Page 1 of 1

Error using LDAPS and SMTP auth on 587

Posted: Thu Jul 07, 2016 1:49 pm
by ithex
I'm not sure but I think I might have stumpled on a bug:

If you have user authentication set to LDAP using encryption (LDAPS) you cannot use user authenticated smtp relay.

The log will state something like:
Authentication failed for user myuser on domain mydomain.com (Cannot contact LDAP/AD server at ldaps://xx.xx.xx.xx:38) [xxx.xxx.xxx.xxx] in 0.031 s.

Now as far as I know LDAPS does not use port 38 but port 636.

I'm thinking that maybe the number 38 originates from 389 but is somehow cut off so the 9 is left out... anyway 38 is not the correct port number nor is 389 when LDAPS is used.

The second I disable encryption in user authentication user authenticated SMTP relay work like a charm.

Other than that Mailcleaner has me on my knees in awe... thanks to Team Mailcleaner :-)

FIX for: Error using LDAPS and SMTP auth on 587

Posted: Thu Jan 12, 2017 2:19 pm
by ithex
Please verify this fix yourself - I take no responsebility for any errors you may encounter.

In file: /usr/mailcleaner/lib/SMTPAuthenticator/LDAP.pm

Change from:

Code: Select all

my $this = {
       error_text => "",
       error_code => -1,
       server => '',
       port => 389,
       use_ssl => 0,
       base => '',
       attribute => 'uid',
       binduser => '',
       bindpassword => '',
       version => 3
   };


To this:

Code: Select all

my $this = {
       error_text => "",
       error_code => -1,
       server => '',
       port => '',
       use_ssl => '',
       base => '',
       attribute => 'uid',
       binduser => '',
       bindpassword => '',
       version => 3
   };


Spelled out remove port "389" and replace with '' (two single quotes). Remove use_ssl "0" and replace with '' (two single quotes).

Haven't tested that extensively, but it seems to be working with and without encryption on LDAP.

Re: Error using LDAPS and SMTP auth on 587

Posted: Wed Mar 08, 2017 5:12 pm
by FlorianB
Hello,
Confirmed, we got the bug some month ago too from a customer, if i remember well i let the default value but added the port after the server in the destination server field: myldapserver.test.com:636.
I remember now that it was for IMAPS so probably exactly the same problem. Not really a bug but everybody has to think to add the port...
Regards,
Florian