Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connecting Haraka with Zimbra LDAP #2760

Closed
raihan519 opened this issue Feb 10, 2020 · 25 comments
Closed

Connecting Haraka with Zimbra LDAP #2760

raihan519 opened this issue Feb 10, 2020 · 25 comments

Comments

@raihan519
Copy link

@raihan519 raihan519 commented Feb 10, 2020

system info

Haraka | Haraka.js — Version: 2.8.25
 --- | :--- 
Node | v12.14.1
OS | Linux haraka 4.15.0-76-generic #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
openssl | OpenSSL 1.1.1  11 Sep 2018

The Purpose

I want to authenticate everybody who is sending email with my Haraka. So, i want them input username & password as requirement to send email via my Haraka.

The Problem

I already succeeded forcing everybody to input username & password before they can send email. But, i'm achieve this by using auth/flat_file method.

At this moment i want to authenticate my Haraka with auth/auth_ldap. I want to conect it to my Zimbra LDAP. But it seems i failed to do it 😆

As a note, ZImbra LDAP have a ldap username & password as a requirement to connect. My guess is, i cannot connect to the Zimbra LDAP because i didn't input the ldap username & password

The Configuration

Below is the configuration of my Haraka

  • config/plugins
auth/flat_file
# auth/auth_proxy
auth/auth_ldap
  • config/auth_ldap.ini
[core]
server=ldaps://myldap.domain.com
timeout=5000
rejectUnauthorized=false

The Question

  • Has anyone in here connect Haraka to Zimbra LDAP? If someone in here already doing something like this, i'll be happy to hear it.
  • Or anyone in here know how to input ldap username & password to the config/auth_ldap.ini file?
@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Feb 11, 2020

I haven't heard of it happening, but that doesn't mean it hasn't. I'd also point out that there's another LDAP plugin you might want to try if you aren't successful with auth_ldap.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 12, 2020

Hi msimerson,

Thank you for the information.
Do i need to add some text in config/plugins file?

@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Feb 12, 2020

Just the name of the plugin. In the case of haraka-plugin-ldap, you'd just put , ldap in the config/plugins file.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 12, 2020

Hi msimerson,

It seems i still failed to do it

Below is my config/plugins file

# This file lists plugins that Haraka will run
#
# Plugin ordering often matters, run 'haraka -o -c /path/to/haraka/config'
# to see the order plugins (and their hooks) will run in.
#
# To see a list of all plugins, run 'haraka -l'
#
# To see the help docs for a particular plugin, run 'haraka -h plugin.name'

#status
#process_title
# Log to syslog (see 'haraka -h syslog')
 syslog

# CONNECT
#toobusy
#karma
relay
# control which IPs, rDNS hostnames, HELO hostnames, MAIL FROM addresses, and
# RCPT TO address you accept mail from. See 'haraka -h access'.
# access
# p0f
# geoip
# asn
# fcrdns
# block mails from known bad hosts (see config/dnsbl.zones for the DNS zones queried)
dnsbl

# HELO
#early_talker
# see config/helo.checks.ini for configuration
helo.checks
# see 'haraka -h tls' for config instructions before enabling!
# tls
#
# AUTH plugins require TLS before AUTH is advertised, see
#     https://github.com/haraka/Haraka/wiki/Require-SSL-TLS
 auth/flat_file
# auth/auth_proxy
# auth/auth_ldap

# MAIL FROM
# Only accept mail where the MAIL FROM domain is resolvable to an MX record
mail_from.is_resolvable
#spf

# RCPT TO
# At least one rcpt_to plugin is REQUIRED for inbound email. The simplest
# plugin is in_host_list, see 'haraka -h rcpt_to.in_host_list' to configure.
rcpt_to.in_host_list
#qmail-deliverable
#rcpt_to.ldap
#rcpt_to.routes

# DATA
#bounce
# Check mail headers are valid
data.headers
#data.uribl
#attachment
#clamd
#spamassassin
#dkim_sign
#limit

# QUEUE
# queues: discard  qmail-queue  quarantine  smtp_forward  smtp_proxy
# Queue mail via smtp - see config/smtp_forward.ini for where your mail goes
queue/smtp_forward

# Disconnect client if they spew bad SMTP commands at us
max_unrecognized_commands

#watch
ldap

And also my ldap.ini file

server[] = ldap://ldap.domain.com:389
binddn = uid=zimbra,cn=admins,cn=zimbra
bindpw = password123
basedn = domain.com
scope = base

[authn]
scope = sub
searchfilter = (&(objectclass=*)(uid=%u))
dn[] = uid=%u,ou=users,dc=excellent,dc=com
#dn[] = uid=%u,ou=people,dc=domain,dc=com

And for addtional information, below are my test result with swaks

# swaks -s localhost -p 587 -f raihan@domain.com -t user@gmail.com --auth-user user@domain.com --auth-password password
=== Trying localhost:587...
=== Connected to localhost.
<-  220 haraka ESMTP Haraka/2.8.25 ready
 -> EHLO haraka
<-  250-haraka Hello Unknown [127.0.0.1]Haraka is at your service.
<-  250-PIPELINING
<-  250-8BITMIME
<-  250-SMTPUTF8
<-  250-SIZE 0
<-  250 AUTH LOGIN
 -> AUTH LOGIN
<-  334 VXNlcm5hbWU6
 -> bXVoYW1tYWQucmFpaGFuQGV4Y2VsbGVudC5jby5pZA==
<-  334 UGFzc3dvcmQ6
 -> QENvbGFtZU5fMDIwMzIwMDA=
<** 535 5.7.8 Authentication failed
*** No authentication type succeeded
 -> QUIT
<-  221 haraka closing connection. Have a jolly good day.
=== Connection closed with remote host.

