Topic: Authenticated SSMTP being rejected from RBL/SBL [SOLVED]

[robwellesley]

Hi All

We have a situation where mobile devices connecting to SME8 on SSMTP SSL 465 are having email rejected because the I.P. number on the device (I.P. supplied by the ISP) is on a blacklist.
Any thoughts on how I might turn off RBL checks for local and/or authenticated mail?

Also, I get why an ISP email service might want to block even authenticated email, but a small company of NFP will not, so I'm wondering idf this is a feature or actually a bug?

Rob

[janet]

robwellesley

Who or what is doing the rejecting ?

[robwellesley]

Hi

Below is a snip of the SQPSMTPD log.
You can see that N Shirley (a local user) makes a connection (authenticated of course since it's SQPSMTPD) from his mobile, but it's rejected.


2014-04-17 13:06:40.010435500 22023 Accepted connection 0/20 from 122.56.234.110 / 122.56.234-110.mobile.telecom.co.nz
2014-04-17 13:06:40.010487500 22023 Connection from 122.56.234-110.mobile.telecom.co.nz [122.56.234.110]
2014-04-17 13:06:40.011673500 22023 tls plugin (init): ciphers: HIGH:!SSLv2
2014-04-17 13:06:40.013163500 22023 tls plugin (init): ciphers: HIGH:!SSLv2
2014-04-17 13:06:40.018513500 22023 tls plugin (init): ciphers: HIGH:!SSLv2
2014-04-17 13:06:40.684511500 22023 tls plugin (connect): Connected via SMTPS
2014-04-17 13:06:41.684467500 22023 check_earlytalker plugin (connect): remote host said nothing spontaneous, proceeding
2014-04-17 13:06:41.689745500 22023 220 server.farmright.co.nz ESMTP
2014-04-17 13:06:41.814514500 22023 dispatching EHLO [100.88.138.0]
2014-04-17 13:06:41.815545500 22023 250-farmright.co.nz Hi 122.56.234-110.mobile.telecom.co.nz [122.56.234.110]
2014-04-17 13:06:41.815561500 22023 250-PIPELINING
2014-04-17 13:06:41.815575500 22023 250-8BITMIME
2014-04-17 13:06:41.815591500 22023 250-SIZE 25000000
2014-04-17 13:06:41.815605500 22023 250 AUTH PLAIN LOGIN
2014-04-17 13:06:42.048509500 22023 dispatching MAIL FROM:<nshirley@farmright.co.nz>
2014-04-17 13:06:42.048606500 22023 full from_parameter: FROM:<nshirley@farmright.co.nz>
2014-04-17 13:06:42.071502500 22023 getting mail from <nshirley@farmright.co.nz>
2014-04-17 13:06:42.071502500 22023 250 <nshirley@farmright.co.nz>, sender OK - how exciting to get mail from you!
2014-04-17 13:06:42.071578500 22023 dispatching RCPT TO:<rcottier@farmright.co.nz>
2014-04-17 13:06:42.275232500 22023 logging::logterse plugin (deny): ` 122.56.234.110   122.56.234-110.mobile.telecom.co.nz   [100.88.138.0]   <nshirley@farmright.co.nz>      dnsbl   903   http://www.spamhaus.org/query/bl?ip=122.56.234.110   msg denied before queued
2014-04-17 13:06:42.275283500 22023 delivery denied (http://www.spamhaus.org/query/bl?ip=122.56.234.110)
2014-04-17 13:06:42.275311500 22023 550 http://www.spamhaus.org/query/bl?ip=122.56.234.110
2014-04-17 13:06:42.275408500 22023 click, disconnecting
2014-04-17 13:06:42.906487500 3331 cleaning up after 22023
2014-04-17 17:21:55.570570500 32723 220 server.farmright.co.nz ESMTP

[CharlieBrady]

Below is a snip of the SQPSMTPD log.
You can see that N Shirley (a local user) makes a connection (authenticated of course since it's SQPSMTPD) from his mobile, but it's rejected.

You say "authenticated of course since it's SQPSMTPD", but use of SSL doesn't imply use of authentication. The log snippet you show indicates mail injection without authentication.

[robwellesley]

Thank you for lurking here Charlie.

Got that - AUTH LOGIN PLAIN = AUTH'd? NOPE.

I was 'assured' that user and passwd details are entered in the phone, but clearly not.  I'll get that fixed which I assume will answer the question "is authenticated mail run past the RBL lists"

[CharlieBrady]

Got that - AUTH LOGIN PLAIN = AUTH'd? NOPE.

No, that just advertises that AUTH is available, using the two methods mentioned.

[robwellesley]

Thank you.

[CharlieBrady]

Rob, please add [SOLVED] in the thread subject.

[robwellesley]

I immediately had opportunity to setup an email client on a Laptop that was connecting over a mobile 3G usb 'stick'.
I noted that unauthenticated email was being rejected by the SME8 server from SPAMHAUS listing of the I.P. of the 3G 'stick'.
Once authentication was setup mail was accepted by SME8.
I'll assume this is a feature not a bug.  If it is a bug, it should be a feature

[janet]

robwellesley

A feature since long ago, around sme5 or 6 as a contrib, & then added into the base.
See Email panel in server manager to force SSMTP for all users, which is a good idea as it also stops viruses (without a password) from accessing your smtp server. Quoting: "The SSMTP setting requires all users to use SSL/TLS authentication."

[robwellesley]

Hi Janet
This is the default for SME8.x now