Smtp auth - relay

Hi!
We are running GWIA novell-groupwise-gwia-12.0.1-103731.
Relaying is denied in the GWIA-settings.
We tested the GWIA behavior.
If we do an SMTP-Auth against the GWIA and the authentication is
successful, relaying is allowed.
In the GWIA "Access-Control Settings" -> "Default Class of service"
there is "Prevent outgoing messages" defined in the "SMTP Outgoing" section.
It seems, that it has no effect, what is defined in the Access Control
Settings; Gwia will always allow relaying, if the user is authenticated
against the GWIA.
Does this work as designed, or do we have a chance that we will allow
only specified users to relay, if they are authenticated?
thanks in advance
Wolfgang

On 06.11.2012 11:12, wpolster wrote:
> Hi!
>
> We are running GWIA novell-groupwise-gwia-12.0.1-103731.
> Relaying is denied in the GWIA-settings.
>
> We tested the GWIA behavior.
> If we do an SMTP-Auth against the GWIA and the authentication is
> successful, relaying is allowed.
> In the GWIA "Access-Control Settings" -> "Default Class of service"
> there is "Prevent outgoing messages" defined in the "SMTP Outgoing"
> section.
That's a bad idea, and should result in nobody using groupwise
internally being able to send email out. You can't remove restrictions
in the default class of service with more specific classes.
> It seems, that it has no effect, what is defined in the Access Control
> Settings; Gwia will always allow relaying, if the user is authenticated
> against the GWIA.
Correct. The class of service restrcitions only apply to *internal*
users, e.g everything that come from or goes to groupwise. relaying
happens totally on the SMTP side of GWIA only, and there's no restrictions.
> Does this work as designed, or do we have a chance that we will allow
> only specified users to relay, if they are authenticated?
Unfortunately not.
CU,
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de

Similar Messages

SMTP Auth / Relay Allow Map

For my testing I would like to enable SMTP AUTH or a relay MAP so that a user I have can relay through the Messaging Server (with out allowing the whole world to relay).
Does anyone have any experence with this?
Thanks

Authenticated smtp is turned on by default. It works fine for me. . .

Zimbra Multi Domain SMTP auth/relay problem

I have a query in setting up a multi-domain Zimbra 8.6 OSE on Ubuntu 14.04.I have successfully setup Domain1 with Zimbra and added virtual host Domain2. Mails to each of them are routing to each other and sending from the server to outside is also working. However, I need to both domains to send emails using their respective ISP so domain1 would use ISP1 and domain2 ISP2. In my previous implementation, I have used successfully "zimbraMtaRelayHost" for single domain. Searching more, I have tried the "Relay per Domain" using "sender_dependent_relayhost_maps."I am, however, still unable to send mail using Zimbra. I have, upon instinct, put in the port after the IP address of the ISPs in /opt/zimbra/postfix/conf/bysender so it looks like the one below (based on thewiki):@domain1.com [10.10.10.1]:587
@domain2.com [20.20.20.1]:587Zimbra now...
This topic first appeared in the Spiceworks Community

Microsoft releases new license terms for Windows 10: Biggest surprise? No gotchasEd Bott has Just published an article on ZDNet which reviews in detail the just-released Windows 10 license agreementFirst published on ZDNet By Ed Bott for The Ed Bott Report | July 15, 2015 -- 18:30 GMT (19:30 BST) | Topic: Windows 10 "Two weeks ahead of the global launch of Windows 10, Microsoft has finalized the terms of its license agreements for the new operating system. I've had several days to study the documents in detail, and I can report that there are no surprises, no gotchas, and no hidden subscription traps waiting to be sprung in two or three or four years.""In fact, the new license agreement is simpler and written more clearly than any similar document I've reviewed in 20 years of examining Windows license agreements. There are a few...

OS X's Mail app and SMTP auth

We're having a problem with OS X's Mail app connecting to Tiger Server's mail server. We have the server set up to not always require SMTP auth (all SMTP auth settings unchecked in Settings > Advanced > Security), and to allow relay from only a given set of networks (Settings > Relay). In theory, this means that if you're on one of the specified networks, you're not required to authenticate, otherwise you are. This according to Apple's documentation.
From a bit of packet sniffing, it looks like:
1. If a user on an allowed network tries to send mail through the server, the server does not return authorization as an option.
2. If the user has password authentication specified in Mail's SMTP Server settings, it refuses to send. If they set SMTP auth to None, the Mail app will send.
IOW, Mail doesn't send if Authorization is enabled in the Mail app, but not given as an option by the mail server. Has anyone else seen this? Is this a bug in Mail or Postfix?

