Topic: User authentication for mail server fails

[olddog11]

Whilst I have not yet found a solution to the initial problem of not being able to receive my email through Thunderbird, I have had some success. I have been testing various email clients and thought it may be helpful to others, who have a similar problem, to detail my findings.

The only email client I have found, so far, that will allow a user to access email on my server is Evolution. I have found that this works on both a Fedora 12 client workstation and windows XP client, however on XP I find Evolution to be very slow to start up and unstable – it works fine on a Fedora desktop though.

I have tried the following email clients and found that none of them will allow a user to log into my server email. Thunderbird – on XP and Fedora 12, Outlook Express – on XP, Eudora – on XP.

I would be interested to know if anyone else has had these problems because I can find very little reference to it in this forum. I am therefore assuming most people can get Outlook Express and Thunderbird etc. to work. Hopefully though this may be of some help to those who cannot get these email clients to work with the SME Server.

[janet]

olddog11

I have tried the following email clients and found that none of them will allow a user to log into my server email. Thunderbird – on XP and Fedora 12, Outlook Express – on XP, Eudora – on XP.

Thunderbird & Outlook Express (on Win 2K or WinXP) work OK with sme server, as does Thunderbird & Windows Mail (on Win Vista & Win 7), either locally or remotely.
If there is a seperate firewall in front of your server you need to open appropriate ports for secure traffic eg for IMAP, 465 (outgoing) & 993 (incoming), which also means forwarding the incoming port to your sme server.

Re correct settings to use, for example, in OE or Win Mail, you DO NOT set the email client to Logon using Secure Password Authentication, you DO set the email client Outgoing Mail Server to use My server requires authentication (Use same settings as my incoming mail server), you DO set the client for connecting securely to the incoming and outgoing servers, eg for IMAP set the client to use ports 465 & 993 and select SSL for both.

Similarly setup for Thunderbird, but their is an issue re TLS setting, see Email FAQ linked at top of forums.

For the mail server names, use the sme mail server name of mail.yourdomain.com or www.yourdomain.com or servername.yourdomain.com, but DNS must be configured to work correctly both locally and remotely, for name resolution to work correctly.
See the sme Manual, Appendix section for issues re DNS setup etc, and other chapters re Domains, and Hostnames and addresses, for good information on the topic. Also see the wiki Howto article on Domain practical usage tips, that may help get your domain name working correctly if it is not already.

I thought I saw a page which shows how to setup email clients for sme, but cannot remember where, or quickly find it, so I suggest you search more.

In OE I suspect you are enabling Logon using a Secure Password Authentication to sme, which is not supported, so do not do that. In Thunderbird there may be the wrong TLS setting.

Please post a full description of your network, what mode your sme server is only (server only or server gateway), what firewall is/is not being used, and ALL the settings you use in a email client. Also are you accessing from the LAN or from external locations ?
Please be accurate and do not leave out any details, if you want your problem diagnosed and fixed.

I suspect misconfiguration of your network and misconfiguration of your email clients, along with some misunderstanding of what you are doing.

So please provide the information requested.

[olddog11]

Thanks for making the effort to work with me on this one.

My server is in server only mode and is located behind a separate router, with the router controlling the firewall. I have opened up to following ports on my firewall for inbound services:
Allow POP3 (UDP:110), SMTP (TCP:25), and HTTPS (TCP:443)
Outbound services allows all (default setting for the router)

I do not have a static IP address but use Dynamic DNS and I have set the router up to use this.
My domain name is dgb.homelinux.com and is registered with dyndns.com

I am accessing my server from the LAN – I am trying to get that up and running correctly before I even consider external locations

Email settings on SME Server:
POP3 Server Access: Allow access only from local networks
IMAP Server Access: Allow access only from local networks
Virus scanning: Enabled
Spam Filtering: Disabled
Executable content blocking: Disabled
Email Retrieval Mode: Standard (SMTP)
SMTP Authentication: Allow SSMTP (secure)
Email to unknown users: Send to Administrator
Address of internal mail server: blank
Address of internet providers mail server: smtp.virgin.net

Mange domain settings:
Domain name: dgb.homelinux.com
Brief description: Primary domain
i-bay: Primary
Domain DNS servers: Resolve locally

Email configuration on OE
My incoming mail server is a POP3 server
Incoming mail POPS: server1 (note server 1 is the name of my server – I have also tried various domain name configurations here such as mail.dgb.homelinux.com but I get an error which says that the host mail.dgb.homelinux.com could not be found. It can find server1 but I get the following error message.
Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'dgb.homelinux.com', Server: 'server1', Protocol: POP3, Port: 995, Secure(SSL): Yes, Error Number: 0x800CCC0F

Outgoing mail (SMTP): smtp.virgin.net
Incoming mail server
Account name: dave
Password: set to the user password for my sme username
Logon using secure password identification is NOT set.

Outgoing Mail Server
My server requires authentication IS set.
This is set to use the same as my incoming mail server.
NOTE: I cannot use my mail server to send outgoing mail as I do not have a dynamic email address address (outgoing email is rejected by Spamhaus. I send outgoing email through my ISP's server and that works okay.

