Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: enable SMTP authentication for incoming mail #226

Open
oskaremil opened this issue Nov 12, 2018 · 6 comments
Open

Feature request: enable SMTP authentication for incoming mail #226

oskaremil opened this issue Nov 12, 2018 · 6 comments
Labels
enhancement help wanted

Comments

@oskaremil
Copy link

I would like to enable SMTP authentication (username, password) when configuring MailHog so I can test SMTP interaction with username, password and auth-related failures
@oskaremil
Copy link
Author

If this is a desirable feature I could look into it myself

@tyndyll
Copy link
Member

tyndyll commented Feb 19, 2019

Please write up a rough plan on how you would implement this, including any UI changes for the web pages and command line flag

@pataquets pataquets mentioned this issue Feb 6, 2020
Open
@saul-data
Copy link

@tyndyll This is a desirable feature - we would host our own mailhog if we could set the smtp password. We need it for our continuous integration and testing. Otherwise we would need to pay for a similar service and they seem to be quite expensive for what they are... Is there no simple way to set the SMTP password using an environment variable - this would be ideal particularly for a Kubernetes environment using secrets.

@Orrison
Copy link

Orrison commented Jan 21, 2022

Any movement on this one? It would be great to be able to secure SMTP via auth. That way we could host our own Mailhog on a publicly accessibly server.

@pataquets
Copy link

For those needing it badly, you could set up an emailrelay as an incoming SMTP proxy, which supports incoming auth.
Set it up to forward all email to a non publicly reachable MailHog, and you're done.

Just a workaround, but it would be great to MailHog to support it out of the box, indeed.

@JBartscher
Copy link

JBartscher commented May 18, 2022
edited
Loading

Based on @pataquets answer, I sat down and tried emailrelay as SMTP proxy. My goal was to test SASL Authentification, but configuring TLS communication is somewhat similar (useage of --server-tls/client-tls insted of --server-auth).

Since the whole thing is a little more complex than I thought I would like to document my findings here. I tested the whole thing on Ubuntu, but emailrelay can also be installed on Windows.

Installation

  1. Download the tar-Archive from the download page
  2. Extract the archive
  3. Open a terminal in the extracted folder and run sudo ./configure && make && make install (Possibly there are authorization problems with certain paths during the installation, for this the corresponding folders can be authorized with chown by the respective user)

emailrelay and emailrelay-passwd should now be installed

Runnung emailrelay as auth proxy

For this step I assume that MailHog is up and running

We want to run emailrelay as a proxy this can be done in two ways: --as-proxy or --as-server and --forward-on-disconnect. These also need the --forward-to command after which we specifiy the MailHog adress.
We also want to specify a port on which our emailrelay takes requests. For this the --port paramter can be used.
Furthermore, I wanted to get as much information logged as possible. For this the parameters --log --verbose --log-file can be used.

If the configuration is not immediately clear and you have to try it out, add the parameter -t, so that emailrelay is not started as a global service, but is executed locally in the terminal (and can be terminated with ctrl+c).

In relation to SASL authentication, the parameter --server-auth must be specified.
The file can be a plain .txt file.
An example for a auth.txt might be sth like this:
server-auth.txt

# entries must have the following form:
# connection-type password-type user-id password

# first field "connection-type" is either "server" or "client
# password-type can be plain or md5. For md5, the sending side must use 
# CRAM-MD5. Passwords can be encrypted using the cli tool emailrelay-passwd
# emailrelay-passwd .
# 1. emailrelay-passwd
# 2. Enter password
# 3. copy generated password

# user-id must be xtext encoded (i.e. spaces and other alphanumerisc must be encoded (see RFC-3461)


server plain test test
# +3D is xtext for "=".
server plain einstein e+3Dmc2
server md5 test x3QzBHd9zNN28zK+5o0s9uAtN0/eDcdaF6VXA5o6Uzg=y

In this file you can also whitelist specifc ip-ranges but we wont go into that here (see this for more information).

Example

sudo emailrelay -t --as-server --forward-on-disconnect --log --verbose --log-file mailrelay.log --port 587 --forward-to 192.168.56.1:1025 --server-auth server-auth.txt

If everything worked out correctly you should be able to send a testmail to the configured port (here 587). If no SASL Authentification is configured the logfile should contain something like
emailrelay: info: server authentication enabled but not a trusted address: 192.16...."
MailHog does not get mail delivered. You can now enable SASL Auth in youre MailServer.
Your mail server configuration will be correct as soon as MailHog receives mail again.

For further insight I can recommend this reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tyndyll @pataquets @oskaremil @Orrison @JBartscher @saul-data