Problem: SMTP Authenticated Users Blocked By RealTime Blacklists
Running Server 10.5.2
I have the following RTBLs in the server setup
bl.spamcop.net
zen.spamhaus.org
I have several remote users on cable connections who connect to the SMTP service and authenticate using their login and password. When they try to send email, the RTBLs block them from being able to relay mail even though they are authenticated users.
Shouldn't Authenticated users bypass any RTBLs which are defined?
Is there any way to fix this major program (Major problem for me anyways)?
Message was edited by: ch0b1ts2600
You can add the IP of you remote users to the list at 'Accept SMTP relays from these hosts and networks' under the Mail > Relays tab of Server Admin. Unfortunately for those users with dynamic IP addresses you may find yourself inserting a range of IPs like "66.214.80.0/20".
It's a lot easier than constantly trying to remove their IP from the Spamhaus RBL list.
Similar Messages
-
Authenticated users blocked by rbl
Hi,
I have a user who is now having email sent via our server blocked by an rbl. The email being sent was to me, so we both have an account on the same server and no other mail server was involved.
Is there a way to configure Postfix to accept all incoming email from authenticated users, bypassing the rbl list for authenticated users?
Output of postconf -n below.
Thanks
Ron
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 10485760
mydomain = wagnercreativegroup.com
mydomain_fallback = localhost
myhostname = smtp.wagnercreativegroup.com
mynetworks = 127.0.0.1/32,66.167.106.195/32,66.167.106.194
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
ownerrequestspecial = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
smtpdpw_server_securityoptions = plain,login,cram-md5
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpduse_pwserver = yes
unknownlocal_recipient_rejectcode = 550
virtualaliasdomains = hash:/etc/postfix/virtual_domains
virtualaliasmaps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
virtualmailboxdomains = hash:/etc/postfix/virtualdomainsdummy
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
Mac OS X (10.4.8)Change:
smtpdclientrestrictions = permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
to:
smtpdclientrestrictions = permitsaslauthenticated, permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
Issue: sudo postfix reload
Also, if you like, see my tutorial on "Frontline spam defense for Mac OS X Server", available here:
http://osx.topicdesk.com/downloads/ -
I have a very small Mac OS X server, with about 20 users. I recently had to move the server offsite. The server is up and running just fine, but I am unable to sent mail using simple smtp authentication. I currently have both Login and Clear selected, and using the Apple Mail client (or any other so far) I am unable to send e-mail from the COX @ HOME network.
Is this something COX is blocking?
Here is my postconf -n output. This must be a common problem. I can't figure out what I am doing wrong. It seems so simple.
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 0
mydestination = $myhostname,localhost.$mydomain,wilmashouse.com,castlewoodholdings.com,jumico.c om,mail.jumico.com
mydomain = jumico.com
mydomain_fallback = localhost
myhostname = mail.jumico.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
proxy_interfaces = 64.58.179.233
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permit_mynetworks rejectrblclient sbl-xbl.spamhaus.org rejectrblclient bl.spamcop.net permit
smtpdpw_server_securityoptions = login,plain
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_keyfile =
smtpduse_pwserver = yes
unknownlocal_recipient_rejectcode = 550
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
Any help would be appreciated.
Thanks
MikeOn your server, modify /etc/postfix/master.cf
Uncomment this single line:
#submission inet n - n - - smtpd
Save, then issue:
sudo postfix reload
From home, switch your mail client to use port 587 for SMTP.
This will work through COX.
You mention that others must want to send mail using their corp server, this is the solutions most companies use. Just open alternate ports.
Jeff -
Msg #732 - The 'Block authenticated user' rule is active.
Hi, I'm Viola, from Italy.
I have a problem with Mail 1.3.11. When I receive some emails (I don't with what criteria), instead receive the right email, I receive the following email:
From: [email protected]
Subject: Alert from eSafe: HTML Active Content Msg #732 - The 'Block authenticated user' rule is active.
Time: 15 Mar 2006 11:58:39
Scan result: Mail rejected
Protocol: POP3
File Name\Mail Subject: imeilconunoggetto
Source: 217.115.16.5
Destination: 192.168.1.10
Mail Sender: [email protected]
Mail Recipients:
Details: HTML Active Content: Msg #732 - The 'Block authenticated user' rule is active.
