2

What I have is a relatively simple Perl script that will be given a string of json data, parse out specific properties and pretty-print the rest, wrap it all up in an email and send it out via my mail server. It's been two decades since I wrote any Perl but I'm fairly confident my code is alright.

Unfortunately, the script fails when it goes to authenticate to the postfix daemon via submission. It doesn't actually fail to authenticate. From the postfix logs it doesn't appear to even attempt to authenticate. After the server responds to the second EHLO (EHLO->STARTTLS->EHLO) the script appears to just abruptly disconnect. Is there some trick to making Net::SMTP authenticate that I'm missing here?

The resulting output is:

Net::SMTP>>> Net::SMTP(3.11)
Net::SMTP>>>   Net::Cmd(3.11)
Net::SMTP>>>     Exporter(5.73)
Net::SMTP>>>   IO::Socket::IP(0.39)
Net::SMTP>>>     IO::Socket(1.40)
Net::SMTP>>>       IO::Handle(1.40)
Net::SMTP=GLOB(0x55d6336b7108)<<< 220 mx.example.net ESMTP Postfix (Ubuntu)
Net::SMTP=GLOB(0x55d6336b7108)>>> EHLO tiphares.example.net
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-mx.example.net
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-PIPELINING
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-SIZE 10240000
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-ETRN
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-STARTTLS
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-ENHANCEDSTATUSCODES
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-8BITMIME
Net::SMTP=GLOB(0x55d6336b7108)<<< 250-DSN
Net::SMTP=GLOB(0x55d6336b7108)<<< 250 SMTPUTF8
Net::SMTP=GLOB(0x55d6336b7108)>>> STARTTLS
Net::SMTP=GLOB(0x55d6336b7108)<<< 220 2.0.0 Ready to start TLS
Net::SMTP::_SSL=GLOB(0x55d6336b7108)>>> EHLO tiphares.example.net
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-mx.example.net
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-PIPELINING
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-SIZE 10240000
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-ETRN
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-AUTH PLAIN LOGIN
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-ENHANCEDSTATUSCODES
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-8BITMIME
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250-DSN
Net::SMTP::_SSL=GLOB(0x55d6336b7108)<<< 250 SMTPUTF8
Can't Authenticate:
mx.example.net
PIPELINING
SIZE 10240000
ETRN
AUTH PLAIN LOGIN
ENHANCEDSTATUSCODES
8BITMIME
DSN
SMTPUTF8

SASL(0): successful result:  at /usr/local/sbin/suricata-alert-mail.pl line 134.

It's worth noting that other mail clients (ie. Thunderbird) have no issue with sending mail using the same server and port.

UPDATE: I've come to the conclusion there is nothing wrong with my code. So, as Steffen Ullrich alluded to in the comments, I suspect this is an issue with my environment.

These are my installed modules according to cpan -l.

Cliff Armstrong
  • 175
  • 1
  • 10
  • I'm not sure what is wrong with your code or your environment. Based on your debug output it does not even attempt to authenticate, like something is wrong in the way you use SASL. Only the way you do works without problems for me. Nevertheless - you could just use `auth(user,pass)` instead of creating an Authen::SASL object yourself. – Steffen Ullrich Mar 05 '20 at 15:03
  • Yeah I originally just passed the username and pass directly. Creating a `Authen::SASL` object was an attempt at debugging. Based on my knowledge of SMTP, the behavior is consistent with the script not finding any supported authentication methods (`AUTH PLAIN LOGIN`), so I was trying to force the authentication method in case `Net::SMTP` was insisting on gssapi or something. – Cliff Armstrong Mar 05 '20 at 20:54

0 Answers0