And at last my log output.

Feb 12 09:58:27 haraka haraka[3176]: [NOTICE] [F6A8E729-99E5-4195-929C-82F883E98AF2] [core] disconnect ip=127.0.0.1 rdns=Unknown helo=haraka relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="535 5.7.8 Authentication failed" time=1.03
Feb 12 09:58:27 haraka haraka[3165]: [NOTICE] [F6A8E729-99E5-4195-929C-82F883E98AF2] [core] disconnect ip=127.0.0.1 rdns=Unknown helo=haraka relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="535 5.7.8 Authentication failed" time=1.03
@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Feb 12, 2020

are there any [ldap] log lines?

I'm wondering if this is right: binddn = uid=zimbra,cn=admins,cn=zimbra

Typically I'd expect to see ou and dc properties in there.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 12, 2020

Hi msimersin,

Here are the [ldap] log output.

Feb 12 10:12:50 haraka haraka[3330]: [INFO] [-] [ldap] loading ldap.ini
Feb 12 10:12:50 haraka haraka[3330]: [DEBUG] [-] [core] registered hook capabilities to ldap.hook_capabilities priority 0
Feb 12 10:12:50 haraka haraka[3330]: [DEBUG] [-] [core] registered hook unrecognized_command to lda.hook_unrecognized_command priority 0
Feb 12 10:12:50 haraka haraka[3330]: [DEBUG] [-] [server] running init_child hook in ldap plugin
Feb 12 10:12:50 haraka haraka[3319]: [DEBUG] [-] [server] running init_child hook in ldap plugin
Feb 12 10:12:50 haraka haraka[3330]: [DEBUG] [-] [ldap] Current config: {#012  servers: [ 'ldap://ldap.domain.com:389' ],#012  timeout: undefined,#012  tls_enabled: false,#012  tls_rejectUnauthorized: undefined,#012  scope: 'base',#012  binddn: 'uid=zimbra,cn=admins,cn=zimbra',#012  bindpw: 'password123',#012  basedn: 'domain.com',#012  aliases: undefined,#012  authn: {#012    scope: 'sub',#012    searchfilter: '(&(objectclass=*)(uid=%u))',#012    dn: [ 'uid=%u,ou=people,dc=domain,dc=com' ]#012  },#012  authz: undefined,#012  rcpt_to: undefined#012}
Feb 12 10:12:50 haraka haraka[3319]: [DEBUG] [-] [ldap] Current config: {
Feb 12 10:12:50 haraka haraka[3319]:   servers: [ 'ldap://ldap.domain.com:389' ],

About the binddn, is the ou attribute is on the beginning dan dc atribute is on the end of the sentence?

@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Feb 12, 2020

We're wandered deeper into LDAP than I can recall. I only use it every few years and have to learn it anew each time.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 12, 2020

Hi msimerson,

I already tried to add ou attibutes and dc on the binddn.
But it still have the same result.

Can you help me? because i'm stuck and have no clue what is make it not functioning 😆

@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Feb 12, 2020

There should be some auth logs during your connection attempt that reveal what happened.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 12, 2020

Hi msimerson,

is the information in haraka.log file?

@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Feb 12, 2020

Typically, yes. You make it easier for us when you post all the log entries for the connection.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 12, 2020