Server port numbers
Outgoing mail (SMTP): 25
SSL: This IS set

Incoming mail (POP3): 995
SSL: This IS set

I have tried to include all of the information you require but if I have omitted any then please let me know and I will supply more.

Many thanks for you interest so far in my problem, I dare say the solution is something simple but I cannot find it. I have done extensive reading of the SME manuals to try to figure this out for myself but as you see I am missing something somewhere.

[janet]

olddog11

No time to study your answer fully at the moment, but secure smtp (SSMTP) is port 465
Change your setting and see what happens.

....pause.....

OK, some further comments. You appear to have name resolution problems on your local network. You can fix this different ways, something like the following.
1) You add your sme server into your router and configure your workstations to use the router as the gateway and DNS server.
2) You disable the DNS server function in the router and then use the sme server as your DNS server. In your workstations you would specify the router IP as the gateway and the sme server IP as the DNS server.

Note in the sme server Configure this server screens, you should also specify the router IP as the gateway for your server, if not already done.

Re opening ports on your router/firewall, you need to forward them to the sme server IP. Also you should forward port 80 for web, and any other ports needed to access sme server eg port 22 or 2222 (depending what you use) for ssh access.
If you are accessing your sme mail server externally then you need to open and forward the secure mail ports too.

Outgoing mail (SMTP): smtp.virgin.net

Better to send mail via your sme server, although in your configuration the above should work OK.
In your local email client you can specify the sme server IP for incoming and outgoing server address, to workaround name resolution problems (temporary fix until you get both internal and external name resolution working OK.

Address of internet providers mail server: smtp.virgin.net
NOTE: I cannot use my mail server to send outgoing mail as I do not have a dynamic email address address (outgoing email is rejected by Spamhaus. I send outgoing email through my ISP's server and that works okay.

What you wrote does not make sense, your sme server IS configured to send mail via your ISP, so if you send mail via your sme server then it will automatically be sent via your ISP, thus avoiding problems with spam rejection etc, unless of course your ISP is listed on Spamhaus list (which can commonly occur).

I suggest you use IMAP rather than POP, as you leave the mail on the server and can then access it from anywhere (in the world).

I would just ask is there any compelling reason you want to use sme in server only mode behind a router/firewall, you have a more complicated setup. It is easier to use sme as a gateway server and reconfigure your router/modem into bridged mode (passthrough) thus giving all router functionality to the sme server.
It is more easily maintained and setup that way, and at least some of the problems you are experiencing above, would not have occurred.

[Marco Hess]

Incoming mail POPS: server1 (note server 1 is the name of my server – I have also tried various domain name configurations here such as mail.dgb.homelinux.com but I get an error which says that the host mail.dgb.homelinux.com could not be found. It can find server1 but I get the following error message.

One of the things you want to make sure is also that your server is the one that hands out the DHCP address for your network and not your router. In that way, the PC's are directed to use your server for DNS name resolution and the PC's should resolve mail.dgb.homelinux.com to the ip of your server.

For example, I also run my server in server only with a separate ADSL gateway/router and in WinXP the ipconfig lists as follows:

Code: [Select]

U:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : AUADL02
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : through-ip.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : through-ip.com
        Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet for hp
        Physical Address. . . . . . . . . : 00-11-85-0F-5C-BD
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.1.0.246
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.1.0.1
        DHCP Server . . . . . . . . . . . : 10.1.0.20
        DNS Servers . . . . . . . . . . . : 10.1.0.20
        Primary WINS Server . . . . . . . : 10.1.0.20
        Lease Obtained. . . . . . . . . . : Sunday, 25 April 2010 3:11:06 PM
        Lease Expires . . . . . . . . . . : Monday, 26 April 2010 3:11:06 PM

U:\>
The gateway is 10.1.0.1 and the server itself is 10.1.0.20. As you can see, all lookup services are directed to the server.

[olddog11]

I would just ask is there any compelling reason you want to use sme in server only mode behind a router/firewall, you have a more complicated setup.

The reason I am using the server in server only mode is as follows:
I am trying to teach myself how to set up a business network and understand more about Linux in general. I am doing this in my spare time and at home, having set up a small network in my workshop. This has to work alongside my families normal home computing needs with desktop and laptops being used independently from my “hobby”. General home computing therefore uses the same router as my network, I am trying run both side by side. Maybe this is being too ambitious and  not possible.

I have tried to think this all through logically and come to the conclusion that I should be able to achieve this, please let me know if this is not possible. I run my network mainly at weekends and therefore turn my server off during the week meaning I cannot run my home requirements through the server and I would probably not want to, hence keeping it in server only mode. As I am working at the limits of my computing knowledge I do not want to mess things up completely and disrupt my families home computing requirements, stopping my daughters chatting online would be more than my life's worth!

I have been trying some of the suggestions that have been put forward, so far with no luck but I will keep trying when I have the time – thanks for all the help.

