Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: morpheusx on August 14, 2006, 05:40:46 PM

Title: How do I configure SME to relay SMTP mail? Or use SMTP AUTH?
Post by: morpheusx on August 14, 2006, 05:40:46 PM

I have mobile users for my domain with Treo smartphones that send SMTP mail from an external IP to our SME7 server. If they send mail to someone at our domain, it is accepted and arrives fine.

If they send mail to any other domain, the Treo mail app says '550 Relaying denied'. AFAIK this message is coming from SME itself, because the Treo is a non-local IP even though the 'from' address of the mail is a local domain. I understand the need for no open relays, but is there a selective way to disable this?

SMTP auth is the other way I might be able to address this. I tried using SMTP AUTH LOGIN PLAIN but SME rejected it. I searched the forum and there is a post about it here (http://forums.contribs.org/index.php?topic=33173.0), but no resolution

Thanks!

Title: Re: How do I configure SME to relay SMTP mail? Or use SMTP A
Post by: gordonr on August 15, 2006, 08:57:03 AM

Quote from: "morpheusx"

I understand the need for no open relays, but is there a selective way to disable this?

Not in a way which would ensure you are not an open relay. It is possible if your phones have fixed IP addresses, but I doubt that they do.

Quote from: "morpheusx"

SMTP auth is the other way I might be able to address this. I tried using SMTP AUTH LOGIN PLAIN but SME rejected it. I searched the forum and there is a post about it here (http://forums.contribs.org/index.php?topic=33173.0), but no resolution

SMTP AUTH is enabled by default over SMTP/SSL  (port 465). It is not enabled over non-SSL SMTP (port 25)  as it passes usernames and passwords in a lightly encoded/reversible format.

If your phone supports SMTP/SSL, it should just work. If you really must use SMTP AUTH over plain SMTP, you can do this:

config setprop smtpd Authentication enabled
signal-event email-update

WARNING: Your usernames and passwords will be open to username/password sniffing. This is a serious security risk.

And for the record, we don't support CRAM-MD5 AUTH as that would require us to store copies of the password in clear text on the server, which we also don't want to do.

Title: How do I configure SME to relay SMTP mail? Or use SMTP AUTH?
Post by: dworrell on August 25, 2006, 10:06:00 AM

Quote

SMTP AUTH is enabled by default over SMTP/SSL (port 465). It is not enabled over non-SSL SMTP (port 25) as it passes usernames and passwords in a lightly encoded/reversible format.

Can this be noted in the FAQ or even put in the configuration page on the server-manager?

Title: How do I configure SME to relay SMTP mail? Or use SMTP AUTH?
Post by: morpheusx on October 30, 2006, 09:12:03 PM

FYI, to followup on my post.

Switching to a model where the Treo's use SMTP SSL on port 465 and IMAP SSL on port 993 for everything resolved the issue nicely without exposing any security issues.

Thanks for the help!