So, instead receive the email from [email protected], I receive the email from [email protected] without the content sended from [email protected]
It's not a problem with the provider because if I go on the provider site and I login with my email, I can read emails without problems.
Can you help me, please?
Thank you,
ViolaHi Frank,
thanks for the quick reply. I got the code for how to use FacesContext...but where should i implement the code? do i have to create a backing bean or something? how to use a backing bean if i have to display the same information across every page during a session? where, for example, should i use the following code fragment?
FacesContext fc = FacesContext.getCurrentInstance();
ExternalContext ec = fc.getExternalContext();
userName = ec.getRemoteUser();
Please explain how to go about it. thanks -
I try to send mail with a Javamail client code (you can see the code below), it works fine if the mail server doesn't require SMTP authentication to be relay, but SendFailedException occurs if the mail server security setting is set to SMTP requires authentication (same settings as POP usr/pwd) on the mail server.
I believe it is an issue of SMTP authentication.
How do I code for SMTP authentication with Java Mail API?
Thanks!
Can Odabasioglu
Source Code:
import java.util.Properties;
import javax.mail.*;
import javax.mail.internet.*;
import java.io.UnsupportedEncodingException;
public class MailExample {
public static void main (String args[]) {
String host = "odabasioglu.net";
String from = "[email protected]";
String to = "[email protected]";
try {
Properties props = System.getProperties();
Authenticator auth = new POPAuth ();
props.put("mail.smtp.host", host);
Session session = Session.getInstance(props, auth);
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress(from,"FromName"));
message.addRecipient(Message.RecipientType.TO,new InternetAddress(to,"ToName"));
message.setSubject("Test Subject");
message.setText("Can Odabasioglu");
Transport.send(message);
catch (MessagingException e) {e.toString();}
catch (UnsupportedEncodingException e) {e.toString();}
static class POPAuth extends Authenticator {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("UserName", "Password");
}“Cannot send message using the server
Mail.ISP.net:[email protected]”
…And provides the “Send message using:” pulldown to
select one of two accounts (one is followed by
“:[email protected]”, the other is not). Both are the
same options the other two machines have, but neither
option works on this machine.
This is one of those error messages that they send application programmers to school for so that they can include error messages that don't tell you what the problem is.
After much trial and error, I discovered that this message is returned if there is an error in the recipient's email address. Perhaps, if it was stored in the address book, it became corrupt. I've found that manually typing in the address (without automatically finishing it from cache) usually fixes the problem. I just spoke to a customer this morning with the same error message, and entering the recipient's email address manually corrected the problem. -
Hi, i want to ask the function of smtp authentication in ironport. Is it used to authenticate with the exchange server or per client using LDAP? When i configure the smtp authentication, is it used for incoming or outgoing connection ? Thanks.
Regards
Alkuin MelvinDear Alkuin,
For SMTP authentication configuration, you can configure SMTP auth profile under 'Network'-'SMTP Authentication' (LDAP, forward and outgoing).
In my opinion, you can choose to enable SMTP AUTH in mail flow polic(ies) of existing listener (port 25) and/or a new listener using another port (say port 8025). The reason to use 'port number other than port 25' is that some residential ISP or hotel internet connection will block outgoing port 25 connection (due to antispam reason - blocking botnet/malware infected hosts to send spams and ISP IP address gets blacklisted).
For existing listener, you can configure SMTP AUTH "Preferred" setting in default mail flow policy, and then users can authenticate and then relay emails through IronPort from public IP address (configure email client's outgoing SMTP gateway with IronPort public IP address and port 25). One point to note is that if the user is sending from a poor reputation IP, their SMTP connection may be blocked or throttled.
For listener using port number other than 25 (e.g. 8025) , you can configure to have just one sender group with default mail flow policy configured with SMTP AUTH "Required". The email client needs to configure with outgoing SMTP gateway with IronPort listener's public IP address and specific port number (say port 8025). In this way, only authenticated user can relay emails through this listener and they can avoid port 25 blocking issue or sending host's reputation issue as mentioned above.
Cheers,
Tommy -
Broken SSL/TLS SMTP authentication with Outlook Express
Hi All,
I've created two ports for SMTP-Authentication with required SSL/TLS : port 25 and port 587. Everythings work fine on port 25 (both smtp-auth and ssl/tls works).
