©XSIBackup-Free: Free Backup Software for ©VMWare ©ESXi

Forum ©XSIBackup: ©VMWare ©ESXi Backup Software


You are not logged in.

#1 2019-07-21 22:33:53

genesysguy
Member
Registered: 2019-07-21
Posts: 6

SMTP not working after upgrade to 11.2.6

Was using xsibackup free version 11.0.1 and needed to upgrade as I ran into a bug where backups were failing to fire off, after I installed the latest ESXi patch.  Was doing (line 490: syntax error: unexpected "&") and not backing up anything.

Upgraded to 11.2.6 and now I can't get SMTP to work with Gmail at all. I've tried installing on two different ESXi boxes and they are both doing the same thing.  I have it configured the same way as 11.0.1 was.

Running  ./xsibackup --check-smtp=username@gmail.com --use-smtp=2
and here are the results:

Using stored SMTP server info...
Found conf/smtpsrvs file...
Using SMTP server #2: smtp.gmail.com:465
Open firewall: 2019-07-21T22:22:08|  Opening port 465 for SMTPout-465 service...
USING KEY: xsibackup_id_rsa
Firewall rule SMTPout-465 closed.
Killed


Not much for me to go on..  Any ideas?  Any way to turn on more detailed debug logging or am I testing incorrectly?

smtpsrvrs:

2;smtp.gmail.com:465;user@gmail.com;user@gmail.com;password;yes;TLS;0

Last edited by genesysguy (2019-07-21 22:37:19)

Offline

#2 2019-07-21 22:58:55

genesysguy
Member
Registered: 2019-07-21
Posts: 6

Re: SMTP not working after upgrade to 11.2.6

[root@ESXiR420:/vmfs/volumes/5be9760a-8ba90cd5-3a4e-000af77eadb8/xsi-dir] esxcli network firewall set --enabled false
[root@ESXiR420:/vmfs/volumes/5be9760a-8ba90cd5-3a4e-000af77eadb8/xsi-dir] nc -4z smtp.gmail.com 465

Connection to smtp.gmail.com 465 port [tcp/smtps] succeeded!

Netcat doesn't seem to have an issue reaching smtp.gmail.com either.

Offline

#3 2019-07-22 12:01:33

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working after upgrade to 11.2.6

There have been some changes in OpenSSL lately and this affects the way keys are exchanged with e-mail servers. We have addressed this in latest versions and it is working with GMail for us and other clients. Please, contact suppport to receive personalized support, it is included for Pro users.

Offline

#4 2019-07-22 14:04:52

genesysguy
Member
Registered: 2019-07-21
Posts: 6

Re: SMTP not working after upgrade to 11.2.6

So what you're telling me is that the free version (11.2.6) is broken with Gmail and this is a known issue?
When will the free version fix be implemented?

Offline

#5 2019-07-22 15:46:03

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working after upgrade to 11.2.6

Latest versions of XSIBackup-Free incorporate those improvements as well, this is the full output of a test we just made using a GMail account

###############################################################################
#
#  (c) XSIBACKUP-FREE 11.2.6 | Backup for (c) VMWARE ESXi Hypervisor by 33hops.com
#
###################################################################################

--------------------------------------------------------------------------------------------
|              High speed and deduplication is not available in XSIBACKUP-FREE             |
|                          Get XSIBACKUP-PRO at https://33hops.com                          |
--------------------------------------------------------------------------------------------