If you have networks entered in
'Accept SMTP relay only from these hosts and
networks'
Clients on these networks don't need to authenticate
for local delivery or relay.
So it does what you are looking for.
Jeff
Well, goddarn it - so it does!
I was testing various permutation (10.3.4) just recently and it just wouldn't relay without auth if any of them was selected (honest!). That was with the trusted relay....
...but I just tried it again and it's fine!
I had put it down to just another 'glitch' in the documentation.
Oh well - glad you were there to point it out Jeff!
Whilst we are on the subject - do you know of any way to tie authentication (outwith trusted network) to specified users? I was thinking there might be a Postfix parameter for this (sorry, I should just look them all up but maybe someone knows it already)?
Thank, and sorry for any earlier confusion!
-david.

Pop before smtp and smtp auth

Hi Jay,
hope all is well with you.
what is pop before smtp and how to see if it is enabled?
what is smtp auth and how to see if it is enabled? Is it enabled by default on MS 6.x?
what happens if smtp auth is not enabled? Will my mail server be a relay?
Is there any additional configuration that should be done on messaging server to allow connection for dial-up users?
thanks,

Hi Jay,
hope all is well with you.
what is pop before smtp and how to see if it is
enabled?Pop before SMTP is a very old, and little used method for "authenticating" users. There is virtually no reason to turn this on, anymore.
It's done through the MMP, and is the only reason to actually use the SMTP proxy that's part of MMP.
I would not go there unless your environment requires it. Most do not. Most clients support SMTP authentication, which is much better, and is on by default.
>
what is smtp auth and how to see if it is enabled? Is
it enabled by default on MS 6.x?See above. Yes, smtp authentication is on by default.
>
what happens if smtp auth is not enabled? Will my
mail server be a relay?Totally different issue.
No.
If smtp auth is off, if you have external users, they likely will not be allowed to send to other external users..
>
Is there any additional configuration that should be
done on messaging server to allow connection for
dial-up users?If "dial-up users" means that they come from ip addresses outside your network, then smtp auth will allow them full access.
thanks,

Server to server smtp auth

Hello,
I have a Messaging 6.x (JES 2005Q4 version) installation. All outbound email must go
through an external MTA so I added a smartrelay (daemon in tcp_local channel) and all works ok but the external MTA requires authentication so the question is:
how can I configure to send SMTP AUTH to the smartrelay?
I get the following when sending mail:
27-Jan-2006 18:42:00.44 tcp_local R 1 [email protected] rfc822;[email protected] [email protected] dns;outbound.relay.com (outbound.relay.com ESMTP Exim 4.51 Fri, 27 Jan 2006 19:41:57 -0500) smtp;550 You must authenticate to use this relay
I have set this up in a postfix installation and all works ok.
Thanks all in advance.

Hello,
I have a Messaging 6.x (JES 2005Q4 version)
installation. All outbound email must go
through an external MTA so I added a smartrelay
(daemon in tcp_local channel) and all works ok but
the external MTA requires authentication so the
question is:
how can I configure to send SMTP AUTH to the
smartrelay?Far as I know, you can't.
>
I get the following when sending mail:
27-Jan-2006 18:42:00.44 tcp_local R 1
[email protected] rfc822;[email protected]
[email protected] dns;outbound.relay.com
(outbound.relay.com ESMTP Exim 4.51 Fri, 27 Jan 2006
19:41:57 -0500) smtp;550 You must authenticate to use
this relay
I have set this up in a postfix installation and all
works ok.
Thanks all in advance.