But when using Outlook Express with port 587, the problems happens:
Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'pop.cbn.net.id', Server: 'smtps.cbn.net.id', Protocol: SMTP, Port: 587, Secure(SSL): Yes, Error Number: 0x800CCC0F
I've already disable windows firewall, Desktop Antivirus etc. but still not works.
Does anyone has the same problem? Thank you.Sorry I'm a little late to the party.
This is a bug in OE. It is attempting to do an SSL negotiation immediately when the connection opens, like what a web browser does for HTTPS connections, rather than using the STARTTLS mechanism to start TLS in the middle of the connection. In other words, it's attempting to use the old, never actually standardized SMTPS protocol if you attempt to do secure SMTP on any port other than 25. When we deployed mandatory SSL/TLS here, we had to deploy an SMTPS server on port 465, just for OE users (our mail relay server is not an IronPort).
SMTPS was never standardized, never even made it past one Internet-Draft. It's allocation of port 465 was later revoked by IANA and reassigned to another protocol. Yet it was treated as gospel by many mail client authors. I refused to support it on our mail server until it became obvious that OE simply wouldn't work otherwise (getting correct STARTTLS operation by using port 25 is not always available because of ISPs doing port 25 blocking). I don't blame IronPort in the least for not supporting it, although it does make this situation harder to resolve.
I have learned to hate OE. -
Problem with authentication in OBIEE
Hello, I have a problem with authentication in OBIEE.
A user who does not exist, enter the application and can enter but can not access almost anything, it is very rare because in addition webcatalog are created within the folder with your name and no one created it.
any ideas?I created SR and i solved the problem.
The problem wasn´t in weblogic. We migrated rpd 10g to 11g, I had define one initialization block session in RPD, when we disabled it, it´s running fine.
Oracle recomended work in weblogic in obiee 11g
best regards
Edited by: Benito Camelas on Sep 29, 2011 7:12 AM -
SMTP Authentication for PHP Mail
Can anyone help me in figuring out the correct way to incorporate the SMTP authentication into a form? I am having a lot of trouble in getting my forms to send with this format. My code for my php action page is below. I have my correct information where i included *******. Please let me know what i have wrong.
CODE STARTS HERE
<?php
//new function
$to = "*******";
$nameto = "LTL Freight Shop";
$from = "*******";
$namefrom = "LTL Freight Shop";
$subject = "Account Request";
authSendEmail($from, $namefrom, $to, $nameto, $subject, $message);
?>
<?php
$recipient = "*******";
//$subject = "Account Request";
$companyname = check_input($_POST['CompanyName'], "Enter your company name");
$firstname = check_input($_POST['FirstName'], "Enter your first name");
$lastname = check_input($_POST['LastName'], "Enter your last name");
$phone = check_input($_POST['PhoneNumber'], "Enter your phone number");
$fax = check_input($_POST['FaxNumber']);
$email = check_input($_POST['Email'], "Enter your email");
$address = check_input($_POST['StreetAddress'], "Enter your address");
$city = check_input($_POST['City'], "Enter your city");
$state = check_input($_POST['State'], "Enter your state");
$zipcode = check_input($_POST['ZipCode'], "Enter your zip code");
$country = check_input($_POST['Country'], "Enter your country");
$yearsinbusiness = check_input($_POST['YearsinBusiness'], "Enter your years in business");
$typeofindustry = check_input($_POST['TypeofIndustry'], "Enter your type of industry");
$multiplelocations = check_input($_POST['MultipleLocations']);
$numberoflocations = check_input($_POST['LocationsCount']);
$ltl = check_input($_POST['ServicesLTL']);
$ftl = check_input($_POST['ServicesFTL']);
$domesticparcel = check_input($_POST['ServicesDomesticParcel']);
$intlparcel = check_input($_POST['ServicesInternationalParcel']);
$airfreight = check_input($_POST['ServicesAirFreight']);
$oceanfreight = check_input($_POST['ServicesOceanFreight']);
$other = check_input($_POST['ServicesOther']);
$none = check_input($_POST['ServicesNone']);
$volume = check_input($_POST['TypicalVolume'], "Enter your typical volume");
$carrier = check_input($_POST['CurrentCarrier'], "Enter your current carrier");
$class = check_input($_POST['AverageClass'], "Enter your average class");
$weight = check_input($_POST['AverageWeight'], "Enter your average weight");
