Re: [exim] How to debug an encrypted smtp auth connection?

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Andrew C Aitchison
CC: Jeremy Harris, exim-users
New-Topics: [exim] Debian9/exim4.89 does TLS and SMTP AUTH with gmail, but Debian10/exim4.92 doesn't?
Subject: Re: [exim] How to debug an encrypted smtp auth connection?
On Fri, Sep 11, 2020 at 09:23:30PM +0100, Andrew C Aitchison wrote:
> > I'll try to use strace if it's the only way, but that's not going to be
> > fun.
>
> What error message are you getting ?
>
> If the failure is at the tls handshake, does tcpdump
> or relatives have anything useful to say ?



root@salt2:/srv/salt# echo test | Mail -s test -v merlin@???
LOG: MAIN
<= root@??? U=root P=local S=493
root@salt2:/srv/salt# delivering 1kGpoi-0002wy-Ok
R: smarthost for merlin@???
T: remote_smtp_smarthost for merlin@???
Connecting to smtp.gmail.com [74.125.202.108]:587 ... connected
SMTP<< 220 smtp.gmail.com ESMTP 15sm1803197ilz.66 - gsmtp
SMTP>> EHLO salt.internal

  SMTP<< 250-smtp.gmail.com at your service, [34.68.13.114]
         250-SIZE 35882577
         250-8BITMIME
         250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
         250-ENHANCEDSTATUSCODES
         250-PIPELINING
         250-CHUNKING
         250 SMTPUTF8

SMTP>> AUTH PLAIN ****************************************************************

  SMTP<< 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbt
         534-5.7.14 T8bT_CFJFMpDExpkTzd0XYtwVnEHGEEuH6uw3agTZqpq9UO3LIi8nunUyuqWyZsrFH9Pd
         534-5.7.14 ewzvkm8spFH-o7R_WcUGHrkG6CGjK_g_jg6tx1hKrxNJx42NW8YsTAllRbStD6Wk>
         534-5.7.14 Please log in via your web browser and then try again.
         534-5.7.14  Learn more at
         534 5.7.14  https://support.google.com/mail/answer/78754 15sm1803197ilz.66 - gsmtp
LOG: MAIN
  plain authenticator failed H=smtp.gmail.com [74.125.202.108] 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbt


Ooooh, never mind, I was focussing on the AUTH bit when I totally missed
that my client never issued STARTTLS.
Now I need to figure out why that's not working, but that's easier to debug.

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.

Home page: http://marc.merlins.org/