#1 2019-08-28 11:43:33

derilium
Member
Registered: 2018-07-19
Posts: 21

SMTP not working in 11.2.8

I upgraded to the new version from a version 9 which was all working, only issue was that an error happened after updating to the latest ESXI. with that in mind i upgraded to the latest version (11.2.8) and took the information regarding SMTP into the new config files.

The backup run but never sends an email, its connects to the gmail server but then drop the connection.


Using SMTP server #2: smtp.gmail.com:465
Open firewall: 2019-08-28T11:24:45|  Opening port 465 for SMTPout-465 service...
USING KEY: xsibackup_id_rsa
Firewall rule SMTPout-465 closed.
Killed

and nothing is sent, this is the free version

a connection can be established using NC and also ping requests work

Any help would be greatly appreciated

Offline

#2 2019-08-29 15:37:47

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

Just a heads up it has something to do with the way the key is generated, i replaced the key with an older one and it then works.
The new key generates an OpenSSL the old one is an RSA

The only problem is now i only have a key for one of the servers

Offline

#3 2019-08-29 15:39:41

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

So if you replace request.key, xsibackup_id_rsa, xsibackup_id_rsa.pub and xsibackup_id_rsa.pem with ones from a know working earlier version it works

Offline

#4 2019-08-29 18:07:20

admin
Administrator
Registered: 2017-04-21
Posts: 1,002

Re: SMTP not working in 11.2.8

Well, XSIBackup detects the ESXi/OpenSSH version and generates the appropiate one.
Which ESXi version are you using?

Offline

#5 2019-08-30 07:01:00

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

6.5.0 Update 3 (Build 14320405) on both servers

Offline

#6 2019-08-30 11:45:54

admin
Administrator
Registered: 2017-04-21
Posts: 1,002

Re: SMTP not working in 11.2.8

We'll check that particular version's OpenSSH behaviour

Offline

#7 2019-08-30 14:07:45

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

Thanks, let me know

Offline

#8 2019-09-02 13:42:17

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

Any news on this issue?

Offline

#9 2019-09-02 21:58:30

admin
Administrator
Registered: 2017-04-21
Posts: 1,002

Re: SMTP not working in 11.2.8

All tests succeded with the three 6.5.0 servers we have.
We don't have your particular build available, but nobody else has reported any issue.
This test was done by installing from scratch and cut&paste the conf/smtpsrvs file contents from another server.

 ./xsibackup --check-smtp=daniel@33hops.com --use-smtp=1
###############################################################################
#
#  (c) XSIBACKUP-PRO 11.2.9 | Backup for (c) VMWARE ESXi Hypervisor by 33hops.com
#
###################################################################################

