• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2627
  • Last Modified:

AUTH PLAIN vs AUTH LOGIN and TLS Exchange 2010

I have one of my developers using a program called monit (don't know a lot about it). Its used to send alerts about various systems in linux (we use ubuntu).

some of these servers using monit and ubuntu are on servers off of our main network. what i've done is made a special receive connector with a different port number other than 25 and only allow IP's that we trust (using our firewall). I've enabled basic authentication as well as only allow basic authentication after starting TLS.

My developer tells me that im only presenting auth login and not auth plain. monit doesnt support auth login. it only supports auth plain. since i dont know the program i can't do any testing to see what options come up after initiating a starttls.

I though if i selected basic authentication it would allow both auth plain and auth login?

if anyone can shed any light let me know.

We have an exchange 2010 server.
0
msidnam
Asked:
msidnam
1 Solution
 
arnoldCommented:
http://www.fehcom.de/qmail/smtpauth.html

The options are displayed after issuing the ehlo hostname.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26538583.html

Ntlm might be the option that can work for you.  Not sure whether exchange support auth plain.
0
 
NetfloCommented:
Hi,

Okay in answer to your question, with an Exchange 2010 server, AUTH PLAIN is not supported, infact it was dropped when Exchange 2007 was introduced.

For further reading see "RFC: 3501" on this link: http://technet.microsoft.com/en-us/library/ff848256.aspx

Looking over the Monit documentation, it can be configured to use TLS which will help get around the teething problems you're facing.

See the "Setting a mail server for alert messages" section on the following link: http://mmonit.com/monit/documentation/monit.html

I've copied a snipped for your information:

The mail server Monit should use to send alert messages is defined with a global set statement (keywords are in capital and optional statements in [brackets]):

 SET MAILSERVER {hostname|ip-address [PORT port]
                [USERNAME username] [PASSWORD password]
                [using SSLV2|SSLV3|TLSV1] [CERTMD5 checksum]}+
                [with TIMEOUT X SECONDS]
                [using HOSTNAME hostname]
The port statement allows one to use SMTP servers other then those listening on port 25. If omitted, port 25 is used unless ssl or tls is used, in which case port 465 is used by default.

Monit support plain smtp authentication - you can set a username and a password using the USERNAME and PASSWORD options.

To use secure communication, use the SSLV2, SSLV3 or TLSV1 options, you can also specify the server certificate checksum using CERTMD5 option.


I would advise showing the developer what I've pointed out and working with him to get your servers talking correctly. Hope this helps and best of luck!
0
 
msidnamAuthor Commented:
Netflo, thank you. They are using TLS to start the process but since Monit doesnt support AUTH LOGIN it never goes through. But now I at least know that AUTH PLAIN is not supported by Exchange 2010. But they want TLS AND user authentication.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now