SMTP Submission port authentication problem after 5.05

Discussion forum for Enterprise Edition.
nowhere
Posts: 29
Joined: Mon Aug 09, 2010 7:34 pm

SMTP Submission port authentication problem after 5.05

Post by nowhere »

Hello,
yesterday I installed the upgrade from 5.04 to 5.05.
Everything works fine, no problems.

Today morning I have no new mails.
Also all my costomers which are configured for mail relaying havn´t got any mails.

After some tests from remote servers the mails will bounce wit simmilar messages like this:
194.xxx.xxx.xx_does_not_like_recipient./Remote_host_said:_550_This_mail_server_requires_authentication_(1)_when_attempting_to_send_via_this_SMTP_(submission)_port./Giving_up_on_194.xxx.xxx.xx./

At the SMTP Server Log there are Messages like this:
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 220 recipient-domain.tld ESMTP MailEnable Service, Version: 5.04--5.04 ready at 01/27/11 20:49:13 0 0
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 EHLO EHLO sender-domain.tld 250-recipient-domain.tld [213.90.36.46], this server offers 6 extensions 161 24
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 STARTTLS 24 10
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 STARTTLS STARTTLS 24 10
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 EHLO EHLO sender-domain.tld 250-recipient-domain.tld [213.90.36.46], this server offers 5 extensions 147 24
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 MAIL MAIL FROM:<sender@domain.tld> SIZE=2833 250 Requested mail action okay, completed 43 43
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 RCPT RCPT TO:<recipient@domain.tld> 550 This mail server requires authentication (1) when attempting to send via this SMTP (submission) port. 107 26
01/27/11 20:49:13 SMTP-IN D416D095772B4FA8BBE1D59A03C6B42D.MAI 828 213.90.36.46 QUIT QUIT 221 Service closing TLS SSL transmission session 50 6
I marked the sequenz bold (550 This mail server requires authentication (1) when attempting to send via this SMTP (submission) port)
Only mails which should relay to remote servers was affected.

Now I downgraded to ME 5.04 and everything works with no problems.
So I believe this is a bug at the 5.05 release.

Can anyone confirm this bug?

Thaks
Regards from austria

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: massive problems after upgrade to 5.05

Post by MailEnable »

The strange thing about this is that the SMTP service binaries (in fact ALL Service DLLs and Executables in 5.04) are identical size/modification/binaries between 5.04 and 5.05. The only code change is to the MMC module to do with a bug where WebMail and Web admin host header languages were not stored correctly, resulting in problems forcing languages based on host names.

Perhaps you could raise a support ticket so we may investigate further (use defect or installation category since they are zero cost). It might be simpler for us to confirm that the binaries in your bin directory match the 5.05 ones and to manually patch the MMC issue (which is the only change that 5.05 brings).
Regards, Andrew

nowhere
Posts: 29
Joined: Mon Aug 09, 2010 7:34 pm

Re: massive problems after upgrade to 5.05

Post by nowhere »

Hello,
thank you for your fast response.
I will give it a try once again, upgrade to 5.05 and monitor the system.
Also I will check the versions of the files.
I will report back the results of the tests

Regards from austria

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Re: massive problems after upgrade to 5.05

Post by MailEnable-Ben »

Here is some more on the error if you need:

550 This mail server requires authentication (0) when attempting to send via this SMTP (submission) port

Error Description: When this error is received it means that the MailEnable server SMTP service has been configured to force all inbound connections to authenticate. This setting is designed mainly for servers that want all mail to come from a remote spam checking service as it forces connections that send to and through the server to authenticate unless they are allowed relay by IP. All other connections even when simply sending to the server will fail with this error if this is not the case.

