Topic: Changes to SMTP Server

[edform]

Having raised a bug [and reopened it several times] to report difficulties in sending any external email from an 8.0b6 server, and having noted today that the same bug has been activated again by others having the same problems, this post is a request for someone in the development team - or anyone else for that matter - to explain how to use the new SMTP server configuration to allow email to be sent to external addresses from a Windows 7 workstation on the local network. My reason for making this request, and in this forum, is that I do not believe it can be done and no one reading the bugs has a: stated that it can, or b: been willing to say how.

When I raised the bug it was simply closed with no confirmation that the system is capable of working. When I pressed the matter I was told that my attitude was inappropriate and, what was even more insulting, further told that bugzilla isn't a help desk. I did not ask for help!!! I reported that I do not think that any of the email programs usable in Windows 7, including the most important email program of them all - Microsoft Outlook, is capable of authenticating against the SME SMTP server version in 8.0b6.

There is no point in raising this as a bug again because it will be shouted down and closed, with meaningless requests for further detail. No further detail is needed; just get a Windows 7 workstation and give it an email account on an SME 8.0b6 server, then try to send email from it using Outlook or Windows Livemail as the sending program. If you can do it, report how. If it turns out not to be possible, as I believe, then something needs to be done because a mail server that cannot send mail on requests from Outlook is a complete waste of good skin.

If it turns out that the server can be authenticated to by Windows email programs in Windows 7, then I will close off this thread with an apology, although making as big a change as eliminating Port 25 SMTP without an explicit description of how to use the alternative was a pretty adventurous thing to do in any case.

Ed Form

[slords]

http://bugs.contribs.org/show_bug.cgi?id=6300#c2
http://bugs.contribs.org/show_bug.cgi?id=5575
http://wiki.contribs.org/SME_Server:Documentation:User_Manual:Chapter2#Configuring_an_email_client

[cactus]

If you can do it, report how. If it turns out not to be possible, as I believe, then something needs to be done because a mail server that cannot send mail on requests from Outlook is a complete waste of good skin.

Please keep in mind that we try to keep documentation up-to-date with our changes, as we did with this one. Please, always check the documentation as it might have changed since the last time you looked.

[edform]

Please keep in mind that we try to keep documentation up-to-date with our changes, as we did with this one. Please, always check the documentation as it might have changed since the last time you looked.

I've looked at the links Shad Lords sent me and they do not clarify the situation, but that's not the point. I'm pretty good at email setup on Windows workstations - I've done more of them than most folks have had hot dinners, and to a wide range of server types, but I cannot persuade Outlook or LiveMail in Windows 7 to authorise to the SME8.0b6 SMTP server. I also note that no one has yet confirmed that it can be done and that he/she has done it. Has it been tested by anyone in the development team?

Ed Form

[kruhm]

My reason for making this request, and in this forum, is that I do not believe it can be done and no one reading the bugs has a: stated that it can, or b: been willing to say how.

Yes, it can be done. What version of Outlook?

Are you sure your email client settings are correct? I didn't see your settings posted.

Thanks,

[byte]

Hi Ed,

I can confirm that it can be done.  I have tried and tested the following clients using win7 32bit:

Outlook 2003/7/10
Windows Live Mail

Could you please tell us what settings you have used to setup your client and what error message you are seeing.

Thanks

[edform]

Hi Ed,

I can confirm that it can be done.  I have tried and tested the following clients using win7 32bit:

Outlook 2003/7/10
Windows Live Mail

Could you please tell us what settings you have used to setup your client and what error message you are seeing.

Thanks

Port 587 + My outgoing server (SMTP) requires authentication + Auto encryption type
Task 'ed.form@workgroupsolutions.co.uk - Sending' reported error (0x80042109) : 'Outlook cannot connect to your outgoing (SMTP) e-mail server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'

Port 465 + My outgoing server (SMTP) requires authentication + Auto encryption type
(The failure message was obtained after a very long timeout)
Task 'ed.form@workgroupsolutions.co.uk - Sending' reported error (0x8004210B) : 'The operation timed out waiting for a response from the sending (SMTP) server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'

Port 25 + My outgoing server (SMTP) requires authentication + Auto encryption type
Task 'ed.form@workgroupsolutions.co.uk - Sending' reported error (0x8004210B) : 'The operation timed out waiting for a response from the sending (SMTP) server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'

Port 25 + My outgoing server (SMTP) requires authentication + Auto encryption type + installed certificate.
Task 'ed.form@workgroupsolutions.co.uk - Sending' reported error (0x800CCC80) : 'None of the authentication methods supported by this client are supported by your server.'

I tried every combination possible of port numbers 25, 465 and 587 and every method of authetication from none to auto and none of them work.

What on earth am I ddoing wrong?

[byte]

Port 465 + My outgoing server (SMTP) requires authentication + Auto encryption type
(The failure message was obtained after a very long timeout)
Task 'ed.form@workgroupsolutions.co.uk - Sending' reported error (0x8004210B) : 'The operation timed out waiting for a response from the sending (SMTP) server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'

Select SSL for encryption. Then you will be asked to accept a certificate.

[edform]

Select SSL for encryption. Then you will be asked to accept a certificate.

Port 465 is deprecated now of course! But it doesn't work anyway.