$process = check_input($_POST['Process']);
$hearabout = check_input($_POST['HearAbout']);
$comments = check_input($_POST['Comments']);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
show_error("E-mail address not valid");
$message = "You have received an account request from:
Company Name: $companyname
First Name: $firstname
Last Name: $lastname
Phone Number: $phone
Fax Number: $fax
E-mail: $email
Street Address: $address
City: $city
State: $state
Zip Code: $zipcode
Country: $country
Years in Business: $yearsinbusiness
Type of Industry: $typeofindustry
Multiple Locations: $multiplelocations
Number of Locations: $numberoflocations
Services they use: $ltl, $ftl, $domesticparcel, $intlparcel, $airfreight, $oceanfreight, $other, $none
Typical Volume: $volume
Current Carrier: $carrier
Average Class: $class
Average Weight: $weight
How they currently process: $process
How they heard about us: $hearabout
Comments: $comments
End of message
//ini_set("SMTP","smtp.emailsrvr.com");
//ini_set("SMTP_PORT", 25);
//ini_set("sendmail_from","*******");
//mail($recipient, $subject, $message);
function check_input($data, $problem='')
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
show_error($problem);
return $data;
function authSendEmail($from, $namefrom, $to, $nameto, $subject, $message)
$smtpServer = "smtp.emailsrvr.com";
$port = "25";
$timeout = "30";
$username = "********";
$password = "********";
$localhost = "smtp.emailsrvr.com";
$newLine = "\r\n";
$smtpConnect = fsockopen($smtpServer, $port, $errno, $errstr, $timeout);
$smtpResponse = fgets($smtpConnect, 515);
if(empty($smtpConnect))
$output = "Failed to connect: $smtpResponse";
return $output;
else
$logArray['connection'] = "Connected: $smtpResponse";
fputs($smtpConnect,"AUTH LOGIN" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['authrequest'] = "$smtpResponse";
fputs($smtpConnect, base64_encode($username) . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['authusername'] = "$smtpResponse";
fputs($smtpConnect, base64_encode($password) . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['authpassword'] = "$smtpResponse";
fputs($smtpConnect, "HELO $localhost" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['heloresponse'] = "$smtpResponse";
fputs($smtpConnect, "MAIL FROM: $from" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['mailfromresponse'] = "$smtpResponse";
fputs($smtpConnect, "RCPT TO: $to" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['mailtoresponse'] = "$smtpResponse";
fputs($smtpConnect, "DATA" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['data1response'] = "$smtpResponse";
$headers = "MIME-Version: 1.0" . $newLine;
$headers .= "Content-type: text/html; charset=iso-8859-1" . $newLine;
$headers .= "To: $nameto <$to>" . $newLine;
$headers .= "From: $namefrom <$from>" . $newLine;
fputs($smtpConnect, "To: $to\nFrom: $from\nSubject: $subject\n$headers\n\n$message\n.\n");
$smtpResponse = fgets($smtpConnect, 515);
$logArray['data2response'] = "$smtpResponse";
fputs($smtpConnect,"QUIT" . $newLine);
$smtpResponse = fgets($smtpConnect, 515);
$logArray['quitresponse'] = "$smtpResponse";
function show_error($myError)
?>
<html>
<body>
<b>Please correct the following error:</b><br />
<?php echo $myError; ?>
</body>
</html>
<?php
exit();
?>I have the same problem - user has Outlook 2010 on Exchange 2007. Mail goes directly into the deleted items folder. After browsing around the net I found 2 different site with the same potential fix. It seems that when migrating a user from Exch 2003 to
2007 (which we did) some of the configs get set incorrectly. The weird thing is we migrated over 2 years ago, and some others are experiencing the same after a long period after the migration. The fix that was suggested is:
Go to your Exch server, open up Exchange Management Shell and type the following:
get-mailboxcalendarsettings "domain/ou/user" | fl
set-mailboxcalendarsettings "doman/ou/user" -automateprocessing: Autoupdate
My user already had Autoupdate set, but this seems to have fixed it for me... -
NAC Guest Server SMTP Authentication
Does anyone know if you are able to set your SMTP server in the NAC Guest Server to do SMTP Authentication? Our old Exchange server just let us specify the SMTP server and send the guest accounts their Username and Password to their outside accounts. Our new Exchange server requires SMTP authentication, but we do not see the option available in the NAC Guest Server interface. We are running NAC Guest Server 1.1.3. Any ideas would be appreciated. Thanks!
