Smtp authentication issue
Hi all :
Anyboday can tell me how i can verify the smtp authentication feature?
I cannot use ironport send email after set up this feature .
I have set up and the step as below:
First I create the LDAP Profile that include the SMTP Authentication Query ,i test query it work fine and i use the LDAP Bind.
Second , I create the smtp auth profile and selected the smtp auth profile at the listener .
finally , i selected the smtp authentication preferred at the default mail flow policy parameters .
Please tell me if i missed some step and how i can verify this feature.
thx thx thx :wink:
Thu Dec 25 13:09:00 2008 Info: ICID 184830 REJECT SG BLACKLIST match sbrs[-10.0:
-3.0] SBRS -4.0
I think the problem is that the IP address you're coming from (i.e. *.
.broadband.ctm.net) has a low SBRS score and you're getting stopped by the HAT Overview/Blacklist sendergroup first, before you're allowed to transmit your username/password.
Therefore, I don't think the problem is with the smtp auth at this point. It's the low SBRS score.
Try this.
Create a custom/new sender group just for your ISP and put it at the top of your HAT Overview (or at least above the Blacklist).
1. Create a new sendergroup called "Accept-Broadband". Set the connection behavior to be "Accept"
2. Make sure the order is at the top.
3. For the senders, add ".broadband.ctm.net" to the list of connecting host.
4. This way, you can make sure your connections don't get stopped by the Blacklist.
Then, try the smtp auth again. Try and get that to work first.
We'll discuss the low SBRS score issue later once the smtp auth is working.
And by the way, there's nothing wrong with you, it's just broadband.ctm.net has a low sbrs score. It's like the passenger in the taxi is okay, but the taxi driver is bad.
Similar Messages
-
Exchange 2013 Relay issue (SMTP Authenticated)
Hi,
I installed Exch 2013 and is working great - both incoming mail and outgoing mail work fine in OWA and outlook.
Problem we are having is SMTP authenticated relay. We install application on all client computers which sends emails externally/internally.
Though we had authenticated in application, we are not able to send emails externally. Internally it works fine from application.
Our backup software stopped sending notifications on failures. Literally we are logging into each and every server and making sure backups are successful.
We never had a problem with Exchange 2010
I don't want to create relay and allow my whole ipaddress range (I think that's stupid)
Can anyone please help?Hi,
You could create a Receive connector on the 2013 Mailbox server, and then configure the Receive connector with the following properties:
Create/configure a service account for the applications/copier to use.
Create a new Receive connector with the Usage value 'Custom', and don't assign any permission groups to the connector.
Specify the IP address(es) of the application servers/copiers as the only remote IP addresses that are allowed to use this Receive connector.
Use the Add-AdPermission cmdlet to add the ms-Exch-SMTP-Submit permission to the Receive connector for the service account.
The combination of restricting the IP addresses that the Receive connector listens to, and restricting permissions on the connector so that only the service account can send messages should do the trick.
For more information, see these topics:
Add-ADPermission
Receive Connectors
Receive Connector Permissions
Link
Deepak Kotian.
MCP, MCTS, MCITP Server / Exchange 2010 Ent. Administrator
Disclaimer:
Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!
All the opinions expressed here is mine. This posting is provided "AS IS" with no
warranties or guarantees and confers no rights. -
I've read a number of posts on this topic but still need some clarification.
Please forgive my lengthy explanation as I'd like to lay out the scenario properly - my questions are at the bottom of this post.
My current setup is Groupwise 7.0.3 with a GWAVA5 appliance as the front end.
All mail should go through GWAVA both inbound and outbound.
We have an MX record that points to our GWAVA5 appliance
We also have smtp pointing to our GWIA server for imap/pop connections by our mobile users, with authentication required.
I was advised by one of our users that he received mail containing an attachment "message.zip" which contained "message.htm" disguising an ".exe"
containing a virus.
The header showed the following, with the actual domain name changed by me for security reasons.
The IP of the sender is intact.
Return-path: <>
Received: from "ourdomain.com" ([115.248.180.37])
by "our_smtp_server.com" with ESMTP; Sat, 07 Apr 2012 07:07:41 -0400
From: "Automatic Email Delivery Software" <[email protected]>
To: [email protected]
Subject: Delivery failed
Date: Sat, 7 Apr 2012 16:35:33 +0530
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0012_955492E2.6AD1CC6D"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
This is a multi-part message in MIME format.