DIsable smtp auth only for an ip

Dear gurus,
I have sun messaging server 6 running perfectly alright and only new thing which I would like to incorporate is to disable smtp auth only for one ip address.I am new to this system and have gathered following information from sun messaging docs, the steps which I followed..
1) Create a table DISABLE_SMTPAUTH_IP similar to INTERNAL_IP mapping table in mapping file
INTERNAL_IP
10.18.18.19 $Y
10.18.18.38 $Y
10.18.18.30 $Y
127.0.0.1 $Y
* $N
! Added on 01092008 for disabling smtp_auth
DISABLE_SMTPAUTH_IP
external.ip.addres $Y
*$N
2) ALLOW PORT ACCESS
*PORT_ACCESS
*|*|*|*|* $C$|DISABLE_SMTPAUTH_IP;$3|$Y$E
*|*|*|*|* $C$|INTERNAL_IP;$3|$Y$E
3) Then right after the current rewrite rule in imta.cnf file Created new TCP CHANNEL
! Do mapping lookup for internal IP addresses
[] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
added a new rewrite rule:
! Do mapping lookup for "no smtp auth", non-internal IP addresses
[] $E$R${DISABLE_SMTPAUTH_IP,$L}$U%[$L]@tcp_nosmtpauth-daemon
! ttcp_nosmtpauth-daemon
tcp_nosmtpauth-daemon smtp mx single_sys subdirs 20 maxjobs 7 pool SMTP_POOL nosasl nosaslserver
tcp_nosmtpauth-daemon
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel subdirs 20 maxjobs 30 pool SMTP_POOL maytlsserver maysaslserver s
aslswitchchannel tcp_auth loopcheck threaddepth 32 blocklimit 5120 notices 1 2 backoff "pt5m" "pt1h" "pt2h" "pt4h" destinati
onspamfilter1optin spam
tcp-daemon mumbbmr1.dataone.in
! tcp_intranet
!tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel sasl
switchchannel tcp_auth blocklimit 2500
!tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel sasl
switchchannel
!tcp_intranet-daemon
run /opt/SUNWmsgr/sbin/imsimta refresh
alternatively tried imsimta cnbuild and imsimta restart
but still i get Mail rely denied when I try sending messages from the same trusted IP without doing AUTH.
I would like to know...
1) If there is something mising or wrong in above steps
2) HOw do i check if the messages from that IP(for which smtp auth is disabled) is passing from the tcp_nosmtpauth channel...
THanks for giving your valuable time...

thanks very much shane for giving time...
Please always provide the exact version of Messaging Server (./imsimta version).
mumxxxx1 # ./imsimta version
Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr 3 2006)
libimta.so 6.2-6.01 (built 11:20:35, Apr 3 2006)
SunOS mumxxxx1-a-fixed 5.9 Generic_118558-28 sun4u sparc SUNW,Sun-Fire-V440
mumxxxx1#
Why would you want to disable SMTP Authentication? What are you attempting to achieve by doing this -- what is the problem you are trying to solve?
We are an ISP and therefore sometimes required to send bulk mail, for which we are currently using perl bulk mail module script and there we specify the users in text file to send message, everytime this module try sending it get Mail Relaying denied as it doesnot supply user and passwd required for smtp auth in base64.
Therefore I wanted to disable smtp auth for an ip address using which smtp auth is not reqauired and mails should be openly relayed.
Why are all of the above entries commented out? Did you intend to disable (break) the tcp_intranet channel?
no it is not commented in config files.
+./imsimta refresh is no longer a valid comment, you need to use ./imsimta cnbuild;./imsimta restart+
as per sun mesaging server 6 admin guide it is given to be working. Alterntively I tried ./imsimta cnbuild;./imsimta restart.
Please provide the mail.log_current line that matches the attempted email delivery which was rejected.
mumxxxx /opt/SUNWmsgsr/sbin # tail -f /mta/logs/imta/mail.log_current
08-Sep-2008 13:42:19.52 7079.0fca.710096 tcp_local J 0 [email protected] rfc822; [email protected] mailserv 530 5.7.1 Relaying not allowed: [email protected] SMTP
bash-3.00# telnet mumxxxx 25 Trying 10.18.18.19...
Connected to ::ffff:10.18.18.19.
Escape character is '^]'.
220 mumxxxx.datxxxx.in -- Server ESMTP (*)
ehlo mumxxxx.daxxxx.in
250-mumxxxx.daxxxxx.in
250-8BITMIME
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-HELP
250-XLOOP 82F58AB6E3453199924062C516F2E337
250-AUTH PLAIN LOGIN
250-AUTH=LOGIN
250-ETRN
250-NO-SOLICITING
250 SIZE 0
mail from: [email protected]
250 2.5.0 Address Ok.
rcpt to: [email protected]
530 5.7.1 Relaying not allowed: [email protected]
rcpt to: [email protected]
Also please clarify if you want to disable the ability to perform SMTP auth or whether you want to allow email to be sent without requiring SMTP auth -- these are two completely different objectives.
No I do not want to disable SMTP auth for everyone.DEfault is it should be forced to all except from one ip. ie disable smtp auth only for an ip address.
Regards
Pradeep

