E-mail not working both OTP and alert

[rcdevs_newbie]

I had a test setup of OpenOTP/WebADM up and working, but pointing at a
test ldap instance.

I pointed it at our real ldap to do testing in production.

I am pretty certain I have everything set up properly again, however
when testing with e-mail authentication, e-mails are not sent.

I'm sure I've missed something in the switchover, but nothing obvious
is showing up in the logs.

I am testing from the webadm interface. An anonymized portion of the
soap log with a successful login:

[Sun May 06 20:02:24 2012] [127.0.0.1] [OpenOTP_083327AE] New
openotpStatus SOAP request
[Sun May 06 20:02:25 2012] [127.0.0.1] Checking OpenOTP built-in
license
[Sun May 06 20:02:25 2012] [127.0.0.1] License Ok (10/25 acivated
users)
[Sun May 06 20:02:25 2012] [127.0.0.1] [OpenOTP_083327AE] Sent status
response
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] New
openotpLogin SOAP request
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] > Username:
Test
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] > Domain:
TestDomain
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] > LDAP
Password: xxxxxxxxxxxxxxxxx
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] > Client ID:
OpenOTP
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Registered
openotpLogin request
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Searching
for user in domain 'TestDomain' (o=test)
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Found LDAP
user: CN=Test User,O=test
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Locked user
account
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Found user
mobile: 708-555-1212
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Found user
email: te...@test.com
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Found user
settings:
LoginMode=LDAPOTP,OTPType=MAIL,OTPLength=6,ChallengeMode=1,ChallengeTimeout=30,ChallengeFake=1,HOTPLookAheadWindow=25,TOTPTimeStep=30,TOTPTimeOffsetWindow=120,MOTPTimeOffsetWindow=120,OCRASuite=OCRA-1:HOTP-
SHA1-6:QN06-
T1M,SMSType=Normal,SMSMode=Ondemand,MailMode=Ondemand,ListSize=50,LastOTPTime=86400
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] LDAP
password Ok
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Challenge
required
[Sun May 06 20:02:32 2012] [127.0.0.1] [OpenOTP_08F2963D] Could not
send MAIL OTP to te...@test.com for CN=Test User,O=test
[Sun May 06 20:02:32 2012] [127.0.0.1] Recorded alert in SQL database
[Sun May 06 20:02:32 2012] [127.0.0.1] Could not send alert email to
'ad...@test.com'
[Sun May 06 20:02:34 2012] [127.0.0.1] [OpenOTP_08F2963D] Sent failure
response
[Sun May 06 20:02:36 2012] [127.0.0.1] [OpenOTP_2E136A2F] New
openotpStatus SOAP request
[Sun May 06 20:02:36 2012] [127.0.0.1] [OpenOTP_2E136A2F] Sent status
response


The mail server is a separate box running sendmail. I get this in the
sendmail logs:

May 6 18:28:51 canit2 sendmail[29476]: q46NSppM029476:
2factor.test.com [192.168.1.166] did not issue MAIL/EXPN/VRFY/ETRN
during connection to MTA


When I run a tcpdump on the openotp machine and watch the smtp
conversation, the openotp machine issues an "EHLO 127.0.0.1" and then
issues a "quit" for the first e-mail attempt. For the second, after
the "EHLO 127.0.0.1" openOTP just issues a TCP FIN in response to the
sendmail response.

I've tried with two different mail servers.

When I was using my test ldap server this was working. That ldap was
a copy of production. After changing the ldap server, I hit the
button to install the ldap settings, set up a default domain and
started testing. Perhaps there was some other cleanup I missed.

My mail server section of the servers.xml file looks like:

<MailServer name="CanIT SMTP Server"
host="canit2.test.com"
port="25"
user=""
password=""
encryption="NONE" />


A telnet smtp session from the OpenOTP server works fine.

Any help or suggestions appreciated.

[rcdevs_newbie]

Never fails. Pound against a problem for hours. Post to a technical
list and immediately solve it.

After swiching over to the new ldap server, I had failed to put a FROM
e-mail address in the SMTP settings of the OpenOTP server in WebADM.

Hopefully my post saves someone else some time down the line.

[Rob Dyke]

I'm having same issues...

I have checked the FROM: address is set in OpenOTP;

Here is my config:

<MailServer name="Send Server net"

        host="send.server.net"

        port="587"

        user="u.u...@server.net"

        password="London4321!"

        encryption="SSL" />

yet I still have trouble authenticating to the server.

Here is the same host sending to the same SMTP, but this time via a ruby app:

ActionMailer::Base.smtp_settings = {

    :enable_starttls_auto => true,

    :address => 'send.server.net',

    :port => 587,

    :tls => true,

    :domain => 'server.net',

    :authentication => :login,

    :user_name => 'u.user@server.net',

    :password => 'London4321!'

}

Pretty confident that the username and password are correct as ruby works, but not RCDevs.

Here's hoping that by posting I solve it myself just as @rcdevs_newbie has!

Thanks, Rob

[Rob Dyke]

Testing a few options in server.xml

• With encryption="TLS" I get SMTP Error: Could not authenticate
  
• With encryption="SSL" I get SMTP Error: Could not authenticate
  

And I'm pretty sure that I can reach the server:

-bash-4.1# telnet send.server.net 587
Trying 10.222.62.43...
Connected to send.server.net.
Escape character is '^]'.
220 smtp.nhs.net service ready
ehlo localhost.localdomain
250-smtp.server.net Hello [192.168.xx.yyy]
250-SIZE 21504000
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
^]
telnet> quit
Connection closed.

[Administrators]

What WebADM version is it? As there used to be some issues with SMTP
connector in some previous versions.

On Jun 30, 9:54 pm, Rob Dyke <robd...@gmail.com> wrote:
> Testing a few options in server.xml
>

>    - With encryption="TLS" I get SMTP Error: Could not authenticate
>    - With encryption="SSL" I get SMTP Error: Could not authenticate

> >     :user_name => 'u.u...@server.net',

[Rob Dyke]

Hi Admin,

We are using :

-bash-4.1# head /opt/webadm/VERSION 

RCDevs WebADM v1.2.0-2 for Linux 32Bit

Built April 06 2012

We are running this on a Centos machine 6.2 server

Linux MCD-AuthSrv01 2.6.32-220.17.1.el6.x86_64 #1 SMP Wed May 16 00:01:37 BST 2012 x86_64 x86_64 x86_64 GNU/Linux

[Administrators]

The fixes were in 1.2.1x, try to upgrade to the last version.
I suppose it will work...

[Rob Dyke]

Please be clearer!

I supposed it should work also, but it doesn't.

Please can you give further documentation as to the configuration options for using STARTTLS to give SMTPS?

Thanks, Rob

[Administrators]

With TLS the server block should be:

<MailServer name="SMTP Server"
host="serveraddr"
port="serverport"
user="username"
password="password"
encryption="TLS" />

Encryption options are: NONE, SSL and TLS. With TLS you use the SMTP
port and with SSL you use the SMTMs port.
TLS means starttls over the SMTP port.

The message "Could not authenticate" is not because of a TLS issue.
Please check your mail server logs instead.

[Rob Dyke]

Hi Admin,

Thank you for your info.

I have:

Updated RCDevs to latest release

I have checked my username and password are correct by accessing the remote/3rd party mail server using webmail.

I am unable to check the mail server logs, this is a remote mail server.

I am doing more testing now.

Thanks, Rob

[Chaz klinkbeil]

can you post your mail server settings then? I tried adding a from address and it still came up with nothing.