Solved

CFMail Authentication in ColdFusion 5

Posted on 2010-08-16
26
907 Views
Last Modified: 2013-12-20
I am trying to fix a legacy application built on ColdFusion 5.  We recently migrated to IMail 11.01 and we have found that the application can no longer send mail.  I figured out that it is because our old mailserver did not require authentication on SMTP.  We now do require authentication.  Is there a way in the CFMail tag to provide the username and password to authenticate against or setup IMail to allow that one domain to send mail out?
0
Comment
Question by:paldie
  • 13
  • 11
  • 2
26 Comments
 
LVL 6

Expert Comment

by:ajarvey
ID: 33446553
Add the following to your CFMAIL entry, changing the specifics for your environment:

to = "anyone@anywhere.com"
from = "you@yourdomain.com"
subject = "This is the subject"
username = "you@yourdomain.com"
password = "password"
server = "mail.mydomain.com"
0
 

Author Comment

by:paldie
ID: 33446655
That won't work.  Username and Password weren't added into CF until CF MX (6).
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33446708
Yes, you are correct - apologies for that.. For your server entry, try the following:

user:password@mail.company.com
0
 

Author Comment

by:paldie
ID: 33446714
@ajarvey - I am not sure what you mean.  Can you include a snippet for context?
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33446766
server = "mail.mydomain.com"

change to

server = "Username:Password@mail.mydomain.com"

Username = the email account's username
Password = the email account's password

both seperated by a colon. YOu might have a problem with that, because of Imail using the full email address as the account name. CF might freak out with having multiple @ symbols.

If you can't get this to work, what I would recommend you do is change your email server configuration to allow relaying from the IP address of the application server where this is hosted.
0
 

Author Comment

by:paldie
ID: 33446918
Okay I will attempt that.  Now if I wanted to add the application to the server list of accepted domains what would I put in.  The application has a public domain (ex. www.domain.com), but the app connects to the mailserver through a LAN IP (192.168.200.***).  Would I add the application servers LAN IP to the accepted domains list of the public URL?
0
 
LVL 6

Accepted Solution

by:
ajarvey earned 250 total points
ID: 33446943
Yes, you would add that 192.168.x.x address to the allowed relay list.
0
 

Author Comment

by:paldie
ID: 33449214
Okay so I got my server to allow me to send mail to addresses on the mailserver but it won't let me send mail out to other addresses.  
For example server has mail domain domain1.com and domain2.com.  I can send to any email that is *@domain1.com and *@domain2.com but I can't send to *@domain3.com.

When I do it with Telnet to my company mail which does not reside on our iMail server I get the following error:

550 not local host cagedata.com, not a gateway
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33449360
You're only allowing relay to local domains, through Imail.. What did you configure in Imail to get you to where you're at now? More specifically, what relay settings did you put in place?
0
 

Author Comment

by:paldie
ID: 33449462
Current SMTP Settings:

General Options
Relay for: Addresses
     Addresses:
          192.168.101.1     255.255.255.0
          192.168.200.1     255.255.255.0
Security Options
[x] Allow Remote Mail to Local Groups
[  ] Check Valid Sender
[x] Auto Deny Possible Hack Attempts
[x] Disable SMTP "VRFY" Command
[  ] Require CRAM-MD5 Authentication

Advanced SMTP Options
[  ] Enable Extra Port
[  ] Disable SMTP AUTH
[  ] Enable SMTP to Listen on All IPs
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33449540
Can you take a look in your Imail SMTP logs, after trying to relay one of these messages, and see what IP address the request is actually coming from? It's possible that your web server is communicating to your Imail server from a different IP address than you think it should be.

