[IntelMQ-users] Issue with Intelmq SMTPoutput Bots

Kossi DOH kdoh at cert.tg
Tue Oct 18 16:44:15 CEST 2022


Thanks for your help. We use exchange. I am checking with the mail admin for assistance. The thing is when we connect to the mail on web it works and connects normally. No issue. But intelmq is not able to connect. The admin point out the line below as not normal.

[cid:image001.png at 01D8E300.179A1A30]



-----Original Message-----
From: L. Aaron Kaplan <aaron at lo-res.org>
Sent: Tuesday, October 18, 2022 2:39 PM
To: Kossi DOH <kdoh at cert.tg>
Cc: Sebix <sebix at sebix.at>; intelmq-users at lists.cert.at
Subject: Re: [IntelMQ-users] Issue with Intelmq SMTPoutput Bots



The error message you just posted before hints at the fact that (at least now) your SMTP server requires authentication.

Therefore, you would need to configure it there. Which is outside of the scope of intelmq.

This also depends on which SMTP server you use. So, you might have more success for this problem, if you check out how this can be achieved on your SMTP server (not sure which one you use? postfix? exim? etc... there are many options).

Hint: a very very simple SMTP server just for testing would be nullmailer.  you can even run this locally, just to test...



Best,

Aaron.





> On 18.10.2022, at 16:35, Kossi DOH via IntelMQ-users <intelmq-users at lists.cert.at<mailto:intelmq-users at lists.cert.at>> wrote:

>

> Hello dear,

> Where to give the right user/password combination? On the intelmq server or the mail server? Because on the mail server everything is set. This was working before I upgraded to the new version of Intelmq. That is when all this mail issue started.

>

> -----Original Message-----

> From: L. Aaron Kaplan <aaron at lo-res.org<mailto:aaron at lo-res.org>>

> Sent: Tuesday, October 18, 2022 2:33 PM

> To: Kossi DOH <kdoh at cert.tg<mailto:kdoh at cert.tg>>

> Cc: Sebix <sebix at sebix.at<mailto:sebix at sebix.at>>; intelmq-users at lists.cert.at<mailto:intelmq-users at lists.cert.at>

> Subject: Re: [IntelMQ-users] Issue with Intelmq SMTPoutput Bots

>

> Jup, that's an SMTP error code.

> But that hints at that the mail server requires authenticated SMTP . So, either disable it at the server, or give the user the right user/password combination.

>

> My 2 cents from reading the error message...

>

> Hope it helps.

>

> A.

>

>

>> On 18.10.2022, at 16:24, Kossi DOH via IntelMQ-users <intelmq-users at lists.cert.at<mailto:intelmq-users at lists.cert.at>> wrote:

>>

>> Hello dear,

>> I tried the solution but it did not work.

>>

>> File "/usr/lib/python3.8/smtplib.py", line 880, in sendmail raise

>> SMTPSenderRefused(code, resp, from_addr)

>> smtplib.SMTPSenderRefused: (530, b'5.7.57 SMTP; Client was not

>> authenticated to send anonymous mail during MAIL FROM',

>> 'feeds at cert.tg')

>>

>> I am trying to find the issue to no avail. I dumped the traffic and all I had is this.

>> <image001.png>

>>

>> -----Original Message-----

>> From: IntelMQ-users <intelmq-users-bounces at lists.cert.at<mailto:intelmq-users-bounces at lists.cert.at>> On Behalf

>> Of Sebix

>> Sent: Tuesday, October 18, 2022 9:37 AM

>> To: intelmq-users at lists.cert.at<mailto:intelmq-users at lists.cert.at>

>> Subject: Re: [IntelMQ-users] Issue with Intelmq SMTPoutput Bots

>>

>> Dear Kossi,

>>

>> to disable authentication in the output bot, remove username and password from the bot's configuration.

>>

>> Sebastian

>>

>> On 10/18/22 10:58 AM, Kossi DOH via IntelMQ-users wrote:

>>> Hello dear,

>>> Please where can I change configuration the SMTP-Output bot, not to

>>> use SMTP-Auth.

>>>

>>>

>>> Cordialement / Best Regards, Kossi DOH Analyste Cyber Securite CYBER

>>> DEFENSE AFRICA S.A.S.

>>> Mobile: +228 70 54 93 26

>>> www.cert.tg<http://www.cert.tg> This information is intended only for the person or

>>> entity to which it is addressed and may contain confidential and/or

>>> privileged material. Unauthorised use of this information by a

>>> person or entity other than the intended recipient is prohibited by

>>> law. If you received this by mistake, please immediately contact the

>>> sender by email or phone and delete this information from any computer. Thank you.

