the problem?

Thanks,
ConanOn Tuesday, February 16, 2016 at 2:54:34 PM UTC, Cornelius Kölbel wrote:

Hello Conan,

the password is saved in the database table “smtpserver”.
Can you please check, if it is save in your table?

There is a minor flaw in the UI, which only allows you to enter
email-addresses as usernames.
Is your username an email address, that contains “@” or is it a normal
name?

Kind regards
Cornelius

Am Dienstag, den 16.02.2016, 06:36 -0800 schrieb Conan Malone:

Hi,

I’ve been trying to configure the new feature on 2.10 that allows you
to add SMTP servers, I have used the same credentials as I used before
in the old setup for emails but am now getting an 535 authentication
error. I have also noticed that when the configuration is saved and
clicked back on, the password disappears - is this normal or could it
be this that is causing the connection to fail?

Thanks,
Conan

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/d6f4e19a-f40f-4ccc-8e37-e2b01042015d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel