©XSIBackup-Free: Free Backup Software for ©VMWare ©ESXi

Forum ©XSIBackup: ©VMWare ©ESXi Backup Software


You are not logged in.

#1 2019-08-28 11:43:33

derilium
Member
Registered: 2018-07-19
Posts: 27

SMTP not working in 11.2.8

I upgraded to the new version from a version 9 which was all working, only issue was that an error happened after updating to the latest ESXI. with that in mind i upgraded to the latest version (11.2.8) and took the information regarding SMTP into the new config files.

The backup run but never sends an email, its connects to the gmail server but then drop the connection.


Using SMTP server #2: smtp.gmail.com:465
Open firewall: 2019-08-28T11:24:45|  Opening port 465 for SMTPout-465 service...
USING KEY: xsibackup_id_rsa
Firewall rule SMTPout-465 closed.
Killed

and nothing is sent, this is the free version

a connection can be established using NC and also ping requests work

Any help would be greatly appreciated

Offline

#2 2019-08-29 15:37:47

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

Just a heads up it has something to do with the way the key is generated, i replaced the key with an older one and it then works.
The new key generates an OpenSSL the old one is an RSA

The only problem is now i only have a key for one of the servers

Offline

#3 2019-08-29 15:39:41

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

So if you replace request.key, xsibackup_id_rsa, xsibackup_id_rsa.pub and xsibackup_id_rsa.pem with ones from a know working earlier version it works

Offline

#4 2019-08-29 18:07:20

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working in 11.2.8

Well, XSIBackup detects the ESXi/OpenSSH version and generates the appropiate one.
Which ESXi version are you using?

Offline

#5 2019-08-30 07:01:00

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

6.5.0 Update 3 (Build 14320405) on both servers

Offline

#6 2019-08-30 11:45:54

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working in 11.2.8

We'll check that particular version's OpenSSH behaviour

Offline

#7 2019-08-30 14:07:45

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

Thanks, let me know

Offline

#8 2019-09-02 13:42:17

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

Any news on this issue?

Offline

#9 2019-09-02 21:58:30

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working in 11.2.8

All tests succeded with the three 6.5.0 servers we have.
We don't have your particular build available, but nobody else has reported any issue.
This test was done by installing from scratch and cut&paste the conf/smtpsrvs file contents from another server.

 ./xsibackup --check-smtp=daniel@33hops.com --use-smtp=1
###############################################################################
#
#  (c) XSIBACKUP-PRO 11.2.9 | Backup for (c) VMWARE ESXi Hypervisor by 33hops.com
#
###################################################################################

