Home AMX User Forum NetLinx Studio
Options

SMTP functionality

w_hariw_hari Posts: 15
edited December 2023 in NetLinx Studio

Hi.
This is more a summary about what I found out about the built in SMTP behavior than a question, since I guess we have to live with it as is.
For some time I am trying to get the SMTP_SEND to work on a NX-3200 with my own SMTP server without any luck. Netlinx always returned MailSenderPrivate::Send authentication error 4 (Unknown error code) or (TLS not supported by server). With some logging I come to the following conclusions:

  1. If the mail server supports STARTTLS, it always uses TLS, no matter how SMTP_REQUIRE_TLS is set.
  2. Once you set SMTP_TLS_TRUE, SMTP_SEND always seems to require TLS support, no matter how SMTP_REQUIRE_TLS is set. It then always sends a STARTTLS command or shows the (TLS not supported by server) error. If you want to set it back to SMTP_TLS_FALSE you have to reboot the NX afterwards.
  3. it requires AUTH LOGIN PLAIN support. If only AUTH LOGIN is enabled, it QUITs right after the TLS handshake.
  4. With AUTH LOGIN PLAIN support after the TLS handshake it sends a AUTH PLAIN + BASE64 encode string. The encoded string should contain the SMTP_USERNAME and SMTP_PASSWORD. But Netlinx sends SMTP_USERNAME SMTP_USERNAME SMTP_PASSWORD which, at least with my mail server, results in an 535 Authentication failed error.

I have no clue why the username is sent twice, but it looks like the built in SMTP functionality is totally flawed and mostly useless (using the latest controller firmware 1.6.179)

Harry

Comments

  • Options
    Marc ScheibeinMarc Scheibein Posts: 811

    You may have to use the v1.6.205 hotfix because of updated TLS:

    https://help.harmanpro.com/nx-master

    Changes in this release

    • updated TLSv1.2 for smtp_send command
    • updated TLSv1.2 for TLS_CLIENT_OPEN usage with 3rd party device
  • Options
    w_hariw_hari Posts: 15

    Thanks for the input Marc. But that only updated the version from TLSv1 to TLSv1.2 and the used cipher from ECDHE-RSA-AES256-SHA to ECDHE-RSA-AES256-GCM-SHA384
    SMTP_SEND still requires AUTH LOGIN PLAIN support and sends the SMTP_USERNAME twice in the authentication message - which is the main problem.
    Does anyone know how to address this to AMX/Harman directly and open a case?

  • Options
    HARMAN_ChrisHARMAN_Chris Posts: 598

    Pick your preferred method:

    https://help.harmanpro.com/

    Technical Support
    +1 844-776-4899

    HProTechSupportUSA@harman.com

    Mailing Address
    HARMAN Professional Solutions
    8500 Balboa Blvd.
    Northridge, CA 91329
    USA

  • Options
    w_hariw_hari Posts: 15
    edited December 2023

    Long story short: there was a bug in my SMTP server.
    Netlinx uses the RFC 4616 compliant message format "authzid UTF8NUL authcid UTF8NUL passwd". For SMTP Authentication it is not clear what the purpose of the authzid is anyway, but simply setting authzid = authcid is certainly valid and done by Netlinx.

    So as a summary for further reference:

    1. Netlinx requires AUTH LOGIN PLAIN support. If only AUTH LOGIN is enabled, it QUITs
    2. SMTP_SEND issues the following command: AUTH PLAIN Base64Encoded(SMTP_USERNAME UTF8NUL SMTP_USERNAME UTF8NUL SMTP_PASSWORD)
    3. if the mail server supports STARTTLS, it always uses TLS, no matter how SMTP_REQUIRE_TLS is set
    4. once you set SMTP_TLS_TRUE, SMTP_SEND always seems to require TLS support, no matter how SMTP_REQUIRE_TLS is set. It then always sends a STARTTLS command or shows the (TLS not supported by server) error. If you want to set it back to SMTP_TLS_FALSE you have to reboot the NX afterwards.
    5. the NX-master FW v1.6.205 updates TLSv1 to TLSv1.2

    kind regards,
    Harry

Sign In or Register to comment.