Hi msimerson,

Hope this can help

Feb 12 14:13:54 haraka haraka[2029]: [ERROR] [-] [limit] Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
Feb 12 14:13:54 haraka haraka[2029]: [ERROR] [-] [limit] Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
Feb 12 14:13:54 haraka haraka[2040]: [ERROR] [-] [limit] Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
Feb 12 14:13:54 haraka haraka[2029]: [ERROR] [-] [limit] Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [-] [core] addOCSP: not available
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [-] [core] addOCSP: not available
Feb 12 14:14:07 haraka haraka[2040]: [NOTICE] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] connect ip=127.0.0.1 port=46178 local_ip=:: local_port=587
Feb 12 14:14:07 haraka haraka[2029]: [NOTICE] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] connect ip=127.0.0.1 port=46178 local_ip=:: local_port=587
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect_init hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect_init hooks
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect_init hook in relay plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect_init hook in relay plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [relay] checking 127.0.0.1 in relay_acl_allow
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [relay] checking 127.0.0.1 in relay_acl_allow
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=connect_init plugin=relay function=acl params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=connect_init plugin=relay function=acl params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect_init_respond
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect_init_respond
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running lookup_rdns hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running lookup_rdns hooks
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect hooks
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect hook in relay plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect hook in relay plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=connect plugin=relay function=pass_relaying params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=connect plugin=relay function=pass_relaying params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect hook in dnsbl plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running connect hook in dnsbl plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [dnsbl] skip private: 127.0.0.1
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [dnsbl] skip private: 127.0.0.1
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=connect plugin=dnsbl function=connect_first params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=connect plugin=dnsbl function=connect_first params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 220 haraka ESMTP Haraka/2.8.25 ready
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 220 haraka ESMTP Haraka/2.8.25 ready
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: EHLO haraka state=1
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: EHLO haraka state=1
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=proto_mismatch_esmtp params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=init params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=match_re params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=bare_ip params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=dynamic params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=big_company params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=literal_mismatch params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=valid_hostname params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=rdns_match params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=forward_dns params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=host_mismatch params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [helo.checks] multi: true, skip:proto_mismatch(private), host_mismatch(private)
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=emit_log params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running capabilities hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running capabilities hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=capabilities plugin=auth/flat_file function=hook_capabilities params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running capabilities hook in ldap plugin
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=capabilities plugin=ldap function=hook_capabilities params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=proto_mismatch_esmtp params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-haraka Hello Unknown [127.0.0.1]Haraka is at your service.
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-PIPELINING
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-8BITMIME
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-SMTPUTF8
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-SIZE 0
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250 AUTH LOGIN
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: AUTH LOGIN state=1
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 334 VXNlcm5hbWU6
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=init params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2029]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=unrecognized_command plugin=auth/flat_file function=hook_unrecognized_command params=AUTH retval=OK msg=""
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: bXVoYW1tYWQucmFpaGFuQGV4Y2VsbGVudC5jby5pZA== state=1
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 334 UGFzc3dvcmQ6
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=match_re params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=bare_ip params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=dynamic params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=big_company params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2029]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=unrecognized_command plugin=auth/flat_file function=hook_unrecognized_command params="bXVoYW1tYWQucmFpaGFuQGV4Y2VsbGVudC5jby5pZA==" retval=OK msg=""
Feb 12 14:14:07 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: QENvbGFtZU5fMDIwMzIwMDA= state=1
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hooks
Feb 12 14:14:07 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2029]: [NOTICE] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [auth/flat_file] delaying for 1 seconds
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=literal_mismatch params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=valid_hostname params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=rdns_match params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=forward_dns params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=host_mismatch params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running ehlo hook in helo.checks plugin
Feb 12 14:14:07 haraka haraka[2040]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [helo.checks] multi: true, skip:proto_mismatch(private), host_mismatch(private)
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=ehlo plugin=helo.checks function=emit_log params=haraka retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running capabilities hooks
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running capabilities hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=capabilities plugin=auth/flat_file function=hook_capabilities params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running capabilities hook in ldap plugin
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=capabilities plugin=ldap function=hook_capabilities params="" retval=CONT msg=""
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-haraka Hello Unknown [127.0.0.1]Haraka is at your service.
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-PIPELINING
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-8BITMIME
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-SMTPUTF8
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250-SIZE 0
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 250 AUTH LOGIN
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: AUTH LOGIN state=1
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hooks
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 334 VXNlcm5hbWU6
Feb 12 14:14:07 haraka haraka[2040]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=unrecognized_command plugin=auth/flat_file function=hook_unrecognized_command params=AUTH retval=OK msg=""
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: bXVoYW1tYWQucmFpaGFuQGV4Y2VsbGVudC5jby5pZA== state=1
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hooks
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 334 UGFzc3dvcmQ6
Feb 12 14:14:07 haraka haraka[2040]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=unrecognized_command plugin=auth/flat_file function=hook_unrecognized_command params="bXVoYW1tYWQucmFpaGFuQGV4Y2VsbGVudC5jby5pZA==" retval=OK msg=""
Feb 12 14:14:07 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: QENvbGFtZU5fMDIwMzIwMDA= state=1
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hooks
Feb 12 14:14:07 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running unrecognized_command hook in auth/flat_file plugin
Feb 12 14:14:07 haraka haraka[2040]: [NOTICE] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [auth/flat_file] delaying for 1 seconds
Feb 12 14:14:08 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 535 5.7.8 Authentication failed
Feb 12 14:14:08 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 535 5.7.8 Authentication failed
Feb 12 14:14:08 haraka haraka[2029]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=unrecognized_command plugin=auth/flat_file function=hook_unrecognized_command params="QENvbGFtZU5fMDIwMzIwMDA=" retval=OK msg=""
Feb 12 14:14:08 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: QUIT state=1
Feb 12 14:14:08 haraka haraka[2029]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running quit hooks
Feb 12 14:14:08 haraka haraka[2029]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 221 haraka closing connection. Have a jolly good day.
Feb 12 14:14:08 haraka haraka[2029]: [NOTICE] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] disconnect ip=127.0.0.1 rdns=Unknown helo=haraka relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="535 5.7.8 Authentication failed" time=1.02
Feb 12 14:14:08 haraka haraka[2040]: [INFO] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core]  hook=unrecognized_command plugin=auth/flat_file function=hook_unrecognized_command params="QENvbGFtZU5fMDIwMzIwMDA=" retval=OK msg=""
Feb 12 14:14:08 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] C: QUIT state=1
Feb 12 14:14:08 haraka haraka[2040]: [DEBUG] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] running quit hooks
Feb 12 14:14:08 haraka haraka[2040]: [PROTOCOL] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] S: 221 haraka closing connection. Have a jolly good day.
Feb 12 14:14:08 haraka haraka[2040]: [NOTICE] [D68AA525-E283-4A8D-A55E-05382FF8CAB7] [core] disconnect ip=127.0.0.1 rdns=Unknown helo=haraka relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="535 5.7.8 Authentication failed" time=1.02
@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Feb 12, 2020

The ldap plugin never tried to auth. Comment out the auth/flat_file plugin and try again.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 12, 2020

Hi msimerson,

I still unable to authenticate, but it's different error when i test it with swaks

# swaks -s localhost -p 587 -f raihan@domain.com -t user@gmail.com --auth-user user@domain.com --auth-password password
=== Trying localhost:587...
=== Connected to localhost.
<-  220 haraka ESMTP Haraka/2.8.25 ready
 -> EHLO haraka
<-  250-haraka Hello Unknown [127.0.0.1]Haraka is at your service.
<-  250-PIPELINING
<-  250-8BITMIME
<-  250-SMTPUTF8
<-  250 SIZE 0
*** Host did not advertise authentication
 -> QUIT
<-  221 haraka closing connection. Have a jolly good day.
=== Connection closed with remote host.

