We help IT Professionals succeed at work.

Sent SMTP message to Exchange server through external web server

on
Medium Priority
1,268 Views
We are developing a new website that has a feature where they can filll out a form on our website and submit it to an e-mail address on our exchange 2003 server.  It's an Expression Engine using Php on the website.  The website is sitting on our DMZ and I have opened port 25 to go from the webserver to the exchange server.  I can telnet mailserver 25 but I get a -0500 code at the end of my telnet.  Is that an authentication issue?  Regardless, I can't get an e-mail message to go through.  On the Expression Engine side, I entered a user I setup in AD, with an e-mail account to send through.  I have set that user Relay privledges on SMTP in exchange.  Not sure what else to look at.
Comment
Watch Question

View Solution Only

Commented:
Test the relay with authentication using telnet

Commented:
I can get a successful ehlo command..
ehlo
250-mailserver.domain.loc Hello [192.168.X.X]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM
250-AUTH GSSAPI NTLM
250-XEXCH50
250 OK

Under SMTP Authentication I've got Anonymous access checked, basic with Requires TLC encryption and integrated checked.  I have went into users and added the user I entered in expression engine relay and submit permissions.  However, when I SMPT from the server, I'm logged on as a different account than the account I enter in expression engine.

Commented:
You need to uncheck "Requires TLS encryption", I am not sure if your expression engine is capable of TLS or not. Disable TLS and try sending message from expression engine and test relay from telnet using commands in the link document

telnet smtpserver 25
ehlo
once you get 334 encrypted message enter/paste encrypted user name ( follow the base64 conversion link in document to encrypt user name)
enter encrypted password after 334 message
once the authentication is sucessful start mail commands
mail from: user@yourdomain.com
rcpt to: user@yourdomain.com
data
test

.
CERTIFIED EXPERT

Commented:
BTW, the -0500 "code" you're getting is just the CDT time zone from the banner of your mail server, so it doesn't even sound like you're getting past HELO if that's the last thing you see.

Commented:
If I need to send encrypted e-mails, don't I need to have that setting checked?

I did achaldave's suggestion and I get 535 5.7.3 Authentication unsuccessful.  Xterm see above and you see what I get when I type in ehlo.

Commented:
Of course I verified the users credentials and can log onto a PC with the same credentials I used in the last step.  I have even tried my own credentials and they don't work either.

Commented:
A collegue of mine said in an SMTP server (non exchange) you could set it up to authenticate to the SMTP server using plain text.  Is there a way to do that with exchange?
CERTIFIED EXPERT

Commented:
Yes, you use port 587 (submission) instead of port 465 (smtpssl) if you want to authenticate over plain text.

The server naturally has to support it, but generally if one port is open, so is the other.

Commented:
You lost me there.  How would I use these different ports?

Commented:
If I want to just test authentication, logging into the server with my user name and password, do I need to use Base64?  I can't just type in my plain administrator user name can I?
CERTIFIED EXPERT

Commented:
Well, if you're using PHP as your mailer, you'd have to use something like fsockopen() and specify the mail server and ports.  Then you construct your commands to mimic how you would do them in telnet.

I just really don't know why you're bothering - this is just a web form - send it via plain text and save yourself the hassle.
CERTIFIED EXPERT

Commented:
No, you don't need to use base64 ever for authentication - this is just used in the body to encode attachments.  If you use port 587 submission, it is 100% plain ascii text without encoding to authenticate.

Commented:

Commented:
I attached the a word document of the information I have filled out to try to get connected to our e-mail server to send us e-mails.  Should I try some of the different options instead of SMTP?
CERTIFIED EXPERT

Commented:
The only thing you should need to fill in is the Return address, the IP address of your mail server for "SMTP server address" and set the email protocol to "smtp".   Leave everything else blank or default.

Commented:
I have tried that with both my internal and external IP address for the exchange server.  Shouldn't I see something in the event viewer or a log of some sort on my exchange server, or the web server.  Below is the message I get when I attempt to send it using the internal address of my exchange server.