I have Cisco NAC Guester server 2.0.2 and have sort of similar issues.
I configured the Base DN to the OU of the sponsor groups in AD and then map that particular group in roles. Users from that group can log on fine and create guest accounts.
The problem is, it seems that other users from that OU seems to be able to log on as sponsors too. How do I restrcit this to just that sponsore group? I tried changing the Base DN to the OU of the sponsore group then enter CN=sponsorgroup to narrow it to just that group but still other users can log in as sponsors. -
Hi all :
Anyboday can tell me how i can verify the smtp authentication feature?
I cannot use ironport send email after set up this feature .
I have set up and the step as below:
First I create the LDAP Profile that include the SMTP Authentication Query ,i test query it work fine and i use the LDAP Bind.
Second , I create the smtp auth profile and selected the smtp auth profile at the listener .
finally , i selected the smtp authentication preferred at the default mail flow policy parameters .
Please tell me if i missed some step and how i can verify this feature.
thx thx thx :wink:Thu Dec 25 13:09:00 2008 Info: ICID 184830 REJECT SG BLACKLIST match sbrs[-10.0:
-3.0] SBRS -4.0
I think the problem is that the IP address you're coming from (i.e. *.
.broadband.ctm.net) has a low SBRS score and you're getting stopped by the HAT Overview/Blacklist sendergroup first, before you're allowed to transmit your username/password.
Therefore, I don't think the problem is with the smtp auth at this point. It's the low SBRS score.
Try this.
Create a custom/new sender group just for your ISP and put it at the top of your HAT Overview (or at least above the Blacklist).
1. Create a new sendergroup called "Accept-Broadband". Set the connection behavior to be "Accept"
2. Make sure the order is at the top.
3. For the senders, add ".broadband.ctm.net" to the list of connecting host.
4. This way, you can make sure your connections don't get stopped by the Blacklist.
Then, try the smtp auth again. Try and get that to work first.
We'll discuss the low SBRS score issue later once the smtp auth is working.
And by the way, there's nothing wrong with you, it's just broadband.ctm.net has a low sbrs score. It's like the passenger in the taxi is okay, but the taxi driver is bad. -
SMTP authentication description
Hi everyone :
I don't know what is Ironport SMTP authentication feature after reading the Adv-UserGuide.
Is it the smtp authentication use to authen the user connect to email server and How it work between email server and client if it is , As we know Ironport is email gateway , How Ironport can control the user connect to email server ?
Is it only work for Outgoing email authentication ?
thx thx !I would say that SMTP Authentication is most commonly used for a segment of your end users that are traveling on business or work outside of the internal company network and can't be connected directly to the company mailserver to send out their outgoing mail.
Since a user outside the network may not be able to directly connect to the corporate mailserver, what mail administrators try to set up is the IronPort appliance to do smtp authentication against an Active Directory server for example and then if the sender authenticates, they'll be able to relay using the IronPort appliance.
If you run into any problems or questions, feel free to post the issue here and we'll try to iron it out. -
SMTP auth. users to avoid RBL
Dear All,
have a Mac OS X Server mail component working all right, few domains, few hundred users. All is fine. Do not yet have content-based spam filtering, will soon. Until then, wanted to turn on RBL. (Mail -> Settings -> Relay (tab) -> "Use these junk mail rejection servers..."). If I turn it on, amount of spam goes half right away. Few of my users are sometimes working remotely from ADSL providers, etc., and their legit mail then gets rejected by one-or-other RBL.
I was told, that there is eventually way to set the mail server not to check mail from SMTP authenticated clients against RBL, but I didn't find UI for this. Is there such a setting? No Kerberos here (yet). Only classic password auth. SMPT and SSL.
Any tip much welcome,
OG.
Message was edited by: Gergely OlahIf these (remote) users are affiliated with your organization, I'd probably set up for a way for these (remote) users to connect directly into the mail server. Preferably with encrypted remote access, or with a VPN solution. This trumps the RBL, and it also allows the users to send outward mail from your domain.
As a potential workaround here, Squirrelmail / Webmail can be used.
If these users are regularly operating on host within the blacklists, there are bigger issues for them and potentially also for you, too. Either they need to move to non-blacklisted sites, or they get to get the blacklist cleared.
You're not the only site using the blacklists, after all.