------=_NextPart_000_0012_955492E2.6AD1CC6D
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
The following is the entry from the GWIA log on the date in question:
07:07:40 359 DMN: MSG 462912 Accepted connection: [115.248.180.37] ()
07:07:41 359 DMN: MSG 462912 Receiving file: NCGWIA/DATA:\NCGWIA\WPGATE\GWIA\receive\db7ef7f4.224
07:07:43 359 DMN: MSG 462912 SMTP session ended: [115.248.180.37] ()
Questions:
It appears that the sender attached to our GWIA and sent the message from there.
The "mailer-daemon" indicates it was disguised to look like a system-generated bounce message.
What in my configuration would allow this?
Within the properties of my GWIA, I do not have "reject mail if sender's identity cannot be verified".
I've read the admin guides on this feature and it seems to point to PTR records checks.
Would that prevent this incident?
We have a number of internal servers that do send mail, through our GWIA, and I have relay exceptions for those (otherwise relay is not allowed)
If I set the "reject mail......" how will that affect those internal servers - will they need an actual account to authenticate with.
Hope I've explained it clearly
Thanks in advance
VinceThanks Uwe, but the sending machine is actually located "out there somewhere" [115.248.180.37] not on our network, so can't be checked.
As you stated, I'm sure this isn't a relaying issue as we have relay disallowed, with exceptions.
I suspect the mail went through because the sender used "[email protected]"
Vince
Originally Posted by buckesfeld
Vince,
find the machine with the sending IP address and check the machine.
To prevent such issues, you could modify the access control of the GWIA and allow SMTP only for those machines/users who need it.
Relaying doesn't come into play here, since the sender addresses an internal recipient, so no SMTP authentication needed.
Uwe
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so. -
SMTP authentication in OCSR2 9.0.4.1
I am setting the smtp authentication in OCSR2 to true, after that, when ever I sent mail thru the server, it need the smtp authentication. I thought I had been successfully configure the server. But later on, when I trying to send mail to the user in the OCSr2 server(from hotmail mail), the mail was reject due to the error"authentication failed".
It seem that the authentication setting not only affect the mail relaying but also incoming mail connection. Is this true??I searched some more on the Forum and eventually found a whitepaper on PJC's in Forms 6i. That gave me the tip not to implement the IView interface, but just extend the VBean class.
That's what I just tried and no more classCastException. That seems to fix my issue. No to develop the bean itself... -
I try to send mail with a Javamail client code (you can see the code below), it works fine if the mail server doesn't require SMTP authentication to be relay, but SendFailedException occurs if the mail server security setting is set to SMTP requires authentication (same settings as POP usr/pwd) on the mail server.
I believe it is an issue of SMTP authentication.
How do I code for SMTP authentication with Java Mail API?
Thanks!
Can Odabasioglu
Source Code:
import java.util.Properties;
import javax.mail.*;
import javax.mail.internet.*;
import java.io.UnsupportedEncodingException;
public class MailExample {
public static void main (String args[]) {
String host = "odabasioglu.net";
String from = "[email protected]";
String to = "[email protected]";
try {
Properties props = System.getProperties();
Authenticator auth = new POPAuth ();
props.put("mail.smtp.host", host);
Session session = Session.getInstance(props, auth);
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress(from,"FromName"));
message.addRecipient(Message.RecipientType.TO,new InternetAddress(to,"ToName"));
message.setSubject("Test Subject");
message.setText("Can Odabasioglu");
Transport.send(message);
catch (MessagingException e) {e.toString();}
catch (UnsupportedEncodingException e) {e.toString();}
static class POPAuth extends Authenticator {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("UserName", "Password");
}“Cannot send message using the server
Mail.ISP.net:[email protected]”
…And provides the “Send message using:” pulldown to
select one of two accounts (one is followed by
“:[email protected]”, the other is not). Both are the
same options the other two machines have, but neither
option works on this machine.
This is one of those error messages that they send application programmers to school for so that they can include error messages that don't tell you what the problem is.
