I am using msmtp to sent emails but getting authentication error although my login credentials were right.
my msmtprc file contains
defaults
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account default
host smtp.gmail.com
port 25
auth on
user *******#gmail.com
password *********
from **********#gmail.com
logfile /var/log/msmtp.log
on running this command on terminal
echo -e "Subject: Test Mail\r\n\r\nThis is my first test email." |msmtp --debug --from=default -t vikrantgoutam16#gmail.com
I get the following errors
msmtp: authentication failed (method PLAIN)
msmtp: server message: 535-5.7.8 Username and Password not accepted. Learn more at
msmtp: server message: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials b14sm68898705pfi.92 - gsmtp
msmtp: could not send mail (account default from /etc/msmtprc)
I just had the same issue. I have a Debian 10 32bit with PHP 7.3.14-1, and the /etc/msmtprc file has...
account <myusername>#gmail.com
host smtp.gmail.com
port 587
tls on
tls_starttls on
auth on
user <myusername>
password <plain-password>
from <username>#gmail.com
account default : <username>#gmail.com
This configuration sends the email with no errors using smtp.gmail.com, then I have a GCE (Google Compute Engine) with Debian 10 64bit and PHP 7.3.14-1, with the exact same configuration file and it does not work.
I enabled the 2-step verification method and generated a 16 character password for my script, with the App Password, the GCE just worked. Of course the 32bit machine is not able to send emails anymore, but my priority was the GCE machine. The configuration file on GCE is...
# Set default values for all following accounts.
defaults
port 587
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account gmail
host smtp.gmail.com
from <myusername>#gmail.com
auth on
user <myusername>#gmail.com
password <16 character password from Gmail>
# Set a default account
account default : gmail
It's probably worth mention that the 32bit machine has gCloud SDK and it's fully capable of login and connect to the GCE instance.
Following the guide on the arch wiki I realized that I did not have chmod setting.
I technically copied and pasted the settings in the example making these changes:
from
user
password
<< deleted the freemail service section >>
Once I set this parameter solution worked for me.
Related
I'm trying to connect Postgres server with the gssapi protocol. User accounts have been created in Active Directory.
I used the following commands:
postgres#xxxxx:John $ ktutil
ktutil: add_entry -password -p POSTGRES/myserver.domain.com -k 1 -e aes256-cts-hmac-sha1-96
Password for POSTGRES/myserver.domain.com#myad.domain.com
ktutil: write_kt postgres.keytab
ktutil: quit
postgres#xxxxx:John $ klist -k postgres.keytab
Keytab name: FILE:postgres.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 POSTGRES/myserver.domain.com#myad.domain.com
postgres#xxxxx:John $ kinit john
Password for john#myad.domain.com
postgres#xxxxx:John $ klist
Ticket cache: KEYRING:persistent:26:26
Default principal: john#myad.domain.com
Valid starting Expires Service principal
09/28/2020 14:45:09 09/29/2020 00:45:09 krbtgt/myad.domain.com#myad.domain.com
renew until 10/05/2020 14:45:00
When I try connecting with my admin user, I got this unsuccessful reply.
psql -d postgres -h pgserver -p 5432 -U john#domain.com
psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information
GSSAPI continuation error: Server not found in Kerberos database
What are the missing steps?
"Server not found in Kerberos database" means the GSSAPI trying to reach the KDC and attempting to login using SPN instead of UPN.
This can be avoided by specifying "isInitiator=false" in JAAS config. Doing this, the incoming token will be decrypted on client side itself (Postgres).
If there is a delegation involved here (which I don't think is), then "isInitiator=true" needs to be set in JAAS config, and SPN must be equal to the UPN of the account to which the SPN is attached.
Check ktpass on windows, it creates Keytab file and also changes user's UPN to the SPN value specified. Similar thing should be done on your setup.
Please help with the following problem ...
OS - Windows.
I want to configure SSL on Postgresql 12.
Then my Java application will add entries to the database, delete, etc.
I created certificates: CA, server, client.
CA and server are located in the directory C:\Program Files\PostgreSQL\12\data
The client is located in C:\Users\User\AppData\postgresql
Then I added CA certificate to trusted in Windows.
Configs:
pg_hba:
hostnossl all all 0.0.0.0/0 reject
hostssl all all 0.0.0.0/0 cert clientcert=1
postgresql.conf:
ssl = on
ssl_ca_file = 'root.crt'
I can connect server throw pgAdmin with my certificates, but there are some errors in cmd (and java)
Thant's what I tried to do in cmd
psql.exe -U postgres -h 127.0.0.1
Result:
SSL: certificate verify failed
FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "postgres", database "prod", SSL off
Logs:
tlsv1 alert unknown ca
FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "postgres", database "prod", SSL off
Please, tell me what's can be wrong and how can I fix it...