In the ME Admin MMC this is configurable at:

ME Admin MMC->Servers->Localhost->SMTP Properties->Inbound (TAB)->"Properties"->Port Settings [Button]->SMTP Port->"Requires connections to authenticate before sending email"

Or for alternate SMTP listening port:

ME Admin MMC->Servers->Localhost->SMTP Properties->Inbound (TAB)->"Properties"->Port Settings [Button]->Submission Port->"Requires connections to authenticate before sending email"

In the MailEnable Professional or Enterprise manual the settings can be found at:

Configuration of connectors, services and agents->SMTP Connector->Inbound->Requires connections to authenticate before sending email

Error Resolution: The resolution is determined by whether you want this feature to be enabled or not. If you are getting this error when you are not expecting then ensure that this feature is not enabled for either SMTP port. If you require this feature and understand what it does then ensure any servers that are required to send through the server and not authenticate are added to the inbound IP relay list.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

nowhere
Posts: 29
Joined: Mon Aug 09, 2010 7:34 pm

Re: massive problems after upgrade to 5.05

Post by nowhere »

Hi,
thank you for this information.
Today I updated to the latest version and removed the "Requires connections to authenticate before sending email" setting.
I don´t now but with the old version I had no problems and I do not remember that I had changed the settings.

But now it looks very good again.

Thank you for your support

Regards from austria

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Re: massive problems after upgrade to 5.05

Post by MailEnable-Ben »

OK thanks for the update, sometimes people get this setting confused with the Relay settings for authentication.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

crnunez
Posts: 213
Joined: Sun Jan 25, 2004 8:26 pm

Re: massive problems after upgrade to 5.05

Post by crnunez »

Hello,
When I upgraded to V5.05 I had the same issue with "550 This mail server requires authentication (1) when attempting to send via this SMTP (submission) port.". I don’t change any settings in 5.04 but the installer change something value when upgrading.

I solve this problem after some hours, when I read an article about "550 This mail server requires authentication (1) when attempting to send via this SMTP (submission) port", of course I have several complaints about SMTP issue with reject external mail ...
Regards,
Robert N.
Zona Hosting - Hosting y Servicios Profesionales en Internet.

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Re: massive problems after upgrade to 5.05

Post by MailEnable-Ben »

I just did a test here just in case but that setting was not changed on an upgrade from 504 to 505 so not sure what is different for you. You could check the \MailEnable\BIN\INSTALL-ENTERPRISE.LOG for the value "Listen Port Relay Mode" which is the registry key for this feature to see if the installer set the value to 1.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

spleeze
Posts: 12
Joined: Thu Dec 23, 2010 6:28 pm

Re: massive problems after upgrade to 5.05

Post by spleeze »

I had the exact same problem today from 5.04 -> 5.06 ! Turns out that "Requires connections to authenticate before sending email" is turned on in the "Inbound" tab for both SMTP port and Sub Port. Odd that I did not touch this value during the upgrade.

Here is my question. I STILL want all of my email clients who are using my SMTP server to still authenticate before using this server's SMTP, but I obviously don't want remote servers to have to authenticate in order to drop messages onto my server (which is the problem outlined in this thread). So, will turning off the "Requires authentication" in the inbound tab, and in the Relay tab, leaving on "Allow relay for authenticates senders (MailEnable integrated authentication) achieve this for me? Or, has turning off the "requires connections to auth before sending" in the inbound tab for port 25 just opened my SMTP to internal users not having to auth?

I just tested SMTP without authenticating, and it did reject me, which is good. So are the authentication settings on the "Incoming" tab really only for server-to-server SMTP communication?

-Brian

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: massive problems after upgrade to 5.05

Post by MailEnable »

I had the exact same problem today from 5.04 -> 5.06 ! Turns out that "Requires connections to authenticate before sending email" is turned on in the "Inbound" tab for both SMTP port and Sub Port. Odd that I did not touch this value during the upgrade.
Possible what has happened is that the feature never used to work properly and was clicked. Then the recent update has corrected the bug and it has started working. Some rework of the SMTP code was undertaken to allow more bindings and relay options - it is quite likely that the rework may have fixed a bug that then allowed the feature to work. (This is almost certainly the case because the installer does not change any of the relay/auth options at all).

To answer your question:
I STILL want all of my email clients who are using my SMTP server to still authenticate before using this server's SMTP, but I obviously don't want remote servers to have to authenticate in order to drop messages onto my server (which is the problem outlined in this thread).
If you want to allow remote server to send relay through your server, you need to grant relay to the IP address of that server.
Regards, Andrew

spleeze
Posts: 12
Joined: Thu Dec 23, 2010 6:28 pm

Re: massive problems after upgrade to 5.05

Post by spleeze »

I don't want to allow remote servers to relay through my server. I want what I consider a typical email server setup:

1. Local users (my clients) need to auth before using my SMTP server.
2. Remote servers can submit email to my server for local clients only.
3. Remote servers can NOT use my server as an open relay.