SMTP Auth & Maildir

I have two seperate questions...
I found this quote here:
http://docs.info.apple.com/article.html?artnum=106763
"Whenever Authenticated SMTP is enabled, your email server is effectively a "send only" server, because mail servers from other domains are most likely not configured to authenticate with your server. This means your local email clients can only receive email from other local clients. Authenticated SMTP also requires each user's email client software to authenticate before it sends mail through your server."
I know this documentation is very old (10.1.3), but I need to know if this still true in Server 10.4.7? I have a LOT of traveling sales people that need to use either mail.app or outlook, and they are not going to be happy if I tell them they have to use webmail. I was planning on switching to OS X Server, but I need to know about this first.
My second question is, what format does 10.4.7 server store its mail in? mbox? mdir? I have found conflicting answers online..
Thanks,
Brian
Macbook Mac OS X (10.4.7)

Actually, that excerpt does not make sense to me either.
When Authenticated SMTP is enabled, only clients with the correct username and password may relay mail through your server. Any other client or server will not be able to relay mail through your server. The only mail your server will accept without authentication is those that are meant for the local accounts on the server. SMTP-AUTH just prevents unauthorized relays but not delivery.
So your travelling reps should be able to use Mail.app to connect to your server and send mail to outside clients through your server. AND their clients should be able to send mail to your reps.

Smtp auth without hat access defined

Hello community!!!
We are configuring an appliance and came across a doubt that we would like to share to see if anyone can help us.
We first configured the appliance by setting up a RELAY policy wich included the networks that were allowed to send mail through our IronPort. Before we applied that configuration, there was no way of sending mail, perhaps there are other more efficient ways but we fail to see another one.
After this path was OK, we then configured the IronPort to use SMTP auth in a forwarding fashion to verify that clients we know are the only ones allowed to send mail. To do this we authenticate against our internal SMTP server, which contains the mailboxes of our users.
This configuration tested OK, without issues at all.
Now that we have this architecture working we would like to allow multiple IPs, not just the ones we defined to use our IronPort to send mail. In our scenario, we provide email services to serveral cilents that have dynamic IP. So we cannot guaranty that a given time, they will be able to send mails through our IronPort if their IP falls out of the range we defined.
So, within HAT policies, is there a way to allow "anyone" or "any IP" to access the IronPort to send mail? The security will be enforced though our SMTP auth policy which only allows authorized personnel to send mail.
Thank you in advanced for your thoughts and comments!!!
Best regards!!!
Miguel

Yes, you can do this where the connecting external IP or sender is not known in advance.
You would probably need to LDAP with either SMTP Auth enabled or External Authentication Queries enabled.
So as to not *bog* down your HAT Overview with smtp auth attempts, I think it would be helpful to find a range where the incoming connection would be, then try to assign it to a SMTP Authentication Sender Group and corresponding Mail Flow Policy where the SMTP was turned on.
I can see that this type of scenario would come into play in situations where you have traveling salespeople and you're not always sure what IP they're coming from, but they still need to relay via the IronPort. It's best to collect as much of the information about these external relayers as possible and the LDAP system, then contact Customer Support, presenting the information/facts that you have and how best to configure the IronPort HAT/LDAP/MAIL FLOW Policy section to get that working.
Good luck,
Kevin

SMTP Auth For Subset of Users

I think this is not possible but thought I should ask just in case...
Any ideas how to configure things to only allow a couple of users to smtp authenticate from WAN side of firewall?
I'm thinking of a different port number from 25, tied into some sort of lookup table...? (you can probably tell I'm scrabbling about here
-david

