[GH-ISSUE #25] config.go allowedUsers not working? #7

New issue

Closed

opened 2026-02-26 18:32:56 +03:00 by kerem · 3 comments

kerem commented 2026-02-26 18:32:56 +03:00

Owner

Copy link

Originally created by @winkler-winsen on GitHub (Mar 30, 2021).
Original GitHub issue: https://github.com/decke/smtprelay/issues/25

Hi...

Tried well with Thunderbird (for testing) and following config.go settings:

• remoteHost
• remoteUser
• remotePass
• remoteAuth
• remoteSender

Created file userlist (Example, password hashed with go run cmd\hasher.go test):
user@mail.com $2a$10$SN1obpmbzZoWI9vkrycRNe9V6wr0bsX0SiZvFVGTfM95GwNP.ai0a

Set allowedUsers in config.go pointing to created userlist file:
allowedUsers = flag.String("allowed_users", "userlist", "Path to file with valid users/passwords")

After setting allowedUsers to filename with user and hash in it, I cannot force Thunderbird to send mail with same settings. Checked username and password twice. Checked also different settings for SMTP auth methods. Thunderbird states "Autentication Required."

Did some newbee log outputs to test functions from auth.go.

• AuthFetch() is called
• AuthCheckPassword() never called
• parseLine() never called

Checked with log level debug and trace, but no hints showing up.

Any ideas, what I'm thinking or doing wrong? Or is it a bug?

Regards
Lars

Originally created by @winkler-winsen on GitHub (Mar 30, 2021). Original GitHub issue: https://github.com/decke/smtprelay/issues/25 Hi... Tried well with Thunderbird (for testing) and following `config.go` settings: - remoteHost - remoteUser - remotePass - remoteAuth - remoteSender Created file `userlist` (Example, password hashed with `go run cmd\hasher.go test`): `user@mail.com $2a$10$SN1obpmbzZoWI9vkrycRNe9V6wr0bsX0SiZvFVGTfM95GwNP.ai0a` Set allowedUsers in `config.go` pointing to created `userlist` file: ` allowedUsers = flag.String("allowed_users", "userlist", "Path to file with valid users/passwords")` After setting `allowedUsers` to filename with user and hash in it, I cannot force Thunderbird to send mail with same settings. Checked username and password twice. Checked also different settings for SMTP auth methods. Thunderbird states "Autentication Required." Did some newbee log outputs to test functions from `auth.go`. - `AuthFetch()` is called - `AuthCheckPassword()` never called - `parseLine()` never called Checked with log level debug and trace, but no hints showing up. Any ideas, what I'm thinking or doing wrong? Or is it a bug? Regards Lars

kerem closed this issue 2026-02-26 18:32:56 +03:00

kerem commented 2026-02-26 18:32:56 +03:00

Author

Owner

Copy link

@JonathonReinhart commented on GitHub (Mar 31, 2021):

Hi @winkler-winsen,

Set allowedUsers in config.go pointing to created userlist file:
allowedUsers = flag.String("allowed_users", "userlist", "Path to file with valid users/passwords")

Why are you modifying the config.go file to adjust settings? You should either:

• Pass individual config settings on the command line, or
• Pass -config smtprelay.ini -- note that in this case the path is relative to the directory containing the executable

Please post your exact command line for running smtprelay, and include your .ini file if you use .-config.

---

Please note that if authentication is required (via -allowed_users), then TLS (either -listen starttls://... or -listen tls://...) must be configured and used by the client.

I did open an issue (#26) to make this more obvious.

---

My testing notes (from current master (03b8b78f53), for posterity:

Building, configuring, and running the server:

$ go build

$ echo "user@mail.com $(go run cmd/hasher.go test)" | tee userlist.txt 
user@mail.com $2a$10$CTXc92oDfrZaIhIO6OGH1e2Fmx4Pl4SKwU80M41Q9dbIKZSnXK0oe

$ ./smtprelay -listen ':2525' -allowed_users userlist.txt
WARN[2021-03-30T23:39:35-04:00] remote_host not set; mail will not be forwarded! 
INFO[2021-03-30T23:39:35-04:00] listening on address                          address=":2525"

Testing with swaks w/o authentication (fails with 530 Authentication Required as expected):

$ swaks --to test@example.com --server localhost:2525
=== Trying localhost:2525...
=== Connected to localhost.
<-  220 localhost.localdomain ESMTP ready.
 -> EHLO xxxxxxxx
<-  250-localhost.localdomain
<-  250-SIZE 10240000
<-  250-8BITMIME
<-  250 PIPELINING
 -> MAIL FROM:<jreinhart@xxxxxxxx>
<** 530 Authentication Required.
 -> QUIT
<-  221 OK, bye
=== Connection closed with remote host.

Testing with swaks w/ authentication (fails because AUTH extension is never given by server, because not using TLS):

$ swaks --to test@example.com --server localhost:2525 --auth LOGIN
Username: user@mail.com
Password: test
=== Trying localhost:2525...
=== Connected to localhost.
<-  220 localhost.localdomain ESMTP ready.
 -> EHLO xxxxxxxx
<-  250-localhost.localdomain
<-  250-SIZE 10240000
<-  250-8BITMIME
<-  250 PIPELINING
*** Host did not advertise authentication
 -> QUIT
<-  221 OK, bye
=== Connection closed with remote host.

