Ad Widget

**Hamardaban** · 03-02-2021, 03:50

Do you want to send mail using curl over the smtp protocol?

Code:

curl -vk smtp://mail.blabla.com:587/ \ --mail-from [email protected] --mail-rcpt [email protected] --upload-file mail.txt\ --user '[email protected]:Password' --ssl

Or do something else?

**f0x0ff** · 03-02-2021, 09:22

Thanks Hamardaban,

I can send emails with curl (even with telnet) using PLAIN or LOGIN authentication method. The problem I have is that zabbix is not able to do the same. Zabbix uses curl and curl tries to authenticate with NTLM, which is broken (either curl implementation I'm using or SMTP server, whcih is not under my control). All I want to do is to configure the zabbix-server to force libcurl to use PLAN or LOGIN authentication instead of NTLM.
Hope that makes sense.

Regards,
Plamen

**f0x0ff** · 04-02-2021, 09:25

Any workarounds for that annoying issue?
Any kind of SMTP proxy between SMTP server and zabbix-server allowing LOGIN or PLAIN authentication methods only?
Or some kind of script instead of build-in SMTP media?
I'm also considering an update of libcurl packages or to compile it from source without NTLM (if possible), that's the last thing I may try and probably the riskiest one.

Regards,
Plamen

**Hamardaban** · 04-02-2021, 17:05

If you look at the source codes (https://github.com/zabbix/zabbix/blo...xmedia/email.c), you can see that you are right - curl chooses the best method available on the server. You can modify this module by adding the options you need and compile it (by curl_easy_setopt(easyhandle, CURLOPT_LOGIN_OPTIONS, AUTH=PLAIN) ).

Code:

[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]if (SMTP_AUTHENTICATION_NORMAL_PASSWORD == smtp_authentication)[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]{[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_USERNAME, username)) ||[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PASSWORD, password)))[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]{[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]goto error;[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]}[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"] [/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]/* Don't specify preferred authentication mechanism implying AUTH=* and let libcurl choose the best */[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]/* one (in its mind) among supported by SMTP server. If someday we decide to let user choose their */[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]/* preferred authentication mechanism one should know that: */[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]/* - versions 7.20.0 to 7.30.0 do not support specifying login options */[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]/* - versions 7.31.0 to 7.33.0 support login options in CURLOPT_USERPWD */[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
[TABLE="class: highlight tab-size js-file-line-container"]
[TR="class: cke_show_border"]
[TD="class: blob-code blob-code-inner js-file-line"]/* - versions 7.34.0 and above support explicit CURLOPT_LOGIN_OPTIONS */[/TD]
 		[/TR]
[TR="class: cke_show_border"]
[/TR]
[/TABLE]
 }

**f0x0ff** · 05-02-2021, 00:14

Thanks Hamardaban,

Re-compiling the zabbix will definitely help. I thought it may take longer (to install gcc, libs, etc) and went into different direction.
I installed and configured a postfix relay on the same host, so it relays and authenticates to the problematic SMTP server.
Zabbix is now using 127.0.0.1 as a SMTP server, which relays to the original one.

My intention was to be 5 minutes workaround, if SMTP server wasn't behind a cisco ASA firewall messing up with ESMTP banner.... Anyway, 5 hours later zabbix is now able to send emails....

Regards,
Plamen

Ad Widget

SMTP authentication issue

SMTP authentication issue

Comment

Comment

Comment

Comment

Comment