Thanks Jeff,
This is purely to get around a lack of secure passwords for LAN users (there are no passwords). At the moment there is no SMTP auth, only relay by LAN IP, and the firewall is closed except for SMTP & VPN. Problem is that the 2 bosses now want to send/receive email from WAN using their fancy mobile phones. However, they are not keen on now introducing secure passwords office wide so I was looking around for other possibilities before informing them that there was really no choice if they wanted to enable SMTP auth and open firewall for pop/imap (due to risk of dictionary hack).
oh, and yes, it's pop/imap too
(I have not looked at how these phones work exactly with pop/imap so not sure yet which protocol is preferred).
The VPN is using the OSX Server and does get used for email from home computer. Actually, I must check to see if the phone thingy can do VPN...
Appreciate any thoughts. I actually would like to tell them to introduce secure passwords throughout but just wanted to ensure I wasn't giving them wrong info on possible alternatives.
-david

Smtp auth access problems

All, I've got everything working and authenticating properly (i.e. pop/imap/http) except smtp auth.
I keep getting the following error after a valid transaction:
220 hoth -- Server ESMTP (iPlanet Messaging Server 5.2 (built Feb 21 2002)).
EHLO xxx.xxx.xxx.
250-hoth.
250-8BITMIME.
250-PIPELINING.
250-DSN.
250-XDFLG.
250-ENHANCEDSTATUSCODES.
250-EXPN.
250-HELP.
250-SAML.
250-SEND.
250-SOML.
250-TURN.
250-XADR.
250-XSTA.
250-XCIR.
250-XGEN.
250-XLOOP 18C258074D1B9D38536174313EC7E040.
250-AUTH LOGIN PLAIN.
250-AUTH=LOGIN.
250-ETRN.
250-RELAY.
250 SIZE 0.
AUTH PLAIN AG1tY211cnIAZnIwZ2wzZ3M=.
535 5.7.8 Authorization failure (Not authorized to login as specified user)..
Does anyone have any idea why or where authorization is set on a per user basis, or is there maybe a config key to allow all users from a specific domain?
Thanks in advance for your help.
--Mike

You never told us how you get it to work.
I am having the same authentication problem and am pulling my hair out. Could you explain how you figured it out?
Thanks

SpamAssassin vs. SMTP-AUTH...thoughts?

Well, sorry to keep rapid-firing the questions here lately, but I've got another item to discuss.
Recently, I had SpamAssassin 3.3.0 +on my own server+ tagging my outgoing messages as "SPAMMY", due to the fact that I was sending from my girlfriend's house, which is on a Comcast IP that is in a PBL. I've configured Server Admin to allow traffic from that IP address, because using zen.spamhaus.org, it would normally refuse the connection. But even though I SMTP-AUTH and all that, SpamAssassin still gives me 3+ points for being in a PBL, which puts me into "SPAMMY" territory.
So, that begs the question: is there a way to prevent this? I tried implementing the solution detailed at the end of this thread:
https://www.virtualmin.com/node/8868
...but it only gets me that header on incoming messages, NOT outgoing. Furthermore, it "feels" like a pretty rough hack, and I'm wondering if there isn't a better way, so...
A more general question: Do you want amavis & SA running on outgoing messages that are being sent via an authenticated user? What's the conventional wisdom here?
Thx for your thoughts,
FT

pterobyte wrote:
This will make sure that authenticated users of yours bypass the content filter, while everybody else still gets scanned. Of course you will need to (and should) point your mail clients to port 587 for sending and must authenticate.
Hey Alex--
Thanks as usual for just the info I need! One thing I notice here, tho: sending from one of the 2 domains I'm hosting (one is a "proper" domain, one is DynDNS)-- the DynDNS one-- does not bypass the filter, while using mydomain.net does. Here's what the log shows:
DynDNS entry
Mar 17 01:58:59 myserver postfix/smtpd[59633]: 4797817968D: client=unknown{192.168.0.140}, sasl_method=PLAIN, sasl_username=fredo
Mar 17 01:58:59 myserver postfix/cleanup[59644]: 4797817968D: message-id=<[email protected]>
Mar 17 01:58:59 myserver postfix/qmgr[59576]: 4797817968D: from=<[email protected]>, size=605, nrcpt=1 (queue active)
Mar 17 01:58:59 myserver amavis[56541]: (56541-10) loaded policy bank "MYNETS"
...and from there starts to process w/ Amavis/SA.
"Proper" domain
Mar 17 02:00:50 myserver postfix/smtpd[59663]: 19EAA1796A8: client=unknown{192.168.0.140}, sasl_method=PLAIN, sasl_username=fred
Mar 17 02:00:50 myserver postfix/cleanup[59668]: 19EAA1796A8: message-id=<[email protected]>
Mar 17 02:00:50 myserver postfix/qmgr[59576]: 19EAA1796A8: from=<[email protected]>, size=584, nrcpt=1 (queue active)
Mar 17 02:00:50 myserver postfix/smtp[59669]: 19EAA1796A8: to=<[email protected]>, relay=xxx.xxx.xxx.xxx{xxx.xxx.xxx.xxx}:25, delay=0.37, delays=0.05/0.04/0.1/0.18, dsn=2.0.0, status=sent (250 2.0.0 o2H70npH1451216 Message accepted for delivery)
...and all goes according to plan, skipping the Amavis/SA processing.
Could this be due to settings w/in Postfix or Amavis specifying what "my domain" is? Or is it related to user authentication due to having more than one domain?
Also, if I have configured port 2525 for sending (to get around port 25 blocking), can I include it in this filtering omission? I have the following lines in master.cf:
smtp inet n - n - - smtpd
2525 inet n - n - - smtpd
submission inet n - n - - smtpd
-o content_filter=
-o smtpdrecipient_restrictions=permit_saslauthenticated,reject
Thanks!
Fred