Using stored SMTP server info...
Found conf/smtpsrvs file...
Using SMTP server #1: smtp.gmail.com:465
Open firewall: Firewall rule SMTPout-465 added...
USING KEY: xsibackup_id_rsa
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
   i:/C=US/O=Google Trust Services/CN=GTS CA 1O1
 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgIRALwa0UzSMd5HCAAAAAAQI24wDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0xOTA4MTMxNjIwNDVaFw0xOTExMTExNjIw
NDVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw5z
bXRwLmdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKW3
5WE0jsCFE8onuduUmQNEfpAXsWac37qy4MJUgilz/sQnQ9/gmBe7AIZNHI2oOlVb
R3T/BydHanH+PjLWfGN7qYMdgZBJobh5rSgorjZmRwVY35Um1WuuhlkhxNB3TGol
Sr1vLpU2FX8bxOLWOWC9T4oc0DZDlsu2RQssM3+Qu8TX/0NwVkd00XAwDxcavUyZ
jsjb3wHl0U9Lar2Jz6v0U8hZ9RaDo6a+kwP+QRh4db1gHnFifJ5IIs4tHzsiCU0x
wImaBqtW8TNwz5jaeZnq9URnAPFOn6ZAsphvdV98bG79+ecZQ74SiMs+7n89VXAq
CDnnB13pysACHflklssCAwEAAaOCAlQwggJQMA4GA1UdDwEB/wQEAwIFoDATBgNV
HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT0xUYQqfL5
xXpLt0ulqXNXab0+mjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBk
BggrBgEFBQcBAQRYMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBraS5nb29n
L2d0czFvMTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8x
LmNydDAZBgNVHREEEjAQgg5zbXRwLmdtYWlsLmNvbTAhBgNVHSAEGjAYMAgGBmeB
DAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwu
cGtpLmdvb2cvR1RTMU8xLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AGPy
283oO8wszwtyhCdXazOkjWF3j711pjixx2hUS9iNAAABbIv/FUgAAAQDAEcwRQIg
DZ1z6mtgOf6tx5R4aQmgmciHf8Symo+6MbssCQtr7f4CIQCHHmbcdTqaaqnMNzA+
qN7mMpjp7uxhdX3Js8p0u+UMUgB2AHR+2oMxrTMQkSGcziVPQnDCv/1eQiAIxjc1
eeYQe8xWAAABbIv/FU0AAAQDAEcwRQIhAOsGl8PO/+PQB8q4AFi9/PvdVd6suBRY
LaJZwapG7gh+AiAfEPbURFdnV8zOfjnp4BxKIaAtP2sZRzZBxmHAsNdj6TANBgkq
hkiG9w0BAQsFAAOCAQEAeSsfzXtOQDYoq2lVH9fEcPfSXqs7YhloSGc3XwhTfotl
Iz1gz1SXS0wNJ07yiMSf0CekE5PlAowYAjgoCy5I3UB3dOSA17At72XwLvOM3rvL
gzQS4hgNW+TPNAvqUeSvAqwds6BH1ombDQpJ5kZp1eqhtfnn9Kp6/j3o+hAOxJk9
n2SFf98nqbFViXvQan1yvr37LGGzhQJ2nmNTR6w4QfZM2Iy4WrlhCV8fUwbL7nuJ
phgGCOHMIaLybZudjAjxyd+D4fbYg4kIyTc/1cssv1cCqPyZtzHutmXYr5Rphvu7
TlsqfSX1pSe5sNgzsmu0Vkv63kXe29znbpXukqYYGg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3233 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 6DD7C97336645540F0C2C9C0D0CC2B2F40B9DA15E6E2A37EB0E84BD3F958154A
    Session-ID-ctx:
    Master-Key: 07B15DB9D1CC20ED17346C16473ED15FAEED21E074A51765EBBE122C424A2A7F673FE6D9477DF328F53D0EBC4D9B8C72
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 d7 0b 4d 17 36 ef 04-46 67 fd e4 e3 5c 2c 64   ...M.6..Fg...\,d
    0010 - a8 5d 9f 74 e2 64 87 ac-fc 99 87 f0 9d bc 06 9c   .].t.d..........
    0020 - 82 a4 a8 72 fe 01 1f a2-6b 02 8c 10 38 90 9f 26   ...r....k...8..&
    0030 - 14 be 8b 94 b5 e3 7d f5-44 56 cf 47 f0 cf ea 4f   ......}.DV.G...O
    0040 - f6 33 63 2f 9f 0d b1 ac-e6 da 55 1f 4d 33 da bc   .3c/......U.M3..
    0050 - 1d ba a1 58 54 47 89 24-ee 02 24 7d a6 4b 59 b9   ...XTG.$..$}.KY.
    0060 - f1 2a d5 07 12 63 f5 2a-d3 62 6a 43 76 41 8a be   .*...c.*.bjCvA..
    0070 - 80 03 0a c7 80 ea a6 51-38 af d5 78 35 87 00 ac   .......Q8..x5...
    0080 - 3d 02 3a da e0 c9 cc 34-d3 d8 91 9d 12 ba 6c 44   =.:....4......lD
    0090 - 08 75 aa 79 a0 08 32 bd-b3 14 09 d6 95 b2 78 98   .u.y..2.......x.
    00a0 - 5b 7e 16 9a 04 67 1e a5-d6 23 2f e0 36 b7 cc 7b   [~...g...#/.6..{
    00b0 - 89 29 3b 2e 9e 05 4c 76-f2 13 a9 72 c9 c9 3c 2c   .);...Lv...r..<,
    00c0 - 17 43 f4 88 f5 96 14 cf-39 d7 95 5c b2 55 ea 52   .C......9..\.U.R
    00d0 - 34 72 cc 63 8a                                    4r.c.