Also I did not find information, how to transfer my certificates to the database from Java application. Maybe, anybody can help me with that problem))
Thanks!
use this in your connection string and it will work:
ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
Then I added CA certificate to trusted in Windows.
psql does not integrate with the Windows certificate manager. The CA to be used by the client needs to go in %APPDATA%\postgresql\root.crt, or if elsewhere its location must be specified by a connection parameter (sslrootcert) or environment variable (PGSSLROOTCERT). These must be files, I don't think there is way to say "go get it from the cert manager".
I think jdbc is the same way, it does not integrate with the Windows cert manager either, for how to specify the locations see https://jdbc.postgresql.org/documentation/head/ssl-client.html
SSL: certificate verify failed FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "postgres", database "prod", SSL off
Maybe you already know this, but first it tried using SSL and failed to verify the cert (it does not make it clear which side failed, the client cert or the server cert), then it tried to fall back to no SSL and got rejected by the pg_hba. If you had set the client's sslmode to "require" or higher, it would not have tried to fall back to the no SSL, it would have stopped at the first error.
Since I upgraded my production site (Linux, Apache) from Vanilla 2.2.1 on PHP 5.5 to Vanilla 2.3.1 on PHP 7.0, my site cannot send emails - failing with the message "SMTP Error: Could not connect to SMTP host."
My settings are:
SMTP Host: smtp.gmail.com
SMTP User: [my email]
SMTP Password: [my password]
SMTP Port: 465
SMTP Security: SSL
I read many similar questions on SO and tried the following:
Confirm OpenSSL is enabled
Confirm with the hosting provider that port 465 is not blocked on their firewall
Telnet test on the hosting server gives this:
$ telnet smtp.gmail.com 465
Trying 108.177.97.108...
Connected to smtp.gmail.com.
Escape character is '^]'.
Connection closed by foreign host.
Switching to a different hosting server (same provider) with PHP 7.0, but same error
Not sure if this will be useful information, but when I try TLS with port 587 it gives another error - "Language string failed to load: tls"
My local test site with Vanilla 2.3.1 on PHP 7.0 (Windows, IIS), an identical copy of the production, can send emails without problem with the above SSL settings.
Is there anything else I can try? Any help is appreciated!
I've uncommented the 'submission' line in master.cf and I can 'telnet example.com 587' on my mail server with no problem but how do I send mail from the command line of the client to the postfix server over port 587?
My server is hosted as a digitalocean droplet (centos instance) on the internet and my client is my home laptop.
Each time I try to deliver a message with the 'mail user#example.com' command I instantly receive a rejection message because my isp blocks port 25.
Any help greatly appreciated :)
mail command will drop the mail to the SMTP server running on your home laptop and the SMTP server running on your home laptop is not configured i guess. So it is trying to deliver the mail by doing an MX lookup (i.e to port 25 of your MX server). If you want to do any smtp tests please try using swaks tool.
# For eg. to authenticate and send mail from your mail server, you will have to use
swaks -f you#example.com -t someone#yahoo.com -s example.com -p 587 --auth-user you#example.com --auth-pass somepass
# -f from
# -t to
# -s server
# -p port
# --auth-user username
# --auth-pass password
More info here Hope that helps.
I installed hMailServer and did the following
1. Created a test.com domain
2. Added an user testuser
Now the hMailServer is running in my localhost.
When I install Mozilla thunder bird and try to configure it by entering the username and password, it fails giving
Thunderbird failed to find the settings for your email account.
How can I tell thunderbird about the hMailServer running in my local host? Where is thunderbird looking for the domain when I entered testuser#test.com?
I saw some messages like "Looking up in Mozilla ISP database". But the mail server is in my local machine.
Am I missing any configuration details?
UPDATE
I posted a video tutorial on YouTube on how to configure hMail and Thunderbird: https://www.youtube.com/watch?v=FMPfcVd6OOk
I found it pay attention to the IPv4 address -that is very important :
http://www.mjvanderwielen.com/?p=1632
Make sure:
Incoming is: ”IMAP”
Server hostname: local ip address server computer
Port: 143
SSL: None
Authentication: Normal password
Username: complete account name!!
Outgoing: ”SMTP”
Server hostname: as per your host
Port: as per your host
SSL: as per your host
Authentication: as per your host