Using stored SMTP server info...
Found conf/smtpsrvs file...
Using SMTP server #1: smtp.gmail.com:465
Open firewall: Firewall rule SMTPout-465 added...
USING KEY: xsibackup_id_rsa
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
   i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
 1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEijCCA3KgAwIBAgIQMZyM27r8bQxIFPEmL64pejANBgkqhkiG9w0BAQsFADBU
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUw
IwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDYxODA4
MjQ0M1oXDTE5MDkxMDA4MTYwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2ds
ZSBMTEMxFzAVBgNVBAMMDnNtdHAuZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEApklWJnKp8tikE9yoE5US4lLEhRaW3p6MzmFn60On1Bme
whfOWe5juSS+d+it3a/f9ZdG7Bp3TBM509lkHmOS5ohVzbPhcHzCqgzhx4BvCYml
mmeBs29+6E4CfgJ0iLv2pq/vRzIZOTsLCdLBs9LY1YP48UsOHcopY7BTnaa6kfH2
01tPx958CqGd+T/lDZnbdq4uIxuVoVCr10gr+B8Im8RUUdUDXPnL77ggObdzW6TI
dCdFL4L95dYAcrg2QTEGnquOqJLjzKHLFEjdGYmcghSq0usx26oz5xJw6kEQWyMt
UsBr4v1RRqrgawl0gh3LlGlhR+IiJHCQe3muP+t2GQIDAQABo4IBQjCCAT4wEwYD
VR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYI
KwYBBQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9H
VFNHSUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dU
U0dJQUczMB0GA1UdDgQWBBRj0fwI8zIjVe20RCIYXeZ9ff6igzAMBgNVHRMBAf8E
AjAAMB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgw
DAYKKwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov
L2NybC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBAFIW
bq0RSackQcMqGuYEyqezErVEje9DimpyMSGfyH2QjnwU2BUYSgzQLVcfddxXCzYM
6tPEEkuyNE0ZlVnZBhGMrLcoCY35HEhBRf1COFalYpA4AulqQQ7mo49nVvxQEEyG
IF5BgOPDeeoKxdgUPvrayJNS2dEyXXZIWDbpuPymDi1a2sp/wfqzi1l4yFqJOaT4
8n8nDGfSjg8LniCA7/khuPbahJ7FH9wP4VSLVLg9MxBTdMcy4a/scPx0bFe2GzMZ
zi2Q3/MWRkubKrEvjz3cHHIT3ycZimoKIgYeXuRQzKKw1//fd/gb8h1OeRLSzw0U
4hHCTRhGSI9QglEdbRA=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
---
SSL handshake has read 2994 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 9E08E9DD0DCE43510EAD0818918337520D32BA99DB27E9BC877DEE1C92C20BD4
    Session-ID-ctx:
    Master-Key: 2C49ABD196C7B824EB41628DAD61CAAC382035AEC3627BC427A614CED808DF88A7BF912E0E6D7650BC3E58F1DDBDCE00
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 5b 03 a7 22 ba 79 6b-f1 33 73 25 9a 37 d9 10   .[..".yk.3s%.7..
    0010 - e0 0a c8 8f ba 7c 06 75-02 ba 0c bc 14 59 99 0e   .....|.u.....Y..
    0020 - 39 85 bc b0 f2 27 be 02-19 ed a8 88 e8 82 f0 47   9....'.........G
    0030 - b4 24 00 f3 3f 94 e5 c8-f1 e8 c5 d4 55 11 86 7b   .$..?.......U..{
    0040 - 25 5c 93 f6 f3 26 a3 bc-3e af 0c 1b fe 72 b6 eb   %\...&..>....r..
    0050 - 85 4c 6c 41 7a 58 e3 5c-df 13 f8 e7 cc be de 91   .LlAzX.\........
    0060 - 5c 5e f2 5b f0 c5 75 0c-07 dd 31 65 17 c2 76 b8   \^.[..u...1e..v.
    0070 - b4 d5 6a 3e a2 87 cb be-cb 73 d8 d6 6f e5 ce 10   ..j>.....s..o...
    0080 - 14 b3 51 a7 57 2d 29 b4-f2 16 03 ef 21 6a 11 27   ..Q.W-).....!j.'
    0090 - af 47 ea ff e2 5a 56 40-c3 bb a0 e4 57 9a ed d9   .G...ZV@....W...
    00a0 - fc 25 91 78 bb 15 01 77-69 f7 a8 9e 85 cc 71 42   .%.x...wi.....qB
    00b0 - 5a f5 cc 1f fb 11 26 e3-ae 51 45 a8 d8 09 09 ac   Z.....&..QE.....
    00c0 - 87 e1 44 6f 9f 59 bf ca-dc 40 80 03 2d 03 82 6e   ..Do.Y...@..-..n
    00d0 - 6d 34 16 ce 2c                                    m4..,

    Start Time: 1563812544
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 smtp.gmail.com ESMTP w23sm40668660wmi.45 - gsmtp
250 smtp.gmail.com at your service
250-smtp.gmail.com at your service, [88.26.235.134]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
334 XXXXXXXXXXXX
334 XXXXXXXXXXXX
Firewall rule SMTPout-465 closed.
Killed

Offline

#6 2019-07-22 16:22:43

genesysguy
Member
Registered: 2019-07-21
Posts: 6

Re: SMTP not working after upgrade to 11.2.6

Out of curiosity, what version of ESXi is that from?