And -- worst case, but certainly possible -- there could be a legitimate reason these (remote) users became blacklisted. They could be affiliated with compromised host systems or with mail servers that are generating spam or that are vulnerable to relay attacks, or with a problematic ISP, etc. The blacklists could be (and often are) correct. And if the client systems are infested and do connect into your servers (either via VPN or via authorized remote submission), your servers could well end up forwarding spam. -
No cleartext SMTP authentication in Server 3.0?
I am currently running OS X Server 2.2.2 on OS X 10.8. I have several Windows clients that use the eM Client E-mail/CalDAV/CardDAV client for mail, calendar and contacts (thsi is just about the only Windows client that works well for all these with OS XServer). Unfortunately this client can only use cleartext authentication for SMTP (it supports MD5 digest for IMAP). I am able to have this working fine via SSL/TLS to OS X Server 2.2.2 for users hosted in Open Directory.
I am now testing OS X Server 3.0.1 running on OS X 10.9.1 and I find to my horror that the SMTP authentication no longer works. IMAP authentication still works okay. It seems either there has been soem change to how SSL/TLS autnentication works on 3.0.1 or cleartest authentication is no longer allowed for SMTP...
Does anyone know if this is indeed a change on the server side? And is there any way to override it and force it to allow cleartext authentication, for Open Directory hosted users, for SMTP (over SSL of course)? If I can't solve this then I am caught between a rock and a hard place.
Thanks for any insights...Hello MrHoffman,
Thanks for your reply. I have indeed already enabled all those options; my configuration has not changed from 10.8.2/2.2.2 where it all worked just fine (with the same client configuration) :-(
Here is the output from my 10.9.1/3.0.1 server:
bash-3.2# postconf -c /Library/Server/Mail/Config/postfix smtpd_client_restrictions
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
bash-3.2# postconf -c /Library/Server/Mail/Config/postfix smtpd_pw_server_security_options
smtpd_pw_server_security_options = cram-md5,digest-md5,gssapi,login,plain
and
bash-3.2# telnet xxx.yyyyyyyyyy.org.uk 25
Trying 10.0.200.6...
Connected to xxx.yyyyyyyyyyy.org.uk.
Escape character is '^]'.
220 xxx.yyyyyyyyyyyy.org.uk ESMTP Postfix
EHLO aaa.yyyyyyyyyyyyyy.org.uk
250-xxx.yyyyyyyyyyyy.org.uk
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-BINARYMIME
250 CHUNKING
The problem seems to definitely be related to authentication. If I (temporarily) allow unauthenticated submission on port 25 and set the client to not send any credentials then it connects and sumbits successfully.
In 'mail.log' I see these messages (many times):
Jan 2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/postscreen[13851]: CONNECT from [10.0.200.68]:49293 to [10.0.200.6]:25
Jan 2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/postscreen[13851]: WHITELISTED [10.0.200.68]:49293
Jan 2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/smtpd[13852]: connect from aaa.yyyyyyyyyyyyy.org.uk[10.0.200.68]
Jan 2 18:56:13 xxx.yyyyyyyyyyyyy.org.uk postfix/smtpd[13852]: error: verify password: error: Credentials could not be verified, username or password is invalid.
Jan 2 18:56:13 www.thejenkinsfamily.org.uk postfix/smtpd[13852]: error: verify password: authentication failed: user=ddddd
I know this user/password is okay since (a) it can login as a network usr authenticated by Open Directory and (b) it can send mail from OS X Mail authenticating using CRAM-MD5 over SSL.
The eM Client SMTP log shows this...