AuthenticationFailedException when using JNDI and JavaMail with SMTP auth

Hi all - I've been banging my head on this one for awhile now - hopefully someone else has done this.
We are working in a servlet container (tomcat), and need obtain a mail session from JNDI. We do this as follows:
               Context initCtx = new InitialContext();
               Context envCtx = (Context) initCtx.lookup("java:comp/env");
               Session mailSession=(Session) envCtx.lookup("mailSession/trumpetinc");so far so good. The jndi entry for the mail session is configured in server.xml as follows:
          <Resource name="mailSession/trumpetinc" scope="Shareable" type="javax.mail.Session"/>
          <ResourceParams name="mailSession/trumpetinc">
            <parameter>
              <name>mail.smtp.host</name>
              <value>mail.server.com</value>
            </parameter>
            <parameter>
              <name>mail.smtp.password</name>
              <value>ABCDEFG</value>
            </parameter>
            <parameter>
              <name>mail.smtp.user</name>
              <value>trumpet_kevin</value>
            </parameter>
         <parameter>
           <name>mail.smtp.auth</name>
           <value>true</value>
         </parameter>
          </ResourceParams>With the above, whenever we hit Transport.send(msg), we got an AuthenticationFailedException thrown. I have run into this before with SMTP authentication, so I decided to try using the transport.sendMessage() method instead.
So, I get the transport:
Transport trans = mailSession.getTransport("smtp");
trans.connect();Then I send my message using:
msg.saveChanges();
trans.sendMessage(msg, msg.getAllRecipients());and finally, I close the transport:
trans.close();Unfortunately, I'm still getting the exception. Is it possible that my connect() method is not picking up the JNDI properties set in the server.xml file (this seems likely)? If so, what's the best way for me to get those properties so I can set them explicitly in the connect() method?
Thanks in advance,
- Kevin

Hi,
I have faced the same problem and after some googling and trying I have discovered what causes the AuthenticationFailedException exception. I just wanted to share the knowedge maybe it will be helpfull to others.
Here it is what the API says:
To use SMTP authentication you'll need to set the mail.smtp.auth property (see below) and provide the SMTP Transport with a username and password when connecting to the SMTP server. You can do this using one of the following approaches:
1.Provide an Authenticator object when creating your mail Session and provide the username and password information during the Authenticator callback.
Note that the mail.smtp.user property can be set to provide a default username for the callback, but the password will still need to be supplied explicitly.
This approach allows you to use the static Transport send method to send messages.
2.Call the Transport connect method explicitly with username and password arguments.
This approach requires you to explicitly manage a Transport object and use the Transport sendMessage method to send the message. The transport.java demo program demonstrates how to manage a Transport object. The following is roughly equivalent to the static Transport send method, but supplies the needed username and password:
Using the Transport.connect makes the JNDI not very helpfull for configuration.
It seems that using just the mail.smtp.user and mail.smtp.pass is not sufficient for the authentication.
so, the solution is :
just place these to lines in the JNDI configuration:
          username="test"
          password="test1"
so it should looks as follows:
          <Resource name="mail/Session" auth="Container"
          type="javax.mail.Session"
          username="test"
          password="test1"
          mail.transport.protocol="smtp"
          mail.smtp.auth="true"
          mail.smtp.host="localhost"
          mail.smtp.port="25"
          mail.smtp.user="test"
          mail.smtp.password="test1"
/>
where test and test1 are the user's credentials
Regards,
Kiril
Message was edited by:
Kireto
Message was edited by:
Kireto