I'm on version 6.5.0 Update 3 (Build 13932383) on both servers and both are doing the exact same thing.  No error message nor output to indicate an issue.

Offline

#7 2019-07-22 16:41:10

genesysguy
Member
Registered: 2019-07-21
Posts: 6

Re: SMTP not working after upgrade to 11.2.6

As a test, I copied the following files from my previous installation to the new one:

xsibackup_id_rsa.pub
xsibackup_id_rsa.pem
xsibackup_id_rsa
request.key

I noticed that the previous keys were in RSA format vs OPENSSH.

And now it will sucessfully send email.  Not sure if that request.key has anything to do with things..

Last edited by genesysguy (2019-07-22 16:57:18)

Offline

#8 2019-07-24 08:02:53

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working after upgrade to 11.2.6

All XSIBackup keys are RSA, they have not changed since long ago when they use to be DSA. We don't know what you mean by OPENSSH format.

Offline

#9 2019-07-24 14:16:05

genesysguy
Member
Registered: 2019-07-21
Posts: 6

Re: SMTP not working after upgrade to 11.2.6

The new xsibackup_id_rsa file headers look like this:

-----BEGIN OPENSSH PRIVATE KEY-----

Key goes here

-----END OPENSSH PRIVATE KEY-----



The old one looks like this:

-----BEGIN RSA PRIVATE KEY-----

Key

-----END RSA PRIVATE KEY-----

Offline

#10 2019-07-24 14:21:34

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working after upgrade to 11.2.6

Those are just comments, they should not affect functioning. We'll take a look at this part and eventually publish any relevant information.

Offline

#11 2021-02-27 11:42:32

domino-pl
Member
Registered: 2021-02-27
Posts: 1

Re: SMTP not working after upgrade to 11.2.6

After edit in src/sendmail:
from
MAILOUT=$( (mail_input | openssl s_client -key "$PWD"/xsibackup_id_rsa${keyappend} -pause -connect ${LOCAL_SMTPSRV}:${LOCAL_SMTPPORT} -ign_eof -crlf >&5) 2>/dev/null )
to
MAILOUT=$( (mail_input | openssl s_client -key "$PWD"/xsibackup_id_rsa${keyappend} -pause -connect ${LOCAL_SMTPSRV}:${LOCAL_SMTPPORT} -ign_eof -crlf >&5) )
you will see error message. In my case it was:
unable to load client certificate private key file
137909130920:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY

After some tries with keys from a few hosts and openssl options, I found that xsibackup_id_rsa.pem ought to be used insted of xsibackup_id_rsa so in src/send mail I changed:

    if [ -f "$PWD"/xsibackup_id_rsa.pem ]   
    then
    CHECK_KEY="$( openssl rsa -in "$PWD"/xsibackup_id_rsa.pem -check 2>&1 | head -n1 | awk '{print tolower($0)}' )"
    if [ "${CHECK_KEY}" == "unable to load private key" ]
    then
        DEL_PEM="$( rm -rf "$PWD"/xsibackup_id_rsa.pem )"
    fi   
    fi
    if [ ! -f "$PWD"/xsibackup_id_rsa.pem ]
    then
        if [ "$( python -c "print(${version_string_number}>=67013006603)" )" == "True" ]
    then
        GENPEM="$( openssl genpkey -algorithm RSA -out "$PWD"/xsibackup_id_rsa.pem -pkeyopt rsa_keygen_bits:2048 )"
    else
        if [ -f "$PWD"/xsibackup_id_rsa ]
            then
                /usr/lib/vmware/openssh/bin/ssh-keygen -f "$PWD"/xsibackup_id_rsa -m 'PEM' -e > "$PWD"/xsibackup_id_rsa.pem
        fi
    fi
    fi
    if [ "$( python -c "print(${version_string_number}>=67013006603)" )" == "True" ]
    then   
        keyappend=".pem"
    fi

decreasing condition to my 65017477841.

The problem host was patched to last version ESXi 6.5.

Offline

Board footer