And i also attach the log file

Feb 12 15:37:23 haraka haraka[1769]: message repeated 2 times: [ [ERROR] [-] [limit] Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379]
Feb 12 15:37:24 haraka haraka[1803]: [ERROR] [-] [limit] Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
Feb 12 15:37:24 haraka haraka[1769]: [ERROR] [-] [limit] Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [-] [core] addOCSP: not available
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [-] [core] addOCSP: not available
Feb 12 15:37:38 haraka haraka[1803]: [NOTICE] [72F10B19-D169-429D-987B-191442517358] [core] connect ip=127.0.0.1 port=53758 local_ip=:: local_port=587
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect_init hooks
Feb 12 15:37:38 haraka haraka[1769]: [NOTICE] [72F10B19-D169-429D-987B-191442517358] [core] connect ip=127.0.0.1 port=53758 local_ip=:: local_port=587
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect_init hooks
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect_init hook in relay plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [relay] checking 127.0.0.1 in relay_acl_allow
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=connect_init plugin=relay function=acl params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect_init_respond
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running lookup_rdns hooks
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect hooks
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect hook in relay plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=connect plugin=relay function=pass_relaying params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect hook in dnsbl plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [dnsbl] skip private: 127.0.0.1
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=connect plugin=dnsbl function=connect_first params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 220 haraka ESMTP Haraka/2.8.25 ready
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] C: EHLO haraka state=1
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hooks
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=proto_mismatch_esmtp params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=init params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect_init hook in relay plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=match_re params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=bare_ip params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=dynamic params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=big_company params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=literal_mismatch params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=valid_hostname params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=rdns_match params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=forward_dns params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [relay] checking 127.0.0.1 in relay_acl_allow
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=host_mismatch params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1769]: [INFO] [72F10B19-D169-429D-987B-191442517358] [helo.checks] multi: true, skip:proto_mismatch(private), host_mismatch(private)
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=emit_log params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running capabilities hooks
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running capabilities hook in ldap plugin
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=capabilities plugin=ldap function=hook_capabilities params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-haraka Hello Unknown [127.0.0.1]Haraka is at your service.
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-PIPELINING
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-8BITMIME
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-SMTPUTF8
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250 SIZE 0
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] C: QUIT state=1
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running quit hooks
Feb 12 15:37:38 haraka haraka[1769]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 221 haraka closing connection. Have a jolly good day.
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] client has disconnected
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running disconnect hooks
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] client has disconnected
Feb 12 15:37:38 haraka haraka[1769]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] client has disconnected
Feb 12 15:37:38 haraka haraka[1769]: [NOTICE] [72F10B19-D169-429D-987B-191442517358] [core] disconnect ip=127.0.0.1 rdns=Unknown helo=haraka relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.011
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=connect_init plugin=relay function=acl params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect_init_respond
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running lookup_rdns hooks
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect hooks
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect hook in relay plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=connect plugin=relay function=pass_relaying params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running connect hook in dnsbl plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [dnsbl] skip private: 127.0.0.1
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=connect plugin=dnsbl function=connect_first params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 220 haraka ESMTP Haraka/2.8.25 ready
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] C: EHLO haraka state=1
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hooks
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=proto_mismatch_esmtp params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=init params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=match_re params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=bare_ip params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=dynamic params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=big_company params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=literal_mismatch params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=valid_hostname params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=rdns_match params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=forward_dns params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=host_mismatch params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running ehlo hook in helo.checks plugin
Feb 12 15:37:38 haraka haraka[1803]: [INFO] [72F10B19-D169-429D-987B-191442517358] [helo.checks] multi: true, skip:proto_mismatch(private), host_mismatch(private)
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=ehlo plugin=helo.checks function=emit_log params=haraka retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running capabilities hooks
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running capabilities hook in ldap plugin
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core]  hook=capabilities plugin=ldap function=hook_capabilities params="" retval=CONT msg=""
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-haraka Hello Unknown [127.0.0.1]Haraka is at your service.
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-PIPELINING
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-8BITMIME
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250-SMTPUTF8
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 250 SIZE 0
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] C: QUIT state=1
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running quit hooks
Feb 12 15:37:38 haraka haraka[1803]: [PROTOCOL] [72F10B19-D169-429D-987B-191442517358] [core] S: 221 haraka closing connection. Have a jolly good day.
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] client has disconnected
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] running disconnect hooks
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] client has disconnected
Feb 12 15:37:38 haraka haraka[1803]: [DEBUG] [72F10B19-D169-429D-987B-191442517358] [core] client has disconnected
Feb 12 15:37:38 haraka haraka[1803]: [NOTICE] [72F10B19-D169-429D-987B-191442517358] [core] disconnect ip=127.0.0.1 rdns=Unknown helo=haraka relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.011
@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 17, 2020

Hi Guys,

Can someone help me with these? I still stuck and have no clue what is the problem

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Feb 18, 2020

Hi msmimerson,

I Have this output in my log, is this my ldap.ini configuration correct or incorrect?