Just making sure that now turning that option off has not compromised this setup. So far it seems like it has not.

-Brian

ppoulain56
Posts: 1
Joined: Wed Feb 09, 2011 9:44 am

Re: SMTP Submission port authentication problem after 5.05

Post by ppoulain56 »

Hello, I just want to share that I had exactly the same problem, upgrading from 5.04 to 5.06. The solution above worked for me also.

chrisbudden
Posts: 2
Joined: Thu Oct 21, 2010 10:27 am

Re: SMTP Submission port authentication problem after 5.05

Post by chrisbudden »

Hi

Is this resolved now? I still have to have "Require connections to authenticate" in order to receive emails from external servers. If i do have this turned off, I am able to send email from a local address, to a local address through a telnet session, without authenticating. This is not acceptable!

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Re: SMTP Submission port authentication problem after 5.05

Post by MailEnable-Ben »

There is nothing here to be resolved. The issue was that the feature did not work when enabled prior to 5.05 (a couple of versions before 5.05 only), then once 5.05 was installed this feature was working, so anyone that had enabled it mostly for invalid reasons and not knowing what they were enabling meant that this feature started to block inbound connections that were not authenticated.

The behaviour of having this feature enabled or not is not the reason for your spoofing of emails. The anti spoofing feature is enabled on the security TAB of the SMTP service, you may think that this feature is stopping spoofing which it is but it is also stopping all other inbound email most likely legitimate email.

Let me explain this feature in case the above information is not enough.

This is a submission port feature (by submission port I mean nothing to do with relay), when enabled this feature will force all inbound connections to authenticate regardless if they are sending email (relay) or authenticating. Obviously people who are trying to send email to your server do not need to authenticate so while it is enabled all inbound delivery of email will fail. Your customers can send as they are authenticating (in most setups) and as such are able to relay.
The feature itself is designed for situations where a mail server environment is to only accept email from a third party external spam protection/scanning server. For these environments the MailEnable server admin will add the spam server IPs to the allowed relay list which will mean that all inbound connections from other servers (non spam protection IPs) will be blocked except clients who are authenticating and the spam servers themselves which are allowed to deliver mail as they are listed on the allowed relay list.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

gokhan@bworks.tc
Posts: 8
Joined: Wed Nov 07, 2018 4:53 pm

Re: SMTP Submission port authentication problem after 5.05

Post by gokhan@bworks.tc »

Hi I use 7.60 professional I have take the below error when I try to send a mail to another server
Can you tell me why I take this problem?

.MAI 1936 78.189.209.58 220 mail.bogazicidigital.com ESMTP MailEnable Service, Version: 7.60-7.60- ready at 11/27/18 14:21:34 0 0
11/27/18 14:21:35 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 EHLO EHLO GKHP 250-bogazicidigital.com [78.189.209.58], this server offers 5 extensions 169 11
11/27/18 14:21:35 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 AUTH AUTH LOGIN 334 VXNlcm5hbWU6 18 12
11/27/18 14:21:35 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 AUTH {blank} 334 UGFzc3dvcmQ6 18 26 gokhan@bworks.tc
11/27/18 14:21:35 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 AUTH {blank} 235 Authenticated 19 18 gokhan@bworks.tc
11/27/18 14:21:35 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 MAIL MAIL FROM: 250 [SMTP:gokhan@bworks.tc] connection from 78.189.209.58 authenticated. 74 31 gokhan@bworks.tc
11/27/18 14:21:36 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 RCPT RCPT TO: 250 Requested mail action okay, completed 43 29 gokhan@bworks.tc
11/27/18 14:21:36 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 RCPT RCPT TO: 250 Requested mail action okay, completed 43 31 gokhan@bworks.tc
11/27/18 14:21:38 SMTP-IN FD921E7FF3E648BA9F7331CB0DBEB92B.MAI 1936 78.189.209.58 DATA DATA 354 Start mail input; end with . 46 6 gokhan@bworks.tc

Post Reply