Home Assistant version: 0.88.0 (via pip3 show homeassistant)
Hi everyone. I have setup an SMTP server and I am able to use Evolution in GNOME desktop to send myself a message and it works as I have Dovecot setup with FreeIPA for Kerberos authentication.
So, I set out to implement an SMTP component in Home Assistant. I joined homeassistant Linux container to FreeIPA server using ipa-client-install and used kinit as a Home Assistant user although I’m not sure if Home Assistant supports Kerberos authentication for SMTP. As for encryption, I use STARTTLS with port 25. So here’s the config of what I have:
notify:
- name: smtp_grayson
platform: smtp
sender: [email protected]
recipient: [email protected]
server: mailserver.graysonpeddie.lan
port: 25
username: homeassistant
password: [redacted]
sender_name: "Home Assistant"
“graysonpeddie.lan” is only a local domain, so I’m not worried about spam. I have Postfix setup internally, so no outgoing access to the Internet.
Now the problem I have is this:
Setting up platform smtp
Traceback (most recent call last):
File "/opt/homeassistant/.local/lib/python3.7/site-packages/homeassistant/components/notify/__init__.py", line 76, in async_setup_platform
platform.get_service, hass, p_config, discovery_info)
File "/usr/lib64/python3.7/concurrent/futures/thread.py", line 57, in run
result = self.fn(*self.args, **self.kwargs)
File "/opt/homeassistant/.local/lib/python3.7/site-packages/homeassistant/components/notify/smtp.py", line 75, in get_service
if mail_service.connection_is_valid():
File "/opt/homeassistant/.local/lib/python3.7/site-packages/homeassistant/components/notify/smtp.py", line 120, in connection_is_valid
server = self.connect()
File "/opt/homeassistant/.local/lib/python3.7/site-packages/homeassistant/components/notify/smtp.py", line 113, in connect
mail.login(self.username, self.password)
File "/usr/lib64/python3.7/smtplib.py", line 697, in login
"SMTP AUTH extension not supported by server.")
smtplib.SMTPNotSupportedError: SMTP AUTH extension not supported by server.
A search for “SMTP AUTH extension not supported by server” led me to Home Assistant Security Concerns in Hass.io forum. Unfortunately, Firefox’s built-in search can’t find what I am looking for.
I also checked the /var/log/mail.log in mailserver.graysonpeddie.lan (172.20.2.5) and I saw the log. It seems the SMTP component is not doing anything other than to connect to my mail server and disconnect.
root@mailserver:~# cat /var/log/mail.log | grep "172.20.0.66"
Feb 24 18:46:17 mailserver postfix/smtpd[5510]: connect from unknown[172.20.0.66]
Feb 24 18:48:28 mailserver postfix/smtpd[5510]: lost connection after EHLO from unknown[172.20.0.66]
Feb 24 18:48:28 mailserver postfix/smtpd[5510]: disconnect from unknown[172.20.0.66] ehlo=2 starttls=1 commands=3
Feb 24 18:53:12 mailserver postfix/smtpd[5517]: connect from unknown[172.20.0.66]
Feb 24 18:53:12 mailserver postfix/smtpd[5517]: disconnect from unknown[172.20.0.66] ehlo=2 starttls=1 quit=1 commands=4
And yes, both Home Assistant and mailserver are both running as separate Linux containers (LXC0). Any ideas in why I’m getting an SMTP exception thrown by Home Assistant?
Update: Looks like I did not have SASL setup in Postfix so I added the config at the end of main.cf:
smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
smtpd_sasl_tls_security_options = noanonymous
I then configured /etc/postfix/sasl/smtpd as follows:
pwcheck_method: saslauthd
mech_list: GSSAPI
As I restarted Postfix in Ubuntu Server container (mailserver.graysonpeddie.lan) and send mail from Evolution, I get a message that /etc/krb5.keytab is not found but I do want Postfix to look in /etc/keytabs/smtp.keytab file. That’s where Home Assistant forum is not an ideal place to post here but although I do want Home Assistant to talk to Postfix. So once I remove the SASL lines from the main.cf config file, sending mail works fine since it’s not authenticating with Kerberos. In the meantime, I would probably have to set an encryption to none.
I know having no encryption is a bad idea in my home network, however I’m not too worried about man-in-the-middle attacks. Or should I? I have TLS enabled for Dovecot and that’s about it. I have my own private SSL certificate and certificate authority. SMTP communication is not going out into the Internet.