Feb 18 11:31:24 haraka haraka[2594]: [DEBUG] [-] [ldap] Current config: {
Feb 18 11:31:24 haraka haraka[2594]:   servers: [ 'ldap://ldap.colamen.id:389', 'ldaps://ldap.colamen.id:636' ],
Feb 18 11:31:24 haraka haraka[2594]:   timeout: undefined,
Feb 18 11:31:24 haraka haraka[2594]:   tls_enabled: false,
Feb 18 11:31:24 haraka haraka[2594]:   tls_rejectUnauthorized: undefined,
Feb 18 11:31:24 haraka haraka[2594]:   scope: 'base',
Feb 18 11:31:24 haraka haraka[2594]:   binddn: 'cn=admin,dc=colamen,dc=id',
Feb 18 11:31:24 haraka haraka[2594]:   bindpw: 'rahasia',
Feb 18 11:31:24 haraka haraka[2594]:   basedn: 'colamen.id',
Feb 18 11:31:24 haraka haraka[2594]:   aliases: {
Feb 18 11:31:24 haraka haraka[2594]:     scope: 'sub',
Feb 18 11:31:24 haraka haraka[2594]:     searchfilter: '(&(objectclass=groupOfNames)(mailLocalAddress=%a))',
Feb 18 11:31:24 haraka haraka[2594]:     attribute: 'member',
Feb 18 11:31:24 haraka haraka[2594]:     attribute_is_dn: 'true',
Feb 18 11:31:24 haraka haraka[2594]:     subattribute: 'mailLocalAddress'
Feb 18 11:31:24 haraka haraka[2594]:   },
Feb 18 11:31:24 haraka haraka[2594]:   authn: { scope: 'sub', searchfilter: '(&(objectclass=*)(uid=%u))' },
Feb 18 11:31:24 haraka haraka[2594]:   authz: {
Feb 18 11:31:24 haraka haraka[2594]:     scope: 'sub',
Feb 18 11:31:24 haraka haraka[2594]:     searchfilter: '(&(objectclass=*)(uid=%u)(mailLocalAddress=%a))'
Feb 18 11:31:24 haraka haraka[2594]:   },
Feb 18 11:31:24 haraka haraka[2594]:   rcpt_to: { scope: 'sub', searchfilter: '(&(objectclass=*)(mail=%a))' }
Feb 18 11:31:24 haraka haraka[2594]: }
@zezevavai

This comment has been minimized.

Copy link

@zezevavai zezevavai commented Mar 5, 2020

Hi Raihan,

I think you should check for 2 main config :

  1. Make sure LDAP plugin for Haraka is active and there is a log that account has been successfully authenticate against LDAP (even if it throws an error for invalid credentials)

  2. Make sure LDAP bind on Zimbra side is correct. You can try to compare the bind dn with another apps (ie : Thunderbird External LDAP Account or simply using any LDAP app such as phpldapadmin)

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Mar 10, 2020

Hi Vavai,

Thank you so much for the information.

I already make sure my Haraka plugin is active, here are the log :

Mar 10 10:46:12 haraka haraka[19239]: [DEBUG] [-] [ldap] Current config: {#012  servers: [ 'ldap://192.168.11.115:389' ],#012  timeout: undefined,#012  tls_enabled: false,#012  tls_rejectUnauthorized: undefined,#012  scope: 'base',#012  binddn: '',#012  bindpw: 'rahasia',#012  basedn: 'ou=people,dc=raihan,dc=net',#012  aliases: {#012    scope: 'sub',#012    searchfilter: '(mail=*)',#012    attribute: 'member',#012    attribute_is_dn: 'true',#012    subattribute: 'mailLocalAddress'#012  },#012  authn: {#012    scope: 'sub',#012    searchfilter: '(mail=*)',#012    dn: [ 'uid=%u,ou=people,dc=raihan,dc=net' ]#012  },#012  authz: { scope: 'sub', searchfilter: '(mail=*)' },#012  rcpt_to: { scope: 'sub', searchfilter: '(mail=*)' }#012}
Mar 10 10:46:12 haraka haraka[19228]: [DEBUG] [-] [ldap] Current config: {
Mar 10 10:46:12 haraka haraka[19228]:   servers: [ 'ldap://192.168.11.115:389' ],
Mar 10 10:46:12 haraka haraka[19228]:   timeout: undefined,
Mar 10 10:46:12 haraka haraka[19228]:   tls_enabled: false,
Mar 10 10:46:12 haraka haraka[19228]:   tls_rejectUnauthorized: undefined,
Mar 10 10:46:12 haraka haraka[19228]:   scope: 'base',
Mar 10 10:46:12 haraka haraka[19228]:   binddn: '',
Mar 10 10:46:12 haraka haraka[19228]:   bindpw: 'secret',
Mar 10 10:46:12 haraka haraka[19228]:   basedn: 'ou=people,dc=raihan,dc=net',
Mar 10 10:46:12 haraka haraka[19228]:   aliases: {
Mar 10 10:46:12 haraka haraka[19228]:     scope: 'sub',
Mar 10 10:46:12 haraka haraka[19228]:     searchfilter: '(mail=*)',
Mar 10 10:46:12 haraka haraka[19228]:     attribute: 'member',
Mar 10 10:46:12 haraka haraka[19228]:     attribute_is_dn: 'true',
Mar 10 10:46:12 haraka haraka[19228]:     subattribute: 'mailLocalAddress'
Mar 10 10:46:12 haraka haraka[19228]:   },
Mar 10 10:46:12 haraka haraka[19228]:   authn: {
Mar 10 10:46:12 haraka haraka[19228]:     scope: 'sub',
Mar 10 10:46:12 haraka haraka[19228]:     searchfilter: '(mail=*)',
Mar 10 10:46:12 haraka haraka[19228]:     dn: [ 'uid=%u,ou=people,dc=raihan,dc=net' ]
Mar 10 10:46:12 haraka haraka[19228]:   },
Mar 10 10:46:12 haraka haraka[19228]:   authz: { scope: 'sub', searchfilter: '(mail=*)' },
Mar 10 10:46:12 haraka haraka[19228]:   rcpt_to: { scope: 'sub', searchfilter: '(mail=*)' }
Mar 10 10:46:12 haraka haraka[19228]: }

