sjacct
asked on
Is anyone familiar with Exchange SMTP authentication ?
Is anyone familiar with Exchange SMTP authentication ?
Is that true, in the LAN (log on to domain), mail client doesn't need SMTP authentication to send mail by mail server?
We have a scanner/copier/printer combo (SAVIN 8035e). Without adding credential to its configuration it can email scanned files by using inside Exchange server 2003. This is not a computer. It doesn't log on to a domain.
We have a backup software (SyncBack) on a XP computer. It can also email notice without credential added.
We also have a Filemaker server on a Windows 2003 server, which can send email notification, without SMTP authentication enabled.
Strange thing is here,
When we use "telnet mail-server 25" (without AUTH LOGIN) to test mail on any inside computers, it seems fine and says mail is sent to query. But, recipient never receives the mail. Where does the mail go?
But if we use "telnet mail-server 25" with AUTH LOGIN, recipient CAN receive the mail. From here, it looks like SMTP authentication is needed.
Can anyone explain this behavior? We like to know how to control this mail authentication because we have a PHP script, which cannot use/add credential. It means the script doesn't work now.
Thanks for any help !
Exchange 2003
Outlook 2003
Microsoft domain
Is that true, in the LAN (log on to domain), mail client doesn't need SMTP authentication to send mail by mail server?
We have a scanner/copier/printer combo (SAVIN 8035e). Without adding credential to its configuration it can email scanned files by using inside Exchange server 2003. This is not a computer. It doesn't log on to a domain.
We have a backup software (SyncBack) on a XP computer. It can also email notice without credential added.
We also have a Filemaker server on a Windows 2003 server, which can send email notification, without SMTP authentication enabled.
Strange thing is here,
When we use "telnet mail-server 25" (without AUTH LOGIN) to test mail on any inside computers, it seems fine and says mail is sent to query. But, recipient never receives the mail. Where does the mail go?
But if we use "telnet mail-server 25" with AUTH LOGIN, recipient CAN receive the mail. From here, it looks like SMTP authentication is needed.
Can anyone explain this behavior? We like to know how to control this mail authentication because we have a PHP script, which cannot use/add credential. It means the script doesn't work now.
Thanks for any help !
Exchange 2003
Outlook 2003
Microsoft domain
vanbarsoun
Have you checked the Exchange SMTP logs or use message tracking to verify if the telnet tests actually made it through?
Internal Outlook clients use MAPI, not SMTP, to communicate with an Exchange server. Authentication is done using NTLM or Kerberos using the user's AD account to authenticate. Normally, you can allow other devices (like a scanner/copier) to send mail using SMTP without authentication if you add their IP addresses to the relay settings in the properties of the Default SMTP virtual server. Do you know if this was done for your Savin copier? Same goes for your other programs - either someone has set up the SMTP virtual server to allow those workstations or servers to relay, or there are preprogrammed credentials set in those two applications. So, you would have to do the same for the server or workstation that is running your PHP script if you can't program it somehow to send credentials.
In my experience as long as you're sending to local email addresses copiers/external devices don't need any authentication or the need to specify their IP in the allowed to relay list. When you try to send to external email addresses you'll get a deny due to failed relaying, which is when you'll actually need to specify their IP.
Easiest, but not necessarily the most secure, solution is to add the IP address of the machine the script is running on to allow relay.
Easiest, but not necessarily the most secure, solution is to add the IP address of the machine the script is running on to allow relay.
ASKER
Why relay has relationship with it?
So far, my telnet testing is inside user to inside user. No replay is needed.
Our Exchange 2003 default relay setting is ALLOW ALL inside private IP RELAY. I also tested opening relay to ANY. Still not work.
So far, my telnet testing is inside user to inside user. No replay is needed.
Our Exchange 2003 default relay setting is ALLOW ALL inside private IP RELAY. I also tested opening relay to ANY. Still not work.
Have you checked the Exchange SMTP logs? At the very least your telnet test should be working.
ASKER
Where is the place to temporarily disable authentication for testing ?
Our default Authentication setting is:
Default SMTP Virtual Server
Properties
Access tab
Authentication button
v Anonymous access
v Basic authentication
v Intergrated Windows Authentication
I tested to disable last two, but it still does not work,
v Anonymous access
X Basic authenication (password is sent in clear text)
X Intergrated Windows Authentication
What I want to test first is,
How to successfully send telnet mail without using AUTH LOGIN in local ?
Our default Authentication setting is:
Default SMTP Virtual Server
Properties
Access tab
Authentication button
v Anonymous access
v Basic authentication
v Intergrated Windows Authentication
I tested to disable last two, but it still does not work,
v Anonymous access
X Basic authenication (password is sent in clear text)
X Intergrated Windows Authentication
What I want to test first is,
How to successfully send telnet mail without using AUTH LOGIN in local ?
ASKER
following is the log in SMTPSVC1 folder
16:59:34 192.168.1.93 EHLO - 250
16:59:46 192.168.1.93 MAIL - 250
17:00:20 192.168.1.93 RCPT - 250
17:01:20 192.168.1.93 DATA - 250
17:02:58 192.168.1.93 QUIT - 240
16:59:34 192.168.1.93 EHLO - 250
16:59:46 192.168.1.93 MAIL - 250
17:00:20 192.168.1.93 RCPT - 250
17:01:20 192.168.1.93 DATA - 250
17:02:58 192.168.1.93 QUIT - 240
ASKER
It is Exchange Intelligent Message Filter (IMF) archiving mails without authentication.
Which is a good thing. You do NOT want to set your SMTP gateway to allow internal emails without authentication or a specific relay allowed for an internal IP address. AAMOF, I would suggest that you are potentially compromising your systems by allowing ALL internal IP addresses to relay. There is no reason to do this, as long as you have your SMTP virtual server set to allow any authenticated user to send mail (this is the checkbox that is on the same dialog box where you grant or deny relaying). This is the recommended Microsoft setting - to DENY all relaying and check the box to allow all authenticated hosts. If you need to allow specific internal hosts to relay, then you can do this by using the "GRANT only the following hosts" setting, and add the specific host IP addresses that you need to allow to relay without authentication.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.