    Start Time: 1567463744
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 smtp.gmail.com ESMTP y186sm29183095wmd.26 - gsmtp
250 smtp.gmail.com at your service
250-smtp.gmail.com at your service, [88.26.235.134]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
334 XXXXXXXXXXX
334 XXXXXXXXXXX
235 2.7.0 Accepted
250 2.1.0 OK y186sm29183095wmd.26 - gsmtp
250 2.1.5 OK y186sm29183095wmd.26 - gsmtp
354  Go ahead y186sm29183095wmd.26 - gsmtp
Firewall rule SMTPout-465 closed.
Killed
[root@localhost:/tmp/scratch/xsi-dir] vmware -v
VMware ESXi 6.5.0 build-5969303

Offline

#10 2019-09-03 07:29:11

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

In your screenshot above its for 11.2.9 XSIBackup-Pro and i am running 11.2.8 Free, do you have a copy of 11.2.9 Free as there is a mismatch in the version number?

Offline

#11 2019-09-07 11:17:34

admin
Administrator
Registered: 2017-04-21
Posts: 1,002

Re: SMTP not working in 11.2.8

The SMTP module hasn't changed

Offline

#12 2019-09-09 10:45:18

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

Any chance of a copy of the 11.2.9 free version to confirm, it does seem a bit odd and i'm not the only person having this issue

Offline

#13 2019-09-10 10:01:49

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

The plot thickens, i have tried with a different mail server smtp-mail.outlook.com, cleared down the keys, pem, pub etc and re-ran the check and now i'm getting unable to load the client certificate private key file. routings:PEM_read_bio:no start line:pem_lib.c:697:expecting: any private key

There is definitely something wrong with this version, i may have to revert back

Offline

#14 2019-09-19 23:36:04

NikolaiAB
Member
Registered: 2019-09-19
Posts: 1

Re: SMTP not working in 11.2.8

After a lot of googling and try and error I found this solution: manually generate a private key.
Make sure the following files are deleted:  xsibackup_id_rsa xsibackup_id_rsa.pem xsibackup_id_rsa.pub
Generate a private key: openssl genrsa -des3 -out xsibackup_id_rsa_pwd 1024
Remove the password: openssl rsa -in xsibackup_id_rsa_pwd -out xsibackup_id_rsa
Make sure it works: ./xsibackup --check-smtp=yourname@gmail.com --use-smtp=X

Offline

#15 2019-09-20 15:22:57

admin
Administrator
Registered: 2017-04-21
Posts: 1,002

Re: SMTP not working in 11.2.8

According to OpenSSL documents:

   genpkey   Generation of Private Key or Parameters.
   genrsa    Generation of RSA Private Key. Superceded by genpkey.

XSIBackup's src/sendmail module uses the genpkey option and it does work for us on every 6.5.0 version we have tried. That doesn't mean that there couldn't be a bug in XSIBackup, but it looks more like a key compatibility issue.

For those of you experiencing problems, please do make sure that you are not trying to use some older generated keys. Discard them and let XSIBackup generate new keys.

Offline

#16 2019-09-27 12:10:40

derilium
Member
Registered: 2018-07-19
Posts: 21

Re: SMTP not working in 11.2.8

Just like to say thanks to support and a big thanks to NikolaiAB as his fix worked great and i'm now getting my emails again...

Offline

#17 2019-09-28 14:24:14

admin
Administrator
Registered: 2017-04-21
Posts: 1,002

Re: SMTP not working in 11.2.8

Thank you all. We obviously have no control on what's on the other side, namely the SMTP server and its SSL version. We have no other choice than pedging to standards and OpenSSL documents, as this will cover the bulk of users. Nevertheless, if your SMTP server is using some older version of SSL and does not understand the key format NikolaiAB solution can be used as a workaround

Offline

#18 2019-10-14 10:20:11

nmatija
Member
Registered: 2019-01-05
Posts: 2

Re: SMTP not working in 11.2.8

Thank you Nikolai for the solution. I had the same problem on a fresh install. My build:

Gmail server
6.5.0 Update 3 (Build 13932383)

Offline

Board footer