And i also compare it with binddn with thunderbird external ldap account (https://wiki.zimbra.com/wiki/Mail_Client_LDAP_Configuration), but it seems end up with the same result:

# swaks -s localhost -t user@gmail.com -f user@colamen.id -p 587 --auth-user admin@raihan.net --auth-password secret
=== Trying localhost:587...
=== Connected to localhost.
<-  220 haraka ESMTP Haraka/2.8.25 ready
 -> EHLO haraka
<-  250-haraka Hello Unknown [127.0.0.1]Haraka is at your service.
<-  250-PIPELINING
<-  250-8BITMIME
<-  250-SMTPUTF8
<-  250 SIZE 0
*** Host did not advertise authentication
 -> QUIT
<-  221 haraka closing connection. Have a jolly good day.
=== Connection closed with remote host.

Here, i also attached my config/ldap.ini that maybe can help solving the problem

server[] = ldap://192.168.11.115:389
binddn = 
bindpw = secret
basedn = ou=people,dc=raihan,dc=net
scope = base

[authn]
scope = sub
searchfilter = (mail=*)
#dn[] = uid=%u,ou=users,dc=my-domain,dc=com
dn[] = uid=%u,ou=people,dc=raihan,dc=net

[authz]
scope = sub
searchfilter = (mail=*)

[aliases]
scope = sub
searchfilter = (mail=*)
attribute = member
attribute_is_dn = true
subattribute = mailLocalAddress

[rcpt_to]
scope = sub
searchfilter = (mail=*)
@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Mar 10, 2020

Here's [part of] your problem:

swaks -s localhost -t user@gmail.com -f user@colamen.id -p 587 --auth-user admin@raihan.net --auth-password secret

Haraka doesn't advertise AUTH until after you have secured the connection. Try again with -tls added to your invocation.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Mar 11, 2020

Hi msimerson,

Thank you so much for the advice, but it seems not working in my Haraka.

# swaks -s localhost -tls -t user@gmail.com -f user@colamen.id -p 587 --auth-user admin@raihan.net --auth-password secret
=== Trying localhost:587...
=== Connected to localhost.
<-  220 haraka.colamen.id ESMTP Haraka/2.8.25 ready
 -> EHLO haraka.colamen.id
<-  250-haraka.colamen.id Hello Unknown [127.0.0.1]Haraka is at your service.
<-  250-PIPELINING
<-  250-8BITMIME
<-  250-SMTPUTF8
<-  250 SIZE 0
*** Host did not advertise STARTTLS
 -> QUIT
<-  221 haraka.colamen.id closing connection. Have a jolly good day.
=== Connection closed with remote host.
@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Mar 11, 2020

Enable TLS then.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Mar 11, 2020

Hi msimerson,

It end up with different result, but i think it still failed

# swaks -s localhost -tls -t muhammadraihan519@gmail.com -f raihan@colamen.id -p 587 --auth-user admin@raihan.net --auth-password secret
=== Trying localhost:587...
=== Connected to localhost.
<-  220 haraka.colamen.id ESMTP Haraka/2.8.25 ready
 -> EHLO haraka.colamen.id
<-  250-haraka.colamen.id Hello Unknown [127.0.0.1]Haraka is at your service.
<-  250-PIPELINING
<-  250-8BITMIME
<-  250-SMTPUTF8
<-  250-SIZE 0
<-  250 STARTTLS
 -> STARTTLS
<-  220 Go ahead.
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/C=ID/ST=Jawa Barat/L=Bekasi/O=Colamen/OU=IT Support/CN=haraka.colamen.id/emailAddress=admin@colamen.id"
 ~> EHLO haraka.colamen.id
<~  250-haraka.colamen.id Hello Unknown [127.0.0.1]Haraka is at your service.
<~  250-PIPELINING
<~  250-8BITMIME
<~  250-SMTPUTF8
<~  250-SIZE 0
<~  250 AUTH PLAIN LOGIN
 ~> AUTH LOGIN
<~  334 VXNlcm5hbWU6
 ~> YWRtaW5AcmFpaGFuLm5ldA==
<~  334 UGFzc3dvcmQ6
 ~> cmFoYXNpYQ==
<~* 535 5.7.8 Authentication failed
 ~> AUTH PLAIN AGFkbWluQHJhaWhhbi5uZXQAcmFoYXNpYQ==
<~* 535 5.7.8 Authentication failed
*** No authentication type succeeded
 ~> QUIT
<~  221 haraka.colamen.id closing connection. Have a jolly good day.
=== Connection closed with remote host.