After much trial and error, I discovered that this message is returned if there is an error in the recipient's email address. Perhaps, if it was stored in the address book, it became corrupt. I've found that manually typing in the address (without automatically finishing it from cache) usually fixes the problem. I just spoke to a customer this morning with the same error message, and entering the recipient's email address manually corrected the problem. -
NAC Guest Server SMTP Authentication
Does anyone know if you are able to set your SMTP server in the NAC Guest Server to do SMTP Authentication? Our old Exchange server just let us specify the SMTP server and send the guest accounts their Username and Password to their outside accounts. Our new Exchange server requires SMTP authentication, but we do not see the option available in the NAC Guest Server interface. We are running NAC Guest Server 1.1.3. Any ideas would be appreciated. Thanks!
I have Cisco NAC Guester server 2.0.2 and have sort of similar issues.
I configured the Base DN to the OU of the sponsor groups in AD and then map that particular group in roles. Users from that group can log on fine and create guest accounts.
The problem is, it seems that other users from that OU seems to be able to log on as sponsors too. How do I restrcit this to just that sponsore group? I tried changing the Base DN to the OU of the sponsore group then enter CN=sponsorgroup to narrow it to just that group but still other users can log in as sponsors. -
SMTP authentication description
Hi everyone :
I don't know what is Ironport SMTP authentication feature after reading the Adv-UserGuide.
Is it the smtp authentication use to authen the user connect to email server and How it work between email server and client if it is , As we know Ironport is email gateway , How Ironport can control the user connect to email server ?
Is it only work for Outgoing email authentication ?
thx thx !I would say that SMTP Authentication is most commonly used for a segment of your end users that are traveling on business or work outside of the internal company network and can't be connected directly to the company mailserver to send out their outgoing mail.
Since a user outside the network may not be able to directly connect to the corporate mailserver, what mail administrators try to set up is the IronPort appliance to do smtp authentication against an Active Directory server for example and then if the sender authenticates, they'll be able to relay using the IronPort appliance.
If you run into any problems or questions, feel free to post the issue here and we'll try to iron it out. -
Hi, i want to ask the function of smtp authentication in ironport. Is it used to authenticate with the exchange server or per client using LDAP? When i configure the smtp authentication, is it used for incoming or outgoing connection ? Thanks.
Regards
Alkuin MelvinDear Alkuin,
For SMTP authentication configuration, you can configure SMTP auth profile under 'Network'-'SMTP Authentication' (LDAP, forward and outgoing).
In my opinion, you can choose to enable SMTP AUTH in mail flow polic(ies) of existing listener (port 25) and/or a new listener using another port (say port 8025). The reason to use 'port number other than port 25' is that some residential ISP or hotel internet connection will block outgoing port 25 connection (due to antispam reason - blocking botnet/malware infected hosts to send spams and ISP IP address gets blacklisted).
For existing listener, you can configure SMTP AUTH "Preferred" setting in default mail flow policy, and then users can authenticate and then relay emails through IronPort from public IP address (configure email client's outgoing SMTP gateway with IronPort public IP address and port 25). One point to note is that if the user is sending from a poor reputation IP, their SMTP connection may be blocked or throttled.
For listener using port number other than 25 (e.g. 8025) , you can configure to have just one sender group with default mail flow policy configured with SMTP AUTH "Required". The email client needs to configure with outgoing SMTP gateway with IronPort listener's public IP address and specific port number (say port 8025). In this way, only authenticated user can relay emails through this listener and they can avoid port 25 blocking issue or sending host's reputation issue as mentioned above.
Cheers,
Tommy -
CFMAIL SMTP authentication with CF5
I need to use CFMAIL to send email notifications via an
exchange server. The issue: the server is running CF 5 and the
exchange server requires SMTP authentication. As you may all know,
there's no way to pass a username and password in CF5.
So my question is, is there a module available for CF5 that
will achieve similar results.
Sadly I can't upgrade to CF MX 6, 7 or 8.It's been quite a while since I worked with CF 5, but you can
try setting up the mail server address like this:
username:[email protected]
On a side note, is there any reason why you (or the client)
are not considering an upgrade? I mean, I think HTTP 1.1 was still
the standard when 5 was released - it's about 40 "
technology years" old now. *just wondering* -
Please turn on SMTP Authentication in your mail client in ecxhange
Hi guys i am getting the following in Undeliverable mail.
Delivery has failed to these recipients or groups:
[email protected] ([email protected]) A problem occurred during the delivery of this message to this e-mail address. Try sending this message
again. If the problem continues, please contact your helpdesk.