Using stored SMTP server info...
Found conf/smtpsrvs file...
Using SMTP server #1: smtp.gmail.com:465
Open firewall: Firewall rule SMTPout-465 added...
USING KEY: xsibackup_id_rsa
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
   i:/C=US/O=Google Trust Services/CN=GTS CA 1O1
 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgIRALwa0UzSMd5HCAAAAAAQI24wDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0xOTA4MTMxNjIwNDVaFw0xOTExMTExNjIw
NDVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRcwFQYDVQQDEw5z
bXRwLmdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKW3
5WE0jsCFE8onuduUmQNEfpAXsWac37qy4MJUgilz/sQnQ9/gmBe7AIZNHI2oOlVb
R3T/BydHanH+PjLWfGN7qYMdgZBJobh5rSgorjZmRwVY35Um1WuuhlkhxNB3TGol
Sr1vLpU2FX8bxOLWOWC9T4oc0DZDlsu2RQssM3+Qu8TX/0NwVkd00XAwDxcavUyZ
jsjb3wHl0U9Lar2Jz6v0U8hZ9RaDo6a+kwP+QRh4db1gHnFifJ5IIs4tHzsiCU0x
wImaBqtW8TNwz5jaeZnq9URnAPFOn6ZAsphvdV98bG79+ecZQ74SiMs+7n89VXAq
CDnnB13pysACHflklssCAwEAAaOCAlQwggJQMA4GA1UdDwEB/wQEAwIFoDATBgNV
HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT0xUYQqfL5
xXpLt0ulqXNXab0+mjAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBk
BggrBgEFBQcBAQRYMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBraS5nb29n
L2d0czFvMTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8x
LmNydDAZBgNVHREEEjAQgg5zbXRwLmdtYWlsLmNvbTAhBgNVHSAEGjAYMAgGBmeB
DAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwu
cGtpLmdvb2cvR1RTMU8xLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AGPy
283oO8wszwtyhCdXazOkjWF3j711pjixx2hUS9iNAAABbIv/FUgAAAQDAEcwRQIg
DZ1z6mtgOf6tx5R4aQmgmciHf8Symo+6MbssCQtr7f4CIQCHHmbcdTqaaqnMNzA+
qN7mMpjp7uxhdX3Js8p0u+UMUgB2AHR+2oMxrTMQkSGcziVPQnDCv/1eQiAIxjc1
eeYQe8xWAAABbIv/FU0AAAQDAEcwRQIhAOsGl8PO/+PQB8q4AFi9/PvdVd6suBRY
LaJZwapG7gh+AiAfEPbURFdnV8zOfjnp4BxKIaAtP2sZRzZBxmHAsNdj6TANBgkq
hkiG9w0BAQsFAAOCAQEAeSsfzXtOQDYoq2lVH9fEcPfSXqs7YhloSGc3XwhTfotl
Iz1gz1SXS0wNJ07yiMSf0CekE5PlAowYAjgoCy5I3UB3dOSA17At72XwLvOM3rvL
gzQS4hgNW+TPNAvqUeSvAqwds6BH1ombDQpJ5kZp1eqhtfnn9Kp6/j3o+hAOxJk9
n2SFf98nqbFViXvQan1yvr37LGGzhQJ2nmNTR6w4QfZM2Iy4WrlhCV8fUwbL7nuJ
phgGCOHMIaLybZudjAjxyd+D4fbYg4kIyTc/1cssv1cCqPyZtzHutmXYr5Rphvu7
TlsqfSX1pSe5sNgzsmu0Vkv63kXe29znbpXukqYYGg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3233 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 6DD7C97336645540F0C2C9C0D0CC2B2F40B9DA15E6E2A37EB0E84BD3F958154A
    Session-ID-ctx:
    Master-Key: 07B15DB9D1CC20ED17346C16473ED15FAEED21E074A51765EBBE122C424A2A7F673FE6D9477DF328F53D0EBC4D9B8C72
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 d7 0b 4d 17 36 ef 04-46 67 fd e4 e3 5c 2c 64   ...M.6..Fg...\,d
    0010 - a8 5d 9f 74 e2 64 87 ac-fc 99 87 f0 9d bc 06 9c   .].t.d..........
    0020 - 82 a4 a8 72 fe 01 1f a2-6b 02 8c 10 38 90 9f 26   ...r....k...8..&
    0030 - 14 be 8b 94 b5 e3 7d f5-44 56 cf 47 f0 cf ea 4f   ......}.DV.G...O
    0040 - f6 33 63 2f 9f 0d b1 ac-e6 da 55 1f 4d 33 da bc   .3c/......U.M3..
    0050 - 1d ba a1 58 54 47 89 24-ee 02 24 7d a6 4b 59 b9   ...XTG.$..$}.KY.
    0060 - f1 2a d5 07 12 63 f5 2a-d3 62 6a 43 76 41 8a be   .*...c.*.bjCvA..
    0070 - 80 03 0a c7 80 ea a6 51-38 af d5 78 35 87 00 ac   .......Q8..x5...
    0080 - 3d 02 3a da e0 c9 cc 34-d3 d8 91 9d 12 ba 6c 44   =.:....4......lD
    0090 - 08 75 aa 79 a0 08 32 bd-b3 14 09 d6 95 b2 78 98   .u.y..2.......x.
    00a0 - 5b 7e 16 9a 04 67 1e a5-d6 23 2f e0 36 b7 cc 7b   [~...g...#/.6..{
    00b0 - 89 29 3b 2e 9e 05 4c 76-f2 13 a9 72 c9 c9 3c 2c   .);...Lv...r..<,
    00c0 - 17 43 f4 88 f5 96 14 cf-39 d7 95 5c b2 55 ea 52   .C......9..\.U.R
    00d0 - 34 72 cc 63 8a                                    4r.c.

    Start Time: 1567463744
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 smtp.gmail.com ESMTP y186sm29183095wmd.26 - gsmtp
250 smtp.gmail.com at your service
250-smtp.gmail.com at your service, [88.26.235.134]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
334 XXXXXXXXXXX
334 XXXXXXXXXXX
235 2.7.0 Accepted
250 2.1.0 OK y186sm29183095wmd.26 - gsmtp
250 2.1.5 OK y186sm29183095wmd.26 - gsmtp
354  Go ahead y186sm29183095wmd.26 - gsmtp
Firewall rule SMTPout-465 closed.
Killed
[root@localhost:/tmp/scratch/xsi-dir] vmware -v
VMware ESXi 6.5.0 build-5969303

Offline

#10 2019-09-03 07:29:11

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

In your screenshot above its for 11.2.9 XSIBackup-Pro and i am running 11.2.8 Free, do you have a copy of 11.2.9 Free as there is a mismatch in the version number?