[Stefano]

I have been able to set up an email account on Thunderbird for admin@MYDOMAIN but every time I try to configure an account for a user I receive the following alert

just a (maybe silly) question: does it means that you are using username@domain as username?

[olddog11]

just a (maybe silly) question: does it means that you are using username@domain as username?

No, I am using my username only.

[Marco Hess]

The reason I am using the server in server only mode is as follows:
I am trying to teach myself how to set up a business network and understand more about Linux in general. I am doing this in my spare time and at home, having set up a small network in my workshop. This has to work alongside my families normal home computing needs with desktop and laptops being used independently from my “hobby”. General home computing therefore uses the same router as my network, I am trying run both side by side. Maybe this is being too ambitious and  not possible.

One way that you could consider is to run your server in server-gateway mode and run a secondary private LAN segment to connect your test PC to your server. In this way the test PC get it IP address from the DHCP in your server and the DNS issues you describe go away.

The server is setup to use the router as its gateway and the rest of the PC's in your home still directly connect directly to the router and won't be affected by the server being there or not (but don't easily connect to it and it sounds like this is what you want).

I used to run my server like that with the internal segment IP addresses being 10.1.0.XX and the outside IP segment 10.0.0.XX. This generally works Ok with the only issue that for the PC's on your test segment, you go through 2 layers of network address translations (NAT) and this sometimes confuses some PC applications (generally those that try to setup secured network connections like VPN's from your PC to another location on the Internet.

[janet]

olddog11

please let me know if this is not possible.

It is possible and you have been given 3 suggestions of how to make it all work. Having a seperate router firewall means that more complicated and specific configuration of your network is required to make it work, but it is relatively easy to do.
Follow Marcos tips for configuring your workstations, which are essentially the same as suggestion 2) I made earlier.

I have been trying some of the suggestions that have been put forward, so far with no luck....

You need to tell us specifically what you changed and what the error or problem now is. Just saying I did something and it still doesn't work is useless to us to diagnose your problem.

As I see it minimally, you change the port to 465 and use the sme server IP address for the incoming and outgoing mail host in your email client. From what you have described you should at least be able to send an email to yourself. Please advise outcome of those specific changes.

Then you can move on to fixing other issues.

[olddog11]

You need to tell us specifically what you changed and what the error or problem now is. Just saying I did something and it still doesn't work is useless to us to diagnose your problem.

I agree with you completely, the purpose of this post was to answer your question as to why I have my server in server only mode. I then added the briefest of detail about what I had done so far with the help you gave, in hindsight perhaps I should not have commented on that at all.

I have been given a lot of information from both Mary and Marco all of which I shall digest and try to understand before attempting to put some of it into practice. This will take me several days but I will let you know how I get on.

Just a couple of queries before I start re-configuring my server.
1) If I set up my server as a DHCP server do I switch off this service on the router? There is only supposed to be one DHCP server on a network but then how will my home computers (external to the network) receive the DHCP service? Am I correct in thinking that I CAN have both the server and router set up to give DHCP on the basis that there is still only one DHCP service on the LAN and my router supplies DHCP to my home computers external to the LAN.

If this is the case would it be best to set different address ranges on the server and router to avoid the same IP being given or would that not matter on the basis that the home computers are outside of the LAN?

2) If my server is in server and gateway mode do I still connect it directly to the router?

My apologies if some of this does not make sense or I am asking obvious questions but I feel a little out of my depth at the moment and still sinking! I keep reading the manuals and with your help it is gradually falling into place.

As I see it minimally, you change the port to 465 and use the sme server IP address for the incoming and outgoing mail host in your email client. From what you have described you should at least be able to send an email to yourself. Please advise outcome of those specific changes.

After setting the port to 465 I can send email using smtp.virgin.net as the outgoing server but NOT if I use the servers IP address, it does not accept my username and password.

[janet]

olddog11

You can only have one DHCP server on your network. Splitting your network is only complicating matters further.

...but NOT if I use the servers IP address, it does not accept my username and password.

You should be using the username and password that is configured on the sme server, not your ISP username & pw.

[olddog11]

You should be using the username and password that is configured on the sme server, not your ISP username & pw.

I am using my SME server username and password.

This brings me right back to my initial problem of password authentification failure.

Just to recap
I can receive email using the evolution email client on both windows XP and Fedora 12 using my SME server username and password.

I can access my webmail using my SME server username and password.

I cannot receive my email using either of the following email clients using my SME server username and password:
Thunderbird, Outlook Express, or Eudora. I think that my username and/or password with these email clients is not being recognised or accepted even though I am using the correct username and password.

[Stefano]

I cannot receive my email using either of the following email clients using my SME server username and password:
Thunderbird, Outlook Express, or Eudora. I think that my username and/or password with these email clients is not being recognised or accepted even though I am using the correct username and password.

IMHO you should open a  bug..

[janet]

olddog11 & Stefano

IMHO you should open a  bug..

I tend to agree, simply to formalise the process and get a more strict hierarchy of question, answer and follow through.

olddog11's problems seem to be configuration/network setup related though rather than a bug.