( ! ) Fatal error: Maximum execution time of 90 seconds exceeded in C:\wamp\www\ee\codeigniter\system\libraries\Email.php on line 1836
Call Stack
#      Time      Memory      Function      Location
1      0.0004      403296      {main}( )      ..\index.php:0
2      0.0013      460704      require_once( 'C:\wamp\www\ee\codeigniter\system\core\CodeIgniter.php' )      ..\index.php:198
3      0.1183      5736200      call_user_func_array ( )      ..\CodeIgniter.php:311
4      0.1183      5736248      EE->index( )      ..\CodeIgniter.php:0
5      0.1184      5736280      EE_Core->generate_action( )      ..\ee.php:63
6      0.1189      5777432      EE_Actions->__construct( )      ..\Core.php:483
7      0.1577      8877896      Freeform->insert_new_entry( )      ..\Actions.php:201
8      0.2688      10307264      CI_Email->send( )      ..\mod.freeform.php:1489
9      0.2693      10308912      CI_Email->_spool_email( )      ..\Email.php:1367
10      0.2693      10309352      CI_Email->_send_with_smtp( )      ..\Email.php:1498
11      60.2783      10323592      CI_Email->_send_command( )      ..\Email.php:1605
12      60.2784      10323624      CI_Email->_get_smtp_data( )      ..\Email.php:1731
CERTIFIED EXPERT

Commented:
Use whichever IP address that you are successfully able to telnet to on port 25 from a command window on that machine.

I would imagine if you get connected, your Exchange server SHOULD log something, yes.  However, the log level might be set too low.  You might want to set up some kind of packet sniffer like ethereal to listen on port 25 of the Exchange server for traffic coming from only the IP address of your WAMP server, and then you can see how far along it actually gets in the transaction.

Commented:
From the WAMP server, I can telnet port 25 on the internal IP address and get connected, however, outside of the ehlo command, I haven't been able to do anything else.  Can't send an smtp message or authenticate.
CERTIFIED EXPERT

Commented:
You shouldn't be authenticating on port 25 anyway.

What happens if you do this sequence of commands at the telnet prompt?  (skip all the lines that start with a code, those are the server responses)
[xterm@myhost]\$ telnet 10.0.0.1 25
Trying 10.0.0.1...
Connected to 10.0.0.1 (10.0.0.1).
Escape character is '^]'.
220 10.0.0.1 ESMTP MyServer 8.13.5/8.13.6; Mon, 7 Nov 2011 10:56:03 -0600
helo mydomain.com
250 10.0.0.1 Hello 10.0.0.1 [10.0.0.1], pleased to meet you
mail from: <you@yourdomain.com>
250 2.1.0 <you@yourdomain.com>... Sender ok
rcpt to: <recipient@yourdomain.com>
250 2.1.5 <recipient@yourdomain.com>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Hello, this is a test email
.
250 2.0.0 pA7Gu3aJ029626 Message accepted for delivery
quit
221 2.0.0 10.0.0.1 closing connection

CERTIFIED EXPERT

Commented:
I see you opened a new question, but you didn't not ever tell me if you were able to send manually using the method I describe above?

Commented:
I apologize, I was having issues getting this thread open again.  From the WAMP server, I can telnet to the exchange server and send a message using a noreply@domain.com sending, which is not on our domain.  I successfully sent a message using that noreply address to two addresses on our domain.  However, my webapp is still not working.
CERTIFIED EXPERT
Commented:
I think you might have to get support from your Expression Engine software vendor at this point, since we can't really see what is going on in their code that is making this fail.

Commented:
Expression Engine says it's not on their end.  I have opened up the ports on the firewall to allow all ports, when I look at the SMTP logs, I see no attempt being made when submitting the form.  I do see when I telnet to port 25.

Commented:
I did contact support for Expression engine.