Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Net::SMTP_auth giving 421 errors with authentication

by philkime (Beadle)
on Jul 15, 2018 at 21:00 UTC ( [id://1218518]=perlquestion: print w/replies, xml ) Need Help??

philkime has asked for the wisdom of the Perl Monks concerning the following question:

I have libnet 3.11 which is the current latest version. I have an SMTP server which requires TLS and LOGIN auth. I can manually get all this to work fine with openssl s_client and manual commands up to the STARTTLS and then the AUTH LOGIN without problems. With perl Net::SMTP_auth, the AUTH LOGIN immediately closes the connection with a 421 error without returning prompts for the base 64 username/password. I cannot work out why. Something in the environment changed as this was working until recently, I suspect some SMTP server change. The TLS part is fine and the server enforces this before auth. I am using Net::SMTP_auth instead of Net::SMTP as the server does not advertise AUTH mechanisms which makes Net::SMTP fail to do authentication as it thinks the server can't do it. Manual: 
openssl s_client -starttls smtp -crlf -connect smtpserver:25
.
.
.
250 OK
AUTH LOGIN
.
.
.
334 VXNlcm5hbWU6

[download]
This is all fine and working as expected - code 334 is the username prompt. However, with: 
my $smtp = Net::SMTP_auth->new('smtpserver');
$smtp->starttls;
$smtp->auth('LOGIN', 'username', 'password);

[download]
This dies with an SMTP 421 code "Connection closed" in the ->auth method. Debugging with Net::Cmd shows that this dies before it gets a username prompt and occurs immediately after sending "AUTH LOGIN".

Replies are listed 'Best First'.
Re: Net::SMTP_auth giving 421 errors with authentication
by Veltro (Hermit) on Jul 16, 2018 at 11:41 UTC

    Hello philkime,

    Recently I was struggling with similar problems and I found that quite a few things can go wrong around using the starttls command.

    You can build in extra error checking like how I did it in my recent post in Cool Uses For Perl: here

    The code that I took from there shows:

    • Sending a HELLO, your server may expect that, note that starttls will send it again
    • Check if the connection was actually upgraded.
    • Check the contents of $smtp->message()
    • See what $@ contains
    • (Not shown below) Activate debugging: 
      # Activate this line to debug SSL:
# use IO::Socket::SSL qw(debug4);

      [download]
    • (Not shown below): Activate debugging for SMTP by creating the $smtp with Debug => 1
    # HELLO
# Reminder: hello is also send again after starttls
$smtp->hello( $cs->{ clientID } )
    or die "Error: " . $smtp->message() ;

# STARTTLS
if ( !$smtp->starttls() ) {
    if ( ref $smtp eq 'Net::SMTP' ) {
        die "NET::SMPT failed to upgrade connection after connection m
+essage: " .
        $smtp->message() .
        "Possible reasons for this may be firewalls or antivirus prote
+ction software (such as mail shields). You can activate debugging for
+ IO::Socket::SSL and \$dbgSMTP to search for other possible reasons\n
+" ;
    } else {
        die "starttls failed with Error: " . $smtp->message() .
        "You can activate debugging for IO::Socket::SSL and \$dbgSMTP 
+to search for possible reasons\n" ;
    }
} ;

# AUTHENTICATE
...

# Finish with this line, it may contain extra error info

if($@) {
    print STDERR "Error sending mail: $@";
}

    [download]

    Let us know what you find,

    Veltro

    edit: In case your $smtp object is a 'Net::SMTP_auth', then you need to change the line: if ( ref $smtp eq 'Net::SMTP' ) { to if ( ref $smtp eq 'Net::SMTP_auth' ) {. But now I am thinking again about this, here may actually be your problem. The auth method is not the one you think you are calling! Because after starttls the $smpt object is a Net::SMTP::_SSL (unless this was solved differently for Net::SMTP_auth)

[reply]
[d/l]
[select]
      Many thanks, debugging with IO::Socket::SSL as suggested showed that it was a broken CA cert bundle. This also allowed me to revert to Net::SMTP as the STARTTLS redoes the EHLO, as you said, and this then properly advertised the AUTH mechanism so everything now works. It appears that certain SSL/TLS errors dont' really manifest in obvious symptoms but setting IO::Socket::SSL debugging makes the issue immediately obvious.
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1218518]
Approved by marto
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others about the Monastery: (2)
As of 2024-04-26 04:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found