Exchange SMTP Issue

[Reuben Lewis]

I'm setting up Gerrit to send emails, and am coming across this error when trying to connect to our mail server:

Unsupported AUTH: 250-AUTH GSSAPI NTLM

All my settings are right according to our IT to connect to the mail server. It seems to be the way Exchange authenticates is not liked by Gerrit from my googles. Has anyone else had this issue or know of a workaround? 

[Magnus Bäck]

On Tuesday, June 27, 2017 at 21:55 CEST,

Correct; the Exchange server only offers the GSSAPI (Kerberos, in
practice) and NTLM authentication mechanisms but I believe none of
those are supported by Gerrit.

And I take it authentication is mandatory?

I'd expect very few SMTP clients to support GSSAPI and NTLM so I find it
odd that normal mechanisms like PLAIN, DIGEST-MD5, and CRAM-MD5 aren't
accepted.

Postfix's SMTP client can be configured to use GSSAPI so one way forward
could be to have Gerrit submit messages to a local Postfix instance
(something I recommend anyway) and configure Postfix to authenticate to
your IT department's server using GSSAPI.

--
Magnus Bäck | Software Engineer, Development Tools
magnu...@axis.com | Axis Communications

[Reuben Lewis]

Thanks for your response! I got the SMTP server working, so I'll post my solution for others in a similar spot.

1. Install postfix and sendmail on your system through "apt"
   
2. open the postfix config file
   sudo vim /etc/postfix/main.cf
   
3. There are a couple things to edit here. First, set your domain. For this post, yourdomain.com is the domain, and mail.yourdomain.com is the mail server.
   mydomain = yourdomain.com
   myorigin = $myhostname
   Then set the destination
   mydestination =$myhostname, localhost.$mydomain, localhost
   Then set relayhost. If the port is 25, just put in mail server. If a different port is used for mail, put the server in brackets and add the port to the end
   relayhost = mail.yourdomain.com #for port 25
   OR
   relayhost = [mail.yourdomain.com]:587#for other ports
   Then, add these. All are configs for smtp. The mos important is the mechanism filter, as that makes the login work.
   smtpd_sasl_path=smtpd
   smtp_sasl_auth_enable=yes
   smtp_sasl_security_options=noanonymous
   smtp_sasl_password_maps=hash:/etc/postfix/saslpasswd
   smtp_sasl_mechanism_filter=!gssapi, !login,static:rest
   smtp_always_send_ehlo=yes
   smtpd_sasl_local_domain=$mydomain
   broken_sasl_auth_clients=yes
   smtp_send_dummy_mail_auth=no
   smtpd_recipient_restrictions=
   

   permit_sasl_authenticated,
   permit_mynetworks,
   check_relay_domains

   Next, we have to create the username and password file to authenticate. This is the HASH location mentioned above in the config. The mail server syntax is done the same as above depending on the port.
   sudo vim /etc/postfix/saslpasswd
   #In file
   mail.mydomain.com  username:password  #For the default port
   OR
   [mail.mydomain.com]:587 username:password #For other port
   
   #In terminal, makes the HASH
   sudo postmap /etc/postfix/saslport
   #Restart service
   sudo service postfix restart
   #test it
   echo "The body of email" | sendmail "Subject" -a "From: mye...@mydomain.com" reciever@theirdomain.com
   
   
   
   
4. Next, configure Gerrit.

   [sendemail]
           smtpServer = local
           smtpServerPort = 25
           from = USER #Grabs the users email from their LDAP config
           allowedDomain = yourdomain.com
           includeDiff = true

That's it! Test it with a commit to make sure it works.   
If I remember any more about the configuration, I'll be sure to post it!

[Jesse Millwood]

Is that line that says

sudo postmap /etc/postfix/saslport

supposed to be

sudo postmap /etc/postfix/saslpasswd

?

Thanks

[Gert van Dijk]

On Wednesday, 12 September 2018 14:11:58 UTC+2, Jesse Millwood wrote:

Is that line that says

sudo postmap /etc/postfix/saslport

supposed to be

sudo postmap /etc/postfix/saslpasswd

?

 

Yes, I have quite some experience with Postfix, and I think it is safe to say it was a typo by Reuben.