16:15:51.477|023| SMTP S: 220 xxx.yyyyyyyyyy.org.uk ESMTP Postfix
16:15:51.477|023| SMTP C: EHLO [10.0.2.15]
16:15:51.477|023| SMTP S: 250-xxx.yyyyyyyyyy.org.uk
16:15:51.477|023| SMTP S: 250-PIPELINING
16:15:51.477|023| SMTP S: 250-SIZE 31457280
16:15:51.477|023| SMTP S: 250-VRFY
16:15:51.477|023| SMTP S: 250-ETRN
16:15:51.477|023| SMTP S: 250-STARTTLS
16:15:51.477|023| SMTP S: 250-ENHANCEDSTATUSCODES
16:15:51.477|023| SMTP S: 250-8BITMIME
16:15:51.477|023| SMTP S: 250-DSN
16:15:51.477|023| SMTP S: 250-BINARYMIME
16:15:51.477|023| SMTP S: 250 CHUNKING
16:15:51.477|023| SMTP C: STARTTLS
16:15:51.477|023| SMTP S: 220 2.0.0 Ready to start TLS
16:15:51.477|023| SMTP C: EHLO [10.0.2.15]
16:15:51.477|023| SMTP S: 250-xxx.yyyyyyyyyy.org.uk
16:15:51.477|023| SMTP S: 250-PIPELINING
16:15:51.477|023| SMTP S: 250-SIZE 31457280
16:15:51.477|023| SMTP S: 250-VRFY
16:15:51.477|023| SMTP S: 250-ETRN
16:15:51.477|023| SMTP S: 250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI
16:15:51.477|023| SMTP S: 250-ENHANCEDSTATUSCODES
16:15:51.477|023| SMTP S: 250-8BITMIME
16:15:51.477|023| SMTP S: 250-DSN
16:15:51.477|023| SMTP S: 250-BINARYMIME
16:15:51.477|023| SMTP S: 250-CHUNKING
16:15:51.477|023| SMTP S: 250 BURL
16:15:51.493|023| SMTP C: AUTH LOGIN
16:15:51.493|023| SMTP S: 334 VXNlcm5hbWU6
16:15:51.493|023| SMTP C: Y2hyaXM=
16:15:51.493|023| SMTP S: 334 UGFzc3dvcmQ6
16:15:51.493|023| SMTP C: d2VhdmV3MQ==
16:15:51.555|023| SMTP S: 535 Error: authentication failed
16:15:53.895|023| SMTP C: AUTH LOGIN
16:15:53.895|023| SMTP S: 334 VXNlcm5hbWU6
16:15:53.895|023| SMTP C: Y2hyaXM=
16:15:53.895|023| SMTP S: 334 UGFzc3dvcmQ6
16:15:53.895|023| SMTP C: d2VhdmV3MQ==
16:15:53.942|023| SMTP S: 535 Error: authentication failed
16:15:54.488|023| SMTP C: AUTH LOGIN
16:15:54.488|023| SMTP S: 334 VXNlcm5hbWU6
16:15:54.488|023| SMTP C: Y2hyaXM=
16:15:54.504|023| SMTP S: 334 UGFzc3dvcmQ6
16:15:54.504|023| SMTP C: d2VhdmV3MQ==
16:15:54.550|023| SMTP S: 535 Error: authentication failed
Do you have any insights? I am somewhat stumped at this point... I am wonderign is some subtle change (in OS X Server) has resulted in an incompatibility between eM Client and OS X Server 3.0.
Regards,
Chris -
Has the outgoing SMTP Authentication been fixed on...
Has the outgoing SMTP Authentication been fixed on E71 because I have set up a mail account and not been able to send any emails. The error it displays offers me to input once again my user ID and pass. Can someone help me?
A poll on one particular forum suggested that around 20% of Macbook owners have had the case crack near the right palmrest.
If that were the case, there would be about 300,000 MacBook owners with this problem. That is certainly NOT the case. I've seen two or three posts here about something like that, but this is a technical support forum, you're supposed to find people with problems here! You're not going to see any posts from the hundreds of thousands of MacBook owners who don't have that problem. Even if only 10% of those 300,000 MacBook owners posted here, there'd be 30,000 people with that problem posting here. There's nothing like that going on now.
-Doug
Maybe you are looking for
-
Two weeks ago I had an issue with the timecode filter not generating. I worked around it. The problem seems deeper now. I'm trying to color-correct, exposure-tweak et al. No response from the filters. This is FCP 5.1.4, MacPro, Tiger, Apple 23" monit
-
HI I'm using alv list tree and the problem is that the user can mark the all line (node or item ) just when he choose on the folder (icon ) and can choose for the text and not all the line is marked (this is confusing for the user since when he mark
-
How do you watch videos if we can't get flash?
What can you use in place of flash to watch videos?
-
Hey, its my first time here so hi to all~ i have had windows 7 RC copy since its been released, and i love it. i had it on a clean installed and find it awesome, much better than vista but i have one problem, i cant run BLUE RAY DISCs. i have a progr
-
Unable to make changes to your software error
Hi We have issue with deploying applications. Sometimes works and sometimes not. Strange is that i can install all applications manually but not with sccm. Error i get is: The software change returned error code 0x652(1618). Please help!!!