<!-- gh-comment-id:810744566 --> @JonathonReinhart commented on GitHub (Mar 31, 2021): Hi @winkler-winsen, > Set allowedUsers in `config.go` pointing to created `userlist` file: `allowedUsers = flag.String("allowed_users", "userlist", "Path to file with valid users/passwords")` Why are you modifying the `config.go` file to adjust settings? You should either: - Pass individual config settings on the command line, or - Pass `-config smtprelay.ini` -- note that in this case the path is relative to the directory containing the executable Please post your exact command line for running `smtprelay`, and include your `.ini` file if you use .`-config`. --- Please note that if authentication is required (via `-allowed_users`), then TLS (either `-listen starttls://...` or `-listen tls://...`) *must* be configured and used by the client. I did open an issue (#26) to make this more obvious. --- My testing notes (from current `master` (03b8b78f5303fbead6ae3ac6966c180b64f4a13a), for posterity: Building, configuring, and running the server: ``` $ go build $ echo "user@mail.com $(go run cmd/hasher.go test)" | tee userlist.txt user@mail.com $2a$10$CTXc92oDfrZaIhIO6OGH1e2Fmx4Pl4SKwU80M41Q9dbIKZSnXK0oe $ ./smtprelay -listen ':2525' -allowed_users userlist.txt WARN[2021-03-30T23:39:35-04:00] remote_host not set; mail will not be forwarded! INFO[2021-03-30T23:39:35-04:00] listening on address address=":2525" ``` Testing with `swaks` w/o authentication (fails with `530 Authentication Required` as expected): ``` $ swaks --to test@example.com --server localhost:2525 === Trying localhost:2525... === Connected to localhost. <- 220 localhost.localdomain ESMTP ready. -> EHLO xxxxxxxx <- 250-localhost.localdomain <- 250-SIZE 10240000 <- 250-8BITMIME <- 250 PIPELINING -> MAIL FROM:<jreinhart@xxxxxxxx> <** 530 Authentication Required. -> QUIT <- 221 OK, bye === Connection closed with remote host. ``` Testing with `swaks` w/ authentication (fails because `AUTH` extension is never given by server, because not using TLS): ``` $ swaks --to test@example.com --server localhost:2525 --auth LOGIN Username: user@mail.com Password: test === Trying localhost:2525... === Connected to localhost. <- 220 localhost.localdomain ESMTP ready. -> EHLO xxxxxxxx <- 250-localhost.localdomain <- 250-SIZE 10240000 <- 250-8BITMIME <- 250 PIPELINING *** Host did not advertise authentication -> QUIT <- 221 OK, bye === Connection closed with remote host. ```

kerem commented 2026-02-26 18:32:56 +03:00

Author

Owner

Copy link

@winkler-winsen commented on GitHub (Mar 31, 2021):

Hello @JonathonReinhart ,

thanks for quick reply.

Didn't know the parameter -config smtprelay.ini, just thought .ini file will be read automatically and wondered that nothing worked. So I started editing config.go file. ;-)

So working with -config smtprelay.ini works well. First problem solved. Thanks

Please note that if authentication is required (via -allowed_users), then TLS (either -listen starttls://... or -listen tls://...) must be configured and used by the client.

I did open an issue (#26) to make this more obvious.

This point, I didn't know either. Thanks for pointing this out and updating the code.

I planned to use smtpreply as a relay for unsecure client (is not STARTTLS, SSL/TLS capable) to use him with modern well configured SMTP server (e.g. smtp.office365.com:587)

So I will not use -allowed_users thats fine for me on a local server.

Thanks
Lars

<!-- gh-comment-id:810872377 --> @winkler-winsen commented on GitHub (Mar 31, 2021): Hello @JonathonReinhart , thanks for quick reply. Didn't know the parameter `-config smtprelay.ini`, just thought .ini file will be read automatically and wondered that nothing worked. So I started editing `config.go` file. ;-) So working with `-config smtprelay.ini` works well. First problem solved. Thanks > Please note that if authentication is required (via `-allowed_users`), then TLS (either `-listen starttls://...` or `-listen tls://...`) _must_ be configured and used by the client. > > I did open an issue (#26) to make this more obvious. This point, I didn't know either. Thanks for pointing this out and updating the code. I planned to use smtpreply as a relay for unsecure client (is not STARTTLS, SSL/TLS capable) to use him with modern well configured SMTP server (e.g. smtp.office365.com:587) So I will not use `-allowed_users` thats fine for me on a local server. Thanks Lars

kerem commented 2026-02-26 18:32:56 +03:00

Author

Owner

Copy link

@decke commented on GitHub (Apr 2, 2021):

Fixed in #27

<!-- gh-comment-id:812660972 --> @decke commented on GitHub (Apr 2, 2021): Fixed in #27

kerem referenced this issue 2026-02-26 18:33:11 +03:00

[PR #7] [MERGED] Allow email field to be empty in allowedUsers file #54

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/github.com/rs/zerolog-1.35.1

dependabot/go_modules/github.com/DeRuina/timberjack-1.4.2

dependabot/go_modules/github.com/chrj/smtpd-1.0.0

dependabot/github_actions/step-security/harden-runner-2.19.0

dependabot/github_actions/github/codeql-action-4.35.2

add-service

v1.13.2

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.0

v1.5.0

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/smtprelay#7

No description provided.