>>> -----Original Message-----

>>> From: IntelMQ-users <intelmq-users-bounces at lists.cert.at<mailto:intelmq-users-bounces at lists.cert.at>> On Behalf

>>> Of moto kawasaki

>>> Sent: Tuesday, October 18, 2022 2:38 AM

>>> To: Kossi DOH <kdoh at cert.tg<mailto:kdoh at cert.tg>>; intelmq-users at lists.cert.at<mailto:intelmq-users at lists.cert.at>

>>> Subject: Re: [IntelMQ-users] Issue with Intelmq SMTPoutput Bots

>>>

>>>

>>> Hi Kossi DOH,

>>>

>>> The traceback complained that the destination SMTP server didn't

>>> support SMTP-AUTH, so that there are two options in general.

>>>

>>> 1) use another SMTP server that supports SMTP-AUTH.

>>> 2) change configuration of your SMTP-Output bot, not to use

>>> SMTP-Auth (but just to send mails).

>>>

>>> Thanks and hope it works out!

>>>

>>>

>>> --

>>> moto kawasaki <moto at kawasaki3.org<mailto:moto at kawasaki3.org>> +81-90-2464-8454

>>>

>>>

>>>

>>> on Mon, 17 Oct 2022 16:06:41 +0000, Kossi DOH via IntelMQ-users

>>> <intelmq-users at lists.cert.at<mailto:intelmq-users at lists.cert.at>> wrote:

>>>

>>>> Hi Community,

>>>> Please I need helps solving this issue. The SMTP output bots for

>>>> some time now is no more functioning. I think the issue begins

>>>> after some upgrade of the server or the Intelmq.

>>>> I can login to the mail server using web interface but when I run

>>>> the command I received the below message. Can someone help?

>>>>

>>>>

>>>> sudo -u www-data sudo -u intelmq intelmqctl run SMTP-Output-test

>>>> process --show-sent --dry --msg ''

>>>> Starting SMTP-Output-test...

>>>> SMTP-Output-test: SMTPOutputBot initialized with id

>>>> SMTP-Output-test and intelmq 3.0.2 and python 3.8.10 (default, Jun

>>>> 22 2022, 20:18:18) as process 3335470.

>>>> SMTP-Output-test: Bot is starting.

>>>> SMTP-Output-test: Bot initialization completed.

>>>> Traceback (most recent call last):

>>>> File "/usr/bin/intelmqctl", line 11, in <module>

>>>> load_entry_point('intelmq==3.0.2', 'console_scripts',

>>>> 'intelmqctl')() File

>>>> "/usr/lib/python3/dist-packages/intelmq/bin/intelmqctl.py", line

>>>> 1909, in main return x.run() File

>>>> "/usr/lib/python3/dist-packages/intelmq/bin/intelmqctl.py", line

>>>> 1048, in run retval, results = args.func(**args_dict) File

>>>> "/usr/lib/python3/dist-packages/intelmq/bin/intelmqctl.py", line

>>>> 1058, in bot_run retval, results =

>>>> self.bot_process_manager.bot_run(**kwargs)

>>>> File "/usr/lib/python3/dist-packages/intelmq/bin/intelmqctl.py",

>>>> line 186, in bot_run output = bd.run() File

>>>> "/usr/lib/python3/dist-packages/intelmq/lib/bot_debugger.py",

>>>> line 80, in run

>>>> self._process(self.dryrun, self.msg, self.show) File

>>>> "/usr/lib/python3/dist-packages/intelmq/lib/bot_debugger.py",

>>>> line 164, in _process

>>>> self.instance.process()

>>>> File

>>>> "/usr/lib/python3/dist-packages/intelmq/bots/outputs/smtp/output.py

>>>> ",

>>>> line 68, in process

>>>> smtp.login(user=self.smtp_username, password=self.smtp_password)

>>>> File "/usr/lib/python3.8/smtplib.py", line 709, in login raise

>>>> SMTPNotSupportedError(

>>>> smtplib.SMTPNotSupportedError: SMTP AUTH extension not supported by

>>>> server.

>>>>

>> --

>>

>> Institute for Common Good Technology

>> gemeinnütziger Kulturverein - nonprofit cultural society

>> https://sebix.at/ ZVR 1510673578

>>

>>

>>

>>

>> --

>> List settings:

>> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users

>> IntelMQ Documentation: https://intelmq.readthedocs.io/

>

> --

> List settings:

> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users

> IntelMQ Documentation: https://intelmq.readthedocs.io/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20221018/21c73b19/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 943 bytes
Desc: image001.png
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20221018/21c73b19/attachment.png>


More information about the IntelMQ-users mailing list