SMTP Authentication??

[R1200GS]

Hi Guys!

Still testing ...

The issue at hand is allowing a POP user to relay. The requirement is to allow a Scalix user on the net to POP and send to whomever (SMTP_AUTH).

There's nothing clear in the docs.

I'm just not getting it...

Thoughts??

Thanks!

[ScalixSupport]

Can you detail what you have done so far ?

For most of the modern MIME-aware clients, they provide an option to specify that the server requires authentication before submission. Which client are you using ?

Cheers

Dave

[R1200GS]

Thx Dave!

Outlook 2000/2003 in Internet mode. The client is normally cofigured ("My server requires...").

The issue is that while the client appears to be authenticated (both for POP and SMTP) an NDR is returned "No transport provider" and SMTPD returns "Rejected relay attempt from..."

The only way I've been able to get around this is by adding the ISP's domain name RELAY accept, in smtpd.cfg leading me to believe that smtp auth is not really working properly and this is not an accepted configuration as anyone sending within that ISP's domain can relay.

Local delivery works!

Additionally, I've entered AUTH_SUCCESS ACCEPT ALL as well as various other "event-action-pattern" entries in smtpd.cfg without success.

Turning loggin up on smtpd doen't really give any hint to the issue only a succesful relay or not.

Sendmail can't be the issue because we're never really getting to sendmail at this point correct?

Thanks again!

[ScalixSupport]

For SMTP Relay logging, enable the option DEBUG_LOG=TRUE to /var/opt/scalix/sys/smtpd.cfg and restart the relay.

This creates a file in /var/opt/scalix/tmp/ called smtpd.log. This will log the entire SMTP conversation as it happens.

Looking at your previous comment, is this what you have done already ?

Cheers

Dave

[R1200GS]

Opps! No I didn't and now have...

[root@ms3 tmp]# tail smtpd.log
Cli 16900/1 rcvd: 'MAIL FROM: <first.last@lab.com>'
Cli 16900/1 sent : 250 <first.last@lab.com>... Sender ok

Cli 16900/1 rcvd: 'RCPT TO: <first.last@gmail.com>'
Rejected relay attempt from <first.last@lab.com> at 24.123.XXX.XXX to first.last@gmail.com
Cli 16900/1 sent : 550 Denied due to spam list

Cli 16900/1 rcvd: 'QUIT'
Cli 16900/1 sent : 221 ms3.mylab.net closing connection

I should know how to fix this Dave and I know this isn't that hard! It's a right out of the box installation also.

I'm trying to allow an authenticated POP user to send to a local Scalix user and to any other internet user (via relay) with minimal configuration.

Thanks Dave!

[ScalixSupport]

Can you post a little more of the SMTP conversation ? From what you've posted so far, I can't see that the client is attempting authentication at all.

Cheers

Dave

[R1200GS]

Hi Dave!

What I posted is the entire conversation in the logfile...

This shouldn't be this hard and feel I've beaten this to the point of likely self-induced confusion.

In doing a simple, manual smtp conversation from a client;

telnet lab.com 25
Client --- HELO lab.com
Server --- 250 ms3.lab.com Hello blah, blah blah [xx.xx.xx.xx], pleased to meet you
Client --- MAIL FROM: scalix.user@lab.com
Server -- 250 scalix.user@lab.com... sender ok
Client --- RCPT TO: internet.user@gmail.com
Server --- 550 Denied due to spam list

The smtp.log retruns nearly the exact same conversation.

Is the sender ok? I don't believe so as somewhere in this comveration username and password (hashed) must be passed. I don't the recall where in the conversation this is passed.

I'm completely lost!

[ScalixSupport]

You are correct that this shouldn't be this hard but if that is the complete conversation then the client is definitely *not* authenticating so I would check the account settings in Outlook.

Can you post the RELAY Accept lines from your smtpd.cfg ? You may be able to force the SMTP relay to accept any user from the lab.com domain BUT I would not advise this.

Cheers

Dave

[R1200GS]

Can you post the RELAY Accept lines from your smtpd.cfg ? You may be able to force the SMTP relay to accept any user from the lab.com domain BUT I would not advise this.

That is the only way I've gotten this to work (in testing) and agreed.

Outlook is correct and as (assumed) proof, the client is able to send to a Scalix user (local) but not to a non-local internet address. That complete conversation (smtp.log) is clearly successful.

Here is this servers smtpd.cfg

RELAY accept 127.0.0.1
RELAY accept 192.168.12.0
RELAY accept .lab.com
AUTH_SUCCESS Header ms3.lab.com
AUTH_SUCCESS Accept ALL
DEBUG_LOG=TRUE

I have no idea how tro troubleshoot this further...

Thank you!

[R1200GS]

Any other thoughts???

[florian]

The main point here is that if no authentication appears in the logfile, Outlook obviously does not even try to authenticate.

It is not the SMTP relay that asks Outlook to AUTH, OL must do it on it's own; I have seen some broken stuff with Outlook Express, but I thought Outlook would be allright.

Be careful - do not check the mark asking for "secure password authentication" or similar, this might not work - use the most simple kind of SMTP authentication at first.

Which version of OL are you using?

Thx,,
F.

[R1200GS]

Which version of OL are you using?

OL 2000 and untested on any other client type!

Brilliant! I didn't think to attempt to send using an incorrect password for SMTP authentication.

Using the incorrect password resulted in the same response! Hmmmm...

Still troubleshooting and if you have any suggestions please feel free to do so!

Thx

[florianvk]

As said, I have seen the same odd behaviour using OL Express; I would suggest that you try to verify it works with a well-implemented POP/IMAP client such as Mulberry or Mozilla Thunderbird.

If you can't get it to work, you'll need to contact Microsoft Support. Good Luck.

Is there any particular reason why you are not using Outlook in MAPI mode?

Cheers,
Florian.

[R1200GS]

Thunderbird doesn't work either with the same errors at Outlook...

I see no authentication dialog at all!

Is there any particular reason why you are not using Outlook in MAPI mode?

I have been and have fully tested and documented those functions (which works quite well). I am now moving into fully testing low-end functionality and am now at an impass. While the "mapi" functionality works, the POP/IMAP components aren't going as smoothly!

What am I missing here???

Thanks!

[BigBirdy]

I as trying to locate in this thread, exactly where/how to setup SMTP authentication in Scalix. Is this done in the SAC interface or one of the command lines tools? I want to ensure that all internal users sending mail through Scalix SMTP, first authenticate.