Port 465 + My outgoing server (SMTP) requires authentication + SSL encryption type - the certificate for my server is already installed in the Trusted Root Certification store.

Task 'ed.form@workgroupsolutions.co.uk - Sending' reported error (0x800CCC80) : 'None of the authentication methods supported by this client are supported by your server.'


I should also add that ports 25, 465 and 587 are all open in my broadband router and the server itself can send email using the webmail facility.

[byte]

Port 465 is deprecated now of course! But it doesn't work anyway.

Port 465 + My outgoing server (SMTP) requires authentication + SSL encryption type - the certificate for my server is already installed in the Trusted Root Certification store.

Interesting it works for me. Try this which I also tested:

Go to server-manager > email

and set SMTP authentication to "Allow both SMTP and SSMTP"

Now configure your outlook client (What version are you using?)

use the certificate issued by name (this is usually the server name + server domain name, i.e example.example.com when you first configured the server) for the incoming mail server and outgoing mail server (SMTP) then click more settings and configure "Outgoing server" and advanced port 25 and leave as auto (or you can select tls up to you)

Hope this helps.

[edform]

Interesting it works for me. Try this which I also tested:

Go to server-manager > email

and set SMTP authentication to "Allow both SMTP and SSMTP"

Now configure your outlook client (What version are you using?)

use the certificate issued by name (this is usually the server name + server domain name, i.e example.example.com when you first configured the server) for the incoming mail server and outgoing mail server (SMTP) then click more settings and configure "Outgoing server" and advanced port 25 and leave as auto (or you can select tls up to you)

Hope this helps.

That's better. I set SMTP authentication to "Allow both SMTP and SSMTP" Then I set 'My outgoing server (SMTP) requires authentication' and set 'Encryption type' to 'auto'. As I said before, the certificate for my server is already installed in the Trusted Root Certification store but it doesn't work properly - Outlook [it's 2010] asks for the certificate at the first send each time it is restarted. Presumably I could get round this by buying a genuine certificate, but that's not an option. So can you go into a bit more detail about how you set your certificate up.

My certificate is issued to the server machine - mini-ITX and is only for the primary domain - I have three domains. Having the Outlook client ask for the certificate at each restart is not really an acceptable situation. It needs to accept it once and for all but it doesn't. So this is still bug-worthy - or am I wrong?

[byte]

So can you go into a bit more detail about how you set your certificate up.

I never set up a cert, I used the one generated by the server and configured my incoming and outgoing paths to match the cert. As I mentioned previously I configured my server with domain name as example.com and server name as example therefore my cert name would be is example.example.com and would need to configure my incoming and outgoing paths as so.

If you google you will see a lot of reports about this issue with mis match certs and domain names with outlook.

[edform]

I never set up a cert, I used the one generated by the server and configured my incoming and outgoing paths to match the cert. As I mentioned previously I configured my server with domain name as example.com and server name as example therefore my cert name would be is example.example.com and would need to configure my incoming and outgoing paths as so.

Yup, that works perfectly. I'm going to write a Howto for this because it will be a real PITA for lots of people.

Many thanks.

[byte]

I'm going to write a Howto for this because it will be a real PITA for lots of people.

I'm sure the manual will be updated for SME Server 8 when it becomes full RC candidate as at the moment the current manual is based mainly on SME Server 7 although pretty much of it is similar we do have (as we have here) things to change for SME Server 8.

[CharlieBrady]

I'm sure the manual will be updated for SME Server 8 when it becomes full RC candidate as at the moment the current manual is based mainly on SME Server 7 although pretty much of it is similar we do have (as we have here) things to change for SME Server 8.

The only thing different for SME server 8 is the change in policy. Any advice about configuration of clients to enable encryption and authentication apply equally to both, as does advice about dealing with self-signed certificates.

[edform]

The only thing different for SME server 8 is the change in policy. Any advice about configuration of clients to enable encryption and authentication apply equally to both, as does advice about dealing with self-signed certificates.

The pulling of unauthorised Port 25 has thrown quite a few people who, like me, have always set up systems without reference to encryption or certificates, so having an easy to follow Howto will help. It can always be discarded when the manual covers the subject in an easy-to-follow way.

Here it is...

http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0

Ed Form

[byte]

Nice "how to" Ed Should help others who will probably stumble across this.

Another note, if you want to go bit more advanced, I've just tried this morning is to create a cacert.org using

http://wiki.contribs.org/Custom_CA_Certificate

This will allow the use of setting the incoming/outgoing path to any wild card domain in outlook, you then only update the server cert and the clients are none of the wiser after you install the cacert root cert from:

http://www.cacert.org/index.php?id=3

[johnp]

There used to be another good how to regarding custom self signed certificate creation but it seems to be gone now

[byte]

There used to be another good how to regarding custom self signed certificate creation but it seems to be gone now

Maybe you mean this one?

http://wiki.contribs.org/Certificates_signed_by_own_CA

[johnp]

Yes that's the one. I don't know how I missed it  Thanks

I've used that with some modifications to the subject alternative name section to make my certs.

Just thought, if using this on 8 you might want to verify the signiture algorithm. This has been changed

[edform]

I just updated the Howto at http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0 to include installing certificates with older email clients that do not have a link to the certificate installation routine and early versions of Outlook with a single tickbox for SSL encryption.

Ed Form