Submission service and SMTP AUTH capability

[Christian Kivalo]

On June 21, 2019 3:13:59 PM GMT+02:00, "Germán Herrera via dovecot" <dovecot at dovecot.org> wrote:
>Hi Everyone!
>
>I've setup dovecot 2.3.2.1 on a Gentoo server. I want to configure the 
>submission service in order to replace the corresponding part in
>Postfix 
>(which is my SMTP server).
>I configured submission it with just a few options different of the 
>default ones:
>
>submission_client_workarounds = whitespace-before-path
>submission_relay_host = 127.0.0.1
>submission_relay_port = 10026
>submission_relay_trusted = yes
>
>The issue I'm having is that the SMTP AUTH is enforced and performed 
>correctly, but it doesn't get published on the server capaabilities
>when 
>the connection doesn't come from localhost. This causes issues with
>some 
>smtp clients which authenticate (python smtpclient).
>
>When I telnet the submission service from localhost I get:
>
>220 (protected hostname) Dovecot ready.
>EHLO L
>250-(protected hostname)
>250-8BITMIME
>250-AUTH PLAIN LOGIN
>250-BURL imap
>250-CHUNKING
>250-ENHANCEDSTATUSCODES
>250-SIZE
>250-STARTTLS
>250 PIPELINING
>quit
>221 2.0.0 Bye
>
>But when I do the same from another host other than the one running 
>dovecot (telnetting the submission port):
>
>220 (protected hostname) Dovecot ready.
>EHLO L
>250-(protected hostname)
>250-8BITMIME
>250-BURL imap
>250-CHUNKING
>250-ENHANCEDSTATUSCODES
>250-SIZE
>250-STARTTLS
>250 PIPELINING
>quit
>221 2.0.0 Bye
>
>As you can see, the AUTH capability is not there.
>Do you know what could be causing this issue? Your help is much 
>appreciated!
>German
Maybe you need to start tls before auth will be offered as localhost most often is whitelisted from the need for auth.  Have you tried with openssl s_client to start TLS and see if auth is offered then?
-- 
Christian Kivalo