Comments (5)
Authentication is not allowed unless the connection is secured. This is a design choice for security. Ways to handle this (from worse to better):
- disable the secure connection check in the authentication plug-in. This is a very bad idea, but it would work.
- upgrade your Java apps to use modern (and secure) TLS.
- Enable relaying for just those Java 8 apps by their IP address with the relay plugin. Then they don't need to AUTH.
from haraka.
Authentication is not allowed unless the connection is secured. This is a design choice for security. Ways to handle this (from worse to better):
- disable the secure connection check in the authentication plug-in. This is a very bad idea, but it would work.
- upgrade your Java apps to use modern (and secure) TLS.
- Enable relaying for just those Java 8 apps by their IP address with the relay plugin. Then they don't need to AUTH.
Hi,
I've done step 3 in the past and it's still active (but maybe something changed with v3?) and it doesn't work. Could it be that relay.ini has acl=true set? Otherwise I got the IP in relay_acl_allow set.
Thank you for the swift response :)
from haraka.
You definitely need acl=true to enable the ACL processing, and you need the relay plug-in enabled in config/plugins
. You should be getting relay messages in your log entries that provide clues.
from haraka.
Yes, I've figured :)
It always fails at SSL with "...SSL routines:tls_early_post_process...".
I will install sendmail on those Java machines and relay them to Haraka. It's easier to do than to figure out what is going on and fiddle with those "damn" Java settings :)
from haraka.
Oh, you need to add the IPs of the clients to the no_tls_hosts (double check in tls docs) so Haraka doesn't offer them STARTTLS.
from haraka.
Related Issues (20)
- Error: no PRIVATE key in /opt/haraka/config/tls/dhparams.pem HOT 10
- Sender verficiation failed HOT 3
- [core] TypeError: Cannot read properties of undefined (reading 'name') HOT 1
- Custom tx.notes.outbound_helo not working HOT 3
- Race condition error: listen EACCES: permission denied ::0:25
- Mail not being delivered to wildduck HOT 1
- Inbound specific TLS configuration stopped working HOT 1
- Does haraka support PGP/GPG or S/MIME?
- Mutliple IPs and PTR HOT 1
- double hook invocation
- queryMx critical error
- How to customize Message-ID suffix HOT 2
- Files in repo are covered by .gitignore rules HOT 1
- Adding spam complaints, abuse and list-unsubscribe, click tracking HOT 2
- dns.resolveMx might fail in specific cases in Node <22 HOT 5
- Queue Error: ENOENT: no such file or directory
- Error [ERR_UNHANDLED_ERROR]: Unhandled error. ('socket timeout waiting on quit')
- Documentation - Step by step Instruction
- Using Haraka Outbound with a Custom Queue Driver
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haraka.