Here are my config/plugins file

# This file lists plugins that Haraka will run
#
# Plugin ordering often matters, run 'haraka -o -c /path/to/haraka/config'
# to see the order plugins (and their hooks) will run in.
#
# To see a list of all plugins, run 'haraka -l'
#
# To see the help docs for a particular plugin, run 'haraka -h plugin.name'

#status
#process_title
# Log to syslog (see 'haraka -h syslog')
 syslog

# CONNECT
#toobusy
#karma
relay
# control which IPs, rDNS hostnames, HELO hostnames, MAIL FROM addresses, and
# RCPT TO address you accept mail from. See 'haraka -h access'.
# access
# p0f
# geoip
# asn
# fcrdns
# block mails from known bad hosts (see config/dnsbl.zones for the DNS zones queried)
dnsbl

# HELO
#early_talker
# see config/helo.checks.ini for configuration
helo.checks
# see 'haraka -h tls' for config instructions before enabling!
 tls
#
# AUTH plugins require TLS before AUTH is advertised, see
#     https://github.com/haraka/Haraka/wiki/Require-SSL-TLS
# auth/flat_file
# auth/auth_proxy
# auth/auth_ldap

Also my config/tls.ini file

key=/usr/local/haraka/config/tls/key.pem
cert=/usr/local/haraka/config/tls/certificate.pem
dhparam=/usr/local/haraka/config/tls/dhparam.pem

ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384
minVersion = TLSv1
rejectUnauthorized=false
requestCert=true
honorCipherOrder=true
requireAuthorized[]=2465
requireAuthorized[]=2587

Also the haraka log

Mar 11 11:55:24 haraka haraka[4686]: [DEBUG] [EA838083-DA04-4658-874D-A814F8563083] [core] Looking up user 'admin@raihan.net' by DN.
Mar 11 11:55:24 haraka haraka[4659]: [DEBUG] [EA838083-DA04-4658-874D-A814F8563083] [core] Looking up user 'admin@raihan.net' by DN.
Mar 11 11:55:24 haraka haraka[4686]: [DEBUG] [EA838083-DA04-4658-874D-A814F8563083] [core] Login failed, could not bind 'uid=admin@raihan.net,ou=people,dc=raihan,dc=net': LDAPError [InvalidCredentialsError]: Invalid Credentials#012    at messageCallback (/usr/local/haraka/node_modules/ldapjs/lib/client/client.js:1419:45)#012    at Parser.onMessage (/usr/local/haraka/node_modules/ldapjs/lib/client/client.js:1089:14)#012    at Parser.emit (events.js:223:5)#012    at Parser.write (/usr/local/haraka/node_modules/ldapjs/lib/messages/parser.js:111:8)#012    at Socket.onData (/usr/local/haraka/node_modules/ldapjs/lib/client/client.js:1076:22)#012    at Socket.emit (events.js:223:5)#012    at addChunk (_stream_readable.js:309:12)#012    at readableAddChunk (_stream_readable.js:290:11)#012    at Socket.Readable.push (_stream_readable.js:224:10)#012    at TCP.onStreamRead (internal/stream_base_commons.js:181:23) {#012  lde_message: 'Invalid Credentials',#012  lde_dn: null#012}
Mar 11 11:55:24 haraka haraka[4659]: [DEBUG] [EA838083-DA04-4658-874D-A814F8563083] [core] Login failed, could not bind 'uid=admin@raihan.net,ou=people,dc=raihan,dc=net': LDAPError [InvalidCredentialsError]: Invalid Credentials
Mar 11 11:55:24 haraka haraka[4659]:     at messageCallback (/usr/local/haraka/node_modules/ldapjs/lib/client/client.js:1419:45)
Mar 11 11:55:24 haraka haraka[4659]:     at Parser.onMessage (/usr/local/haraka/node_modules/ldapjs/lib/client/client.js:1089:14)
Mar 11 11:55:24 haraka haraka[4659]:     at Parser.emit (events.js:223:5)
Mar 11 11:55:24 haraka haraka[4659]:     at Parser.write (/usr/local/haraka/node_modules/ldapjs/lib/messages/parser.js:111:8)
Mar 11 11:55:24 haraka haraka[4659]:     at Socket.onData (/usr/local/haraka/node_modules/ldapjs/lib/client/client.js:1076:22)
Mar 11 11:55:24 haraka haraka[4659]:     at Socket.emit (events.js:223:5)
Mar 11 11:55:24 haraka haraka[4659]:     at addChunk (_stream_readable.js:309:12)
Mar 11 11:55:24 haraka haraka[4659]:     at readableAddChunk (_stream_readable.js:290:11)
Mar 11 11:55:24 haraka haraka[4659]:     at Socket.Readable.push (_stream_readable.js:224:10)
Mar 11 11:55:24 haraka haraka[4659]:     at TCP.onStreamRead (internal/stream_base_commons.js:181:23) {
Mar 11 11:55:24 haraka haraka[4659]:   lde_message: 'Invalid Credentials',
Mar 11 11:55:24 haraka haraka[4659]:   lde_dn: null
Mar 11 11:55:24 haraka haraka[4659]: }
Mar 11 11:55:24 haraka haraka[4686]: [NOTICE] [EA838083-DA04-4658-874D-A814F8563083] [ldap] delaying for 1 seconds
Mar 11 11:55:24 haraka haraka[4659]: [NOTICE] [EA838083-DA04-4658-874D-A814F8563083] [ldap] delaying for 1 seconds
Mar 11 11:55:25 haraka haraka[4686]: [PROTOCOL] [EA838083-DA04-4658-874D-A814F8563083] [core] S: 535 5.7.8 Authentication failed
Mar 11 11:55:25 haraka haraka[4659]: [PROTOCOL] [EA838083-DA04-4658-874D-A814F8563083] [core] S: 535 5.7.8 Authentication failed