Offline

#11 2019-09-07 11:17:34

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working in 11.2.8

The SMTP module hasn't changed

Offline

#12 2019-09-09 10:45:18

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

Any chance of a copy of the 11.2.9 free version to confirm, it does seem a bit odd and i'm not the only person having this issue

Offline

#13 2019-09-10 10:01:49

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

The plot thickens, i have tried with a different mail server smtp-mail.outlook.com, cleared down the keys, pem, pub etc and re-ran the check and now i'm getting unable to load the client certificate private key file. routings:PEM_read_bio:no start line:pem_lib.c:697:expecting: any private key

There is definitely something wrong with this version, i may have to revert back

Offline

#14 2019-09-19 23:36:04

NikolaiAB
Member
Registered: 2019-09-19
Posts: 1

Re: SMTP not working in 11.2.8

After a lot of googling and try and error I found this solution: manually generate a private key.
Make sure the following files are deleted:  xsibackup_id_rsa xsibackup_id_rsa.pem xsibackup_id_rsa.pub
Generate a private key: openssl genrsa -des3 -out xsibackup_id_rsa_pwd 1024
Remove the password: openssl rsa -in xsibackup_id_rsa_pwd -out xsibackup_id_rsa
Make sure it works: ./xsibackup --check-smtp=yourname@gmail.com --use-smtp=X

Offline

#15 2019-09-20 15:22:57

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working in 11.2.8

According to OpenSSL documents:

   genpkey   Generation of Private Key or Parameters.
   genrsa    Generation of RSA Private Key. Superceded by genpkey.

XSIBackup's src/sendmail module uses the genpkey option and it does work for us on every 6.5.0 version we have tried. That doesn't mean that there couldn't be a bug in XSIBackup, but it looks more like a key compatibility issue.

For those of you experiencing problems, please do make sure that you are not trying to use some older generated keys. Discard them and let XSIBackup generate new keys.

Serverfault.com: OpenSSL genrsa vs genpkey

OpenSSL Command Line Utilities

Offline

#16 2019-09-27 12:10:40

derilium
Member
Registered: 2018-07-19
Posts: 27

Re: SMTP not working in 11.2.8

Just like to say thanks to support and a big thanks to NikolaiAB as his fix worked great and i'm now getting my emails again...

Offline

#17 2019-09-28 14:24:14

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working in 11.2.8

Thank you all. We obviously have no control on what's on the other side, namely the SMTP server and its SSL version. We have no other choice than pledging to standards and OpenSSL documents, as this will cover the bulk of users. Nevertheless, if your SMTP server is using some older version of SSL and does not understand the key format NikolaiAB solution can be used as a workaround

Offline

#18 2019-10-14 10:20:11

nmatija
Member
Registered: 2019-01-05
Posts: 5

Re: SMTP not working in 11.2.8

Thank you Nikolai for the solution. I had the same problem on a fresh install. My build:

Gmail server
6.5.0 Update 3 (Build 13932383)

Offline

#19 2020-09-28 02:19:32

daza67
Member
Registered: 2020-09-28
Posts: 2

Re: SMTP not working in 11.2.8

I'm also having this issue with a fresh install of XSIBACKUP-PRO 11.2.19 on 6.5.0 U3, email fails to gmail and office365 smtp hosts.

When I try the solution Nikolai details above it fixes the issue for gmail and also office365 smtp hosts. However I find that linking to another remote esxi 6.5.0 U3 host is then broken. When I re-link the remote esxi host again the xsibackup_id_rsa files gets regenerated again which breaks the email. Around I go in a circles.

Offline

#20 2020-09-28 08:36:35

daza67
Member
Registered: 2020-09-28
Posts: 2

Re: SMTP not working in 11.2.8

Seems is related to newer ssh-keygen export format defaulting to RFC4716 format.

I converted the existing xsibackup_id_rsa from a fresh install key back to the RSA PEM format using the process on the link below and now email and linking remote access to another esxi server is working.

Convert OpenSSH keys to RSA PEM format

Some more info here:
SSH-keygen does not create private key

Hope this helps someone.

Last edited by daza67 (2020-09-28 08:37:18)

Offline

#21 2020-09-28 10:54:16

admin
Administrator
Registered: 2017-04-21
Posts: 2,055

Re: SMTP not working in 11.2.8

As explained above, OpenSSH changed recommended formats. We cannot force mailmasters to use new standards if they don't want to. You may in any case convert the key to the older format to try to fit outdated SMTP servers. Simplest thing to do is obviously just use a different SMTP, we support GMail, Yahoo, Hotmail, etc...

Offline

Board footer