SMTP Authentication

Unanswered Question
Mar 16th, 2008
User Badges:

Hi all

I have a problem with the SMTP authentication. I'm running an IronPort C100 box in front of a sendmail system. The sendmail has all the users stored with their SASL passwords.

I'd like to set the C100 box to forward authentication requests to the sendmail box to enable people on the road to use C100 for relaying their email messages (after a successful SMTPAUTH).

What I did:
1) Created the SMTP Authentication Profile (Forward with Use SASL Login)
2) Added the profile to the external interface listener (authentication profile)
3) Edited the Mail Flow Policies default "SMTP Authentication" to preferred

When I use my Outlook Express against he C100 I get an "554"-error immediately. I also get the same error if I do a simple telnet from external laptop to the Ironport box on port 25.

Any help?

Thx
reto

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Tue, 03/18/2008 - 20:34
User Badges:

More than likely, you're matching a Sendergroup/Mail Flow policy that you didn't expect to match.

Try running a grep of the IP address of your laptop/workstation to see which sendergroup/mail flow policy that you've matched.

Let's say for example, you find out the IP address of your laptop that has Outlook Express (OE) is 1.2.3.4. If this is the case, type this on the command line of your appliance before running a test from OE:


grep -it "1.2.3.4" mail_logs


the -i means ignore case
the -t means to tail the logs and only show the pattern of "1.2.3.4"

Have the above "grep" running and then run another test from OE

You should get an ICID entry.

Then type this,

grep -i "ICID 789" mali_logs

Replace 789 with the ICID that you get. You should get something like this below:

The lines in BOLD show the Sendergroup(SG) that you match. In the example below, I matched the ALL sendergroup, thus us the Accepted mail flowpolicy (see MAIL POLICIES > HAT OVERVIEW in your GUI interface).

Below, you can see that I've successfully authenticated.

My recommendation to get it to work for all your mail flow policies. is to go to MAIL POLICIES > MAIL FLOW POLICIES., click on edit default policies parameters and enable SMTP AUTH preferred for all your policies and make sure each policy points to the default policy parameters.

Tue Mar 18 12:21:35 2008 Info: New SMTP ICID 175 interface Management (74.201.91.95) address 10.251.21.126 reverse dns host unknown verified no
Tue Mar 18 12:21:35 2008 Info: ICID 175 ACCEPT SG None match ALL SBRS unable to retrieve
Tue Mar 18 12:22:16 2008 Info: SMTP Auth: (ICID 175) succeeded for user: kluu using AUTH mechanism: LOGIN with profile: smtp-auth
Tue Mar 18 12:22:16 2008 Info: Start MID 484 ICID 175
Tue Mar 18 12:22:16 2008 Info: MID 484 ICID 175 From:
Tue Mar 18 12:22:16 2008 Info: MID 484 ICID 175 RID 0 To:
Tue Mar 18 12:22:16 2008 Info: ICID 175 closed



Hi all

I have a problem with the SMTP authentication. I'm running an IronPort C100 box in front of a sendmail system. The sendmail has all the users stored with their SASL passwords.

I'd like to set the C100 box to forward authentication requests to the sendmail box to enable people on the road to use C100 for relaying their email messages (after a successful SMTPAUTH).

What I did:
1) Created the SMTP Authentication Profile (Forward with Use SASL Login)
2) Added the profile to the external interface listener (authentication profile)
3) Edited the Mail Flow Policies default "SMTP Authentication" to preferred

When I use my Outlook Express against he C100 I get an "554"-error immediately. I also get the same error if I do a simple telnet from external laptop to the Ironport box on port 25.

Any help?

Thx
reto

Actions

This Discussion