We deployed Scalix a few months ago, and so far everything has been working like a charm. Recently, we had a company meeting where several off-site folks came to participate. Being "typical users," it seems that they have been suffering in silence for quite some time.
For some reason, when remote users send e-mail using Thunderbird (as the entire company does), the connections seem to time out and then they have to re-send the e-mail which goes through. According to them, it happens pretty randomly, which makes this really tough to diagnose. It seems like it could be the connection, but with all 4 saying the same thing ... I have to question. The odd ball is the one user who uses Outlook and says he has never had a problem.
Doing my due diligence, I did some SMTP debugging, and what I found was something somewhat interesting. Basically, it seems that every user who SMTP auths has to actually do it twice as the first one fails. The problem is, I don't know if this is a Scalix issue, or a Thunderbird issue, and before doing anything, I just wanted to get some feedback and thoughts.
Here is the SMTP log with an e-mail I sent:
Code: Select all
Cli 12207/2 rcvd: 'EHLO [172.20.0.100]'
Cli 12207/2 sent : 250-mail.contentconnections.com Hello [172.20.0.100], pleased to meet you
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
250-AUTH=LOGIN
250-DSN
250 8BITMIME
Cli 12207/2 rcvd: 'AUTH CRAM-MD5'
Cli 12207/2 sent : 334 PDI4MDg5O...hash...hash...ucy5jb20+
smtpd:sasl_canon_user: "mike@contentconnections.com" -> "mike@CONTENTCONNECTIONS.COM"
Cli 12207/2 sent : 535 Incorrect authentication data
Cli 12207/2 rcvd: 'AUTH PLAIN AG1ie...hash...hash ...0aW9ucy5jb20AdnVfcjdiZSo='
smtpd:sasl_canon_user: "mike@contentconnections.com" -> "mike@CONTENTCONNECTIONS.COM"
smtpd:userdb_checkpass: check PAM password for "mike@CONTENTCONNECTIONS.COM"
Cli 12207/2 sent : 235 Authentication successful.
One thing to note is that I do have everything setup for Kerberos authentication, hence the SASL, etc. So the big question is, why is the CRAM-MD5 failing? According to documentation on Thunderbird, it does support CRAM-MD5 SMTP authentication (and also, why else would it send it?), so I'm not sure what the problem is. I'm thinking this may be the cause of my remote user delay as it has to re-authenticate sending every e-mail.
I did see some posts on how to disable various mechanisms, but before I do that, I want to be sure of the ramifications of doing so.
We're using Scalix 10.0.1 on RHEL4 with Sendmail and the Amavisd-milter.
Any thoughts?
Thanks!
-Mike