Is the error came from my haraka config/ldap.ini file? Maybe the basedn on that file is incorrect?
For additional information, here are my config/ldap.ini file

server[] = ldap://192.168.11.115:389
binddn =
bindpw = secret
basedn = ou=people,dc=raihan,dc=net
scope = base

[authn]
scope = sub
searchfilter = (mail=*)
#dn[] = uid=%u,ou=users,dc=my-domain,dc=com
dn[] = uid=%u,ou=people,dc=raihan,dc=net

[authz]
scope = sub
searchfilter = (mail=*)

[aliases]
scope = sub
searchfilter = (mail=*)
attribute = member
attribute_is_dn = true
subattribute = mailLocalAddress

[rcpt_to]
scope = sub
searchfilter = (mail=*)
@msimerson

This comment has been minimized.

Copy link
Member

@msimerson msimerson commented Mar 11, 2020

Now you have TLS and AUTH working in Haraka. Your last issue is getting your LDAP configured correctly. This is the log line that matters:

Login failed, could not bind 'uid=admin@raihan.net,ou=people,dc=raihan,dc=net': LDAPError [InvalidCredentialsError]: Invalid Credentials

Fix that, and you'll be in business.

@raihan519

This comment has been minimized.

Copy link
Author

@raihan519 raihan519 commented Mar 11, 2020

Hi msimerson,

Thank you for the advice.

I'm so happy to inform you that the problem is solved. I just adjust some line in config/ldap.ini file

server[] = ldap://192.168.11.115:389
binddn = uid=zimbra,cn=admins,cn=zimbra #here is the line i adjust
bindpw = secret
basedn = ou=people,dc=raihan,dc=net 
scope = base

[authn]
scope = sub
searchfilter = (mail=*)
#dn[] = uid=%u,ou=users,dc=my-domain,dc=com
#dn[] = uid=%u,ou=people,dc=raihan,dc=net
dn[] = uid=zimbra,cn=admins,cn=zimbra #here is the line i adjust

And also the testing result

# swaks -s localhost -tls -t muhammadraihan519@gmail.com -f raihan@colamen.id -p 587 --auth-user admin@raihan.net --auth-password secret
=== Trying localhost:587...
=== Connected to localhost.
<-  220 haraka.colamen.id ESMTP Haraka/2.8.25 ready
 -> EHLO haraka.colamen.id
<-  250-haraka.colamen.id Hello Unknown [127.0.0.1]Haraka is at your service.
<-  250-PIPELINING
<-  250-8BITMIME
<-  250-SMTPUTF8
<-  250-SIZE 0
<-  250 STARTTLS
 -> STARTTLS
<-  220 Go ahead.
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/C=ID/ST=Jawa Barat/L=Bekasi/O=Colamen/OU=IT Support/CN=haraka.colamen.id/emailAddress=admin@colamen.id"
 ~> EHLO haraka.colamen.id
<~  250-haraka.colamen.id Hello Unknown [127.0.0.1]Haraka is at your service.
<~  250-PIPELINING
<~  250-8BITMIME
<~  250-SMTPUTF8
<~  250-SIZE 0
<~  250 AUTH PLAIN LOGIN
 ~> AUTH LOGIN
<~  334 VXNlcm5hbWU6
 ~> YWRtaW5AcmFpaGFuLm5ldA==
<~  334 UGFzc3dvcmQ6
 ~> cmFoYXNpYQ==
<~  235 2.7.0 Authentication successful
 ~> MAIL FROM:<raihan@colamen.id>
<~  250 sender <raihan@colamen.id> OK
 ~> RCPT TO:<muhammadraihan519@gmail.com>
<~  250 recipient <muhammadraihan519@gmail.com> OK
 ~> DATA
<~  354 go ahead, make my day
 ~> Date: Wed, 11 Mar 2020 13:47:23 +0700
 ~> To: muhammadraihan519@gmail.com
 ~> From: raihan@colamen.id
 ~> Subject: test Wed, 11 Mar 2020 13:47:23 +0700
 ~> Message-Id: <20200311134723.004909@haraka.colamen.id>
 ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
 ~> 
 ~> This is a test mailing
 ~> 
 ~> .
<~  250 2.0.0 02B6lSHv005611-02B6lSHw005611 Message accepted for delivery (1807B9E4-D669-4ED9-9531-0C8905507FC6.1)
 ~> QUIT
<~  221 haraka.colamen.id closing connection. Have a jolly good day.
=== Connection closed with remote host.

Thank you so much for the help to solving this complicated case.
Or maybe it's not that complicated, it's just me who make it complicated 😆

Once again, thank you for everyone who is participating in this case.

@baudehlo

This comment has been minimized.

Copy link
Collaborator

@baudehlo baudehlo commented Mar 11, 2020

Glad it all worked out. Often in these cases it's possible that the documentation could make things clearer. If you think that's the case, please contribute some improvements.

@baudehlo baudehlo closed this Mar 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.