The following organization rejected your message: cms.cms-ss.net.
Diagnostic information for administrators:
Generating server: cmssrv.cms.local
[email protected] cms.cms-ss.net #550-Please turn on SMTP Authentication in your mail client. 550-213-180-200.netrunf.cytanet.com.cy (cmssrv.cms.local) 550-[213.149.180.200]:14544
is not permitted to relay through this server 550 without authentication. ##
Original message headers:
Received: from cmssrv.cms.local ([fe80::4441:f16c:7e2:3085]) by
cmssrv.cms.local ([fe80::4441:f16c:7e2:3085%17]) with mapi; Wed, 16 Jul 2014
10:51:16 +0300
From: Stavros Mavrommatis <[email protected]>
To: "[email protected]" <[email protected]>
Subject: stav1
Thread-Topic: stav1
Thread-Index: Ac+gyqeEulARc2WGQ+SGhAfPAfQIXg==
Disposition-Notification-To: Stavros Mavrommatis
<[email protected]>
Date: Wed, 16 Jul 2014 07:50:50 +0000
Message-ID: <[email protected]>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative;
boundary="_000_5CB2426E90E0264D95475ACA2688E10E34FF4880cmssrvcmslocal_"
MIME-Version: 1.0
This started after windows updates. When i tried to send an email thought an account that is connected to exchange i get this email. if i retry to send the same email, the second time it goes normally. This is happening on all emails that are connected to
the exchange. I tried to send emails though pop3 and they are going normally.
PS: Exchange 2010 with windows server 2008 r2Hi,
Does this issue only occur on the [email protected] account? How about other Gmail account?
According to the error message, it seems that, it need to turn on SMTP Authentication in your mail client.
Find a similar thread for your reference:
Mail rejected because of 550 enable authentication error
http://social.technet.microsoft.com/forums/exchange/en-US/932093f9-cca5-40a5-a659-5d69c8d23c33/mail-rejected-because-of-550-enable-authentication-error
Thanks
Mavis
Mavis Huang
TechNet Community Support -
C.U.E SMTP Authentication UC500
I can authenticate to our Exchange (2010) server outside of CUE but from the GUI when I set up and test SMTP authentication I keep getting the error message unable to connect - connection had worked previously as networked - any ideas what the might be the issue?
Hello I have just upgraded to the same CUE version on the UC540.
I have the same issue, the SMTP notification worked for years before my upgrade.
Now smtp notification does not work.
what was the fix please? -
Setting SMTP in Nokia E7 - SMTP Authentication Fai...
Hi,
Need your help. I just setting up my office's email (IMAP) in my Nokia E7. But now I've got some issues. Incoming email works fine, and I also can send email to my own domain. But I cannot send to other domain e.g. yahoo, gmail... When I check my outgoing mail server, SMTP failed to connect. I used the same setting in my Ms Outlook, and its work fine and I can send to other domain. I also trying using the mobiledocuments but also failed at SMTP authentication (cannot connect to the server). Try to check with my BB, but its work fine. Is there any setting that I need to do for Nokia?Have you read this?
/t5/Eseries-and-Communicators/S60-S-3-authenticated-smtp-server-problems-Unable-to-send/m-p/954621#M...
Since 1610 -
Hi there.
Currently moving from a FreeBSD server using sendmail to SL 10.6 server.
I'm having difficulty figuring out on how to do it from the Server Admin interface.
What I would like to achieve is:
*People on local network (e.g. from 192.168.0.0/24) can send email without authentication (so mail server act has an open relay for local machines).
*When using a non encrypted connection , only accept the CRAM-MD5 and Kerberos authentication method
*When using encrypted connection (via TLS or SSL), accept LOGIN, PLAIN, Kerberos and CRAM-MD5.
Is there a GUI to configure this, or do I have to manually edit configuration files?
I'm expecting a very curious behaviour, if I configure mail to accept a given security/authentication mode, if I unselect it, then click save. When I check any options again then save, 2-3s later, the option unchecks itself automatically... Very weird.
Any help greatly appreciated.
Jean-Yvesin particular squirrel mail refuses to send email once I set SSL to "require".