SMTP-auth via mailx results in service unavailable

Why do my attempts to use mailx with Gandi SMTP fail with 'Service unavailable'?
I have the following ~/.mailrc file which is recognised by mailx:
set smtp=smtps://mail.gandi.net:465
set smtp-auth=login
set smtp-auth-user=harry@XXXXXXX
set smtp-auth-password=XXXXXXX
set from=harry@XXXXXXX
set ssl-verify=ignore
set nss-config-dir=/Users/neville/Thunderbird
The result is below.
From MAILER-DAEMON Thu Dec 20 15:41:47 2012
Return-Path: <>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: by G4-N-2.local (Postfix)
          id D4E2DA382D6; Thu, 20 Dec 2012 15:41:47 +0000 (GMT)
Date: Thu, 20 Dec 2012 15:41:47 +0000 (GMT)
From: [email protected] (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: [email protected]
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
          boundary="78E73A382D4.1356018107/G4-N-2.local"
Message-Id: <[email protected]>
This is a MIME-encapsulated message.
--78E73A382D4.1356018107/G4-N-2.local
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host G4-N-2.local.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
                   The mail system
<neville@XXXXXXX>: host spool.mail.gandi.net[217.70.184.6] said: 554 5.7.1
    Service unavailable; Client host [XXXXXXX] blocked using
    pbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=XXXXXXX (in
    reply to RCPT TO command)
--78E73A382D4.1356018107/G4-N-2.local
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; G4-N-2.local
X-Postfix-Queue-ID: 78E73A382D4
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Thu, 20 Dec 2012 15:41:47 +0000 (GMT)
Final-Recipient: rfc822; neville@XXXXXXX
Action: failed
Status: 5.7.1
Remote-MTA: dns; spool.mail.gandi.net
Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host
    [XXXXXXX] blocked using pbl.spamhaus.org;
    http://www.spamhaus.org/query/bl?ip=XXXXXXX
--78E73A382D4.1356018107/G4-N-2.local
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: by G4-N-2.local (Postfix, from userid 501)
          id 78E73A382D4; Thu, 20 Dec 2012 15:41:47 +0000 (GMT)
To: neville@XXXXXXX
Subject: test
Message-Id: <[email protected]>
Date: Thu, 20 Dec 2012 15:41:47 +0000 (GMT)
From: [email protected] (Neville Hillyer)
test email
--78E73A382D4.1356018107/G4-N-2.local--

http://www.spamhaus.org says:
Mail servers only run spam filters such as Spamhaus PBL on port 25, so if you find you are being blocked by the PBL when you try to send mail to your mail server that means you are not communicating with the mail server on the 'authenticated' port 587 but you're still on port 25. This means your 'SMTP Authentication' is not working correctly.
http://wiki.gandi.net/en/mail/standard-settings#smtp-account says:
SMTP Account
Name server : mail.gandi.net
Port : 25, 465 (with SSL) or 587 (try one or the other)
TLS or SSL: yes
SMTP Authentication : yes, using the same settings as for the POP / IMAP account
I was trying to use the same settings I have used for several years with Thunderbird and Apple Mail, ie SSL on port 465.
Is there something wrong with my settings which could be preventing mailx from using port 465?
A few debug tips would be appreciated.
Your link causes me to ask: Does the mailx on Leopard support SMTP directly?

How to add X-authenticated header with SMTP-auth

I have smtp-auth working here. I also have normal mail header to see what ip the message is coming from. But I'd like to add X-authenticated to signature the mail is authenticated by end user.
Can I do that? What parameter i can use for message filter?
Many thanks.
Chris

Currently you can't ; however, you should open a case with IronPort and request that feature - the more that request the feature the better the chance for it to get implemented. My company has already requested this feature. We asked for a variable and a condition that we could use in filters.

Smtp auth - relay

Similar Messages

Maybe you are looking for