If all applications are running on the same box (Web/CF, Imail, etc), try adding 127.0.0.1 to the allowed relay address list.
0
 

Author Comment

by:paldie
ID: 33449683
According to the logs the mail is coming from the 192.168.200 address that I thought it was.  I do however see the following error:
     [192.168.200.***] ERR *****.net invalid user TO:*****@cagedata.com

Starred out part of IP:  Web Server IP Address
Starred out domain name: Mail Server primary domain
Starred out email address: My company email address (on another mail server)
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33449813
Are you specifying a valid FROM address in your CF code, where that FROM address is an email address hosted locally in Imail?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:paldie
ID: 33455896
I don't want to send it locally within imail.  The form is a forgot password form so it needs to be able to send out to anyone else in the world regardless of mailserver hosting.
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33456064
Right, but when you send a message out it has a FROM address, as the sender. Is this FROM address being specified hosted locally in Imail? So for example, you're sending out your forgot password email from FORGOTPWD@MYDOMAIN.COM. Do you have a mailbox setup in Imail for FORGOTPWD@MYDOMAIN.COM?
0
 

Author Comment

by:paldie
ID: 33456111
Yes I do.  As I said I can send mail from the address to another address on the IMail server just fine.  I just can't send mail from the same address to another address outside of the server.
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33456374
Just so I know we're talking about the same thing - If you go to reply to one of your forgotten password emails, where does that reply go to?

The reason why I'm asking is because Imail will require a valid sender for these mails to go external, regardless of the allow relay for address setting (where you allowed the IP address). If the email address that you use for replies is not a valid mailbox/alias in Imail, the messages will not relay outside.

That may be why you are able to relay to internal users, but not to external users.
0
 

Author Comment

by:paldie
ID: 33456806
When I respond back it goes to the proper email address.
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33456919
It seems like we have a disconnect somewhere between us. As of now, the best I can do for you is to point you to the KB article on IPSwitch's website regarding relaying: http://kb.imailserver.com/cgi-bin/imail.cfg/php/enduser/std_adp.php?p_faqid=35&p_created=1218036877

Make note of the following:

Relay for Local Users Only

IMail checks the FROM address of incoming mail during the incoming SMTP session and determines that it contains a valid email address of a local IMail user account. It does not check user aliases or lists. If the User ID is not valid or does not match the correct domain on which the user exists, the server does not relay mail.

You can use the accept.txt file in conjunction with these options to name remote hosts and users that you want the IMail Server to accept as "local" hosts and users. Again, while this is more secure than 'Relay for local hosts only', the FROM address on an incoming email can easily be forged and this setting should not be used if the IMail server is exposed to the internet.
0
 

Author Comment

by:paldie
ID: 33456931
Well as of right now I can send mail from a user on the imail server to another user on the imail server using my coldfusion application on another server.  When I attempt to send an email to a user not on the imail server (but still a proper user email on another server) I get the errors that I have posted above.

Thank you for your help ajarvey.  I will continue my search.
0
 
LVL 2

Assisted Solution

by:TravisT
TravisT earned 250 total points
ID: 33458191
I too run Imail 11 (since version 4).  The easiest way to do this is to put the IP of the cold fusion server in the mail relay address list:

Your SMTP server should be set to Realy Mail For Addresses or No Mail Relay.  If you use No Mail Relay, then yes, you must AUTH.  But if you use, Relay mail For Addresses (same thigns as No Mail Relay except you get to whitelist some IPs) then you form woudl have stayed working without missing a beat.

Travis
0
 

Author Comment

by:paldie
ID: 33458209
I figured out why I couldn't get it to work with 5 minutes of being on the phone with iMail.  I did everything right to allow mail relay from my coldfusion server, but I wasn't restarting my SMTP services to reload the config.
0
 

Author Closing Comment

by:paldie
ID: 33458225
Solutions were great.  I just forgot to restart the SMTP services.
0
 
LVL 2

Expert Comment

by:TravisT
ID: 33458237
Aww.yes.  Make sure to restart the Queue Manager Service Too - Never a bad Idea.
0
 

Author Comment

by:paldie
ID: 33458260
Yes did that.  Everything works great now with multiple tests.  Thank you TravisT and a big thank you to ajarvey for helping me out for the past day and a half.
0
 
LVL 6

Expert Comment

by:ajarvey
ID: 33458438
Anytime, Paldie..
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now