Correct. Squirrelmail is typically on the same box as the mail server and uses the localhost address (127.0.0.1). No authentication required. You need to set SSL to "Use" not "require" (no SMTP from unknown Internet hosts will use SSL anyway, so it cannot be "require")
There are plenty of dumb clients that do not support smtp via authentication.
Outside of squirelmail, virtually all modern e-mail clients do support smtp authentication. Some might not support SSL, or SSL with self-signed keys. But they should all should support basic SMTP auth.
Too late for 192.168.x, been using it for over 10 years and there are easy way to get
around the VPN issue, I just allocate an IP in 192.168.100.x and route that subnet.
I thought I was cool by using 172.22.1.0 /24 at home... until my employer started using 172.22.0.0 /16 and shipped a policy forcing all the /16 traffic to use the tunnel. Whenever the VPN was up I could no longer print at home. I ended up using another otherwise unused class A network (yes there are a few left). It will work fine, until you need other local resources when the tunnel is up and there is an address conflict. -
I recently began the process of upgrading my dedicated hosting environment. In the process my MTA was updated to qmail from sendmail.
Using both Mail and Entourage I am getting a SMTP authentication error. Error: -17897 that states authentication failed because my email client doesn't support any of the available authentication methods.
Oddly though, if I exit the mail program and then re-launch it after several minutes, the mail will go through. (it takes more finessing attempts) at times)
Anyone have any ideas?no email account was setup on the phone unless it was issued by your company.
gmail is required but no server address ports to enter.
my gmail account was setup before i took delivery of the phone but could have been done when phone was activated.
i added cox pop3 email and had to manually enter both pop3 and smtp servers with both boxes checked on both servers.
i doubt if it's a verizon issue. -
I have a very small Mac OS X server, with about 20 users. I recently had to move the server offsite. The server is up and running just fine, but I am unable to sent mail using simple smtp authentication. I currently have both Login and Clear selected, and using the Apple Mail client (or any other so far) I am unable to send e-mail from the COX @ HOME network.
Is this something COX is blocking?
Here is my postconf -n output. This must be a common problem. I can't figure out what I am doing wrong. It seems so simple.
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 0
mydestination = $myhostname,localhost.$mydomain,wilmashouse.com,castlewoodholdings.com,jumico.c om,mail.jumico.com
mydomain = jumico.com
mydomain_fallback = localhost
myhostname = mail.jumico.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
proxy_interfaces = 64.58.179.233
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permit_mynetworks rejectrblclient sbl-xbl.spamhaus.org rejectrblclient bl.spamcop.net permit
smtpdpw_server_securityoptions = login,plain
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_keyfile =
smtpduse_pwserver = yes
unknownlocal_recipient_rejectcode = 550
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
Any help would be appreciated.
Thanks
MikeOn your server, modify /etc/postfix/master.cf
Uncomment this single line:
#submission inet n - n - - smtpd
Save, then issue:
sudo postfix reload
From home, switch your mail client to use port 587 for SMTP.
This will work through COX.
You mention that others must want to send mail using their corp server, this is the solutions most companies use. Just open alternate ports.
Jeff
Maybe you are looking for
-
crash information is identical for every single page that it crashed on: Problem signature: Problem Event Name: APPCRASH Application Name: firefox.exe Application Version: 2.0.0.4094 Application Timestamp: 4d8374f3 Fault Module Name: ntdll.dll Fault
-
Hello! I'm very new to Adobe Forms in SAP. We are considering provide this kind of forms in SAP EP 7.0. The scenario is: 1. EP will provide a forms menu where final users will be able to create, edit and preview forms depending on its permissions. 2.
-
How to run two DAQmx Read (Counter in + Digital in) simultaneously?
Hello to all, i have following issue: I want to acquire a digital (UART like) bus signal. For this purpose i use a DAQmx Card (PXI 6070e). I need precise time information about time lenght of 0 and 1, so i use a counter. The counter is adjust to CI S
-
Can't recieve photos or contacts from a lg lotus or a samsung blade.
I can "pair" my curve to both the lotus and the blade. The lotus and the blade list the curve as a "trusted" device. and vice versa with the curve. When I try to send a photo from the lotus I have the curve's media set to recieve bluetooth and th
-
Hello all I was interested in doing the BI academy from India, but since the last year and a-half there are no academies planned for BI or BW. The siemens calender in India has got no mention of such a course , also for 2008. Neither does Genovate ha