smtp authentication issue

sam_ironport · ‎12-24-2008

Hi all :
Anyboday can tell me how i can verify the smtp authentication feature?
I cannot use ironport send email after set up this feature .
I have set up and the step as below:

First I create the LDAP Profile that include the SMTP Authentication Query ,i test query it work fine and i use the LDAP Bind.

Second , I create the smtp auth profile and selected the smtp auth profile at the listener .

finally , i selected the smtp authentication preferred at the default mail flow policy parameters .

Please tell me if i missed some step and how i can verify this feature.

thx thx thx :wink:

kluu_ironport · ‎12-24-2008

Using this KB article as a point of reference,

External users using LDAP SMTPAUTH to authenticate and relay mail

http://tinyurl.com/2dfeef

From your description, it sounds like you've done everything correctly. Check your mail_logs for smtp auth attempts, (e.g.
Wed Sep 12 07:59:41 2007 Info: SMTP Auth: (ICID 36) succeeded for user: jsmith using AUTH mechanism: LOGIN with profile: ldap_smtp)

Also, can you briefly go over how you're doing your test? Are you using a mail client like Mozilla Thunderbird and setting the outgoing server to be the IronPort appliance IP/hostname?

sam_ironport · ‎12-25-2008

Hi kevin :
thx for you reply . I capture the smtp log as below :

Thu Dec 25 13:09:00 2008 Info: New SMTP ICID 184830 interface IncomingMail (192.
168.2.22) address 125.31.30.145 reverse dns host n28z30l145.broadband.ctm.net ve
rified yes
Thu Dec 25 13:09:00 2008 Info: ICID 184830 REJECT SG BLACKLIST match sbrs[-10.0:
-3.0] SBRS -4.0
Thu Dec 25 13:09:00 2008 Info: ICID 184830 Delayed HAT REJECT continuing session
for recipient logging
Thu Dec 25 13:09:00 2008 Info: ICID 184830 Unknown command: XXXX
Thu Dec 25 13:09:00 2008 Info: ICID 184830 lost
Thu Dec 25 13:09:00 2008 Info: ICID 184830 close

My ip address is 125.31.30.145 , I use outlook 2007 test it from my home and i enable the HAT delay rejection at ironport .

I set up the Outlook client use my company Ironport as smtp server to send email.
and i set the outgoing server required authentication and enter my domain username : sam and password.

kluu_ironport · ‎12-25-2008

Thu Dec 25 13:09:00 2008 Info: ICID 184830 REJECT SG BLACKLIST match sbrs[-10.0:
-3.0] SBRS -4.0

I think the problem is that the IP address you're coming from (i.e. *.
.broadband.ctm.net) has a low SBRS score and you're getting stopped by the HAT Overview/Blacklist sendergroup first, before you're allowed to transmit your username/password.

Therefore, I don't think the problem is with the smtp auth at this point. It's the low SBRS score.

Try this.

Create a custom/new sender group just for your ISP and put it at the top of your HAT Overview (or at least above the Blacklist).

1. Create a new sendergroup called "Accept-Broadband". Set the connection behavior to be "Accept"
2. Make sure the order is at the top.
3. For the senders, add ".broadband.ctm.net" to the list of connecting host.
4. This way, you can make sure your connections don't get stopped by the Blacklist.

Then, try the smtp auth again. Try and get that to work first.

We'll discuss the low SBRS score issue later once the smtp auth is working.

And by the way, there's nothing wrong with you, it's just broadband.ctm.net has a low sbrs score. It's like the passenger in the taxi is okay, but the taxi driver is bad.

sam_ironport · ‎12-25-2008

Hi kevin :
I just add a sender group and add the sender as you told me .
The mail log as below :

Thu Dec 25 21:05:02 2008 Info: New SMTP ICID 185514 interface IncomingMail (192.
168.2.22) address 125.31.30.145 reverse dns host n28z30l145.broadband.ctm.net ve
rified yes
Thu Dec 25 21:05:02 2008 Info: ICID 185514 ACCEPT SG Accept_Sam_Broandband match
.broadband.ctm.net SBRS -4.0
Thu Dec 25 21:05:02 2008 Info: ICID 185514 Unknown command: XXXX
Thu Dec 25 21:05:02 2008 Info: ICID 185514 lost
Thu Dec 25 21:05:02 2008 Info: ICID 185514 close

kluu_ironport · ‎12-25-2008

Thu Dec 25 21:05:02 2008 Info: ICID 185514 Unknown command: XXXX
Thu Dec 25 21:05:02 2008 Info: ICID 185514 lost
Thu Dec 25 21:05:02 2008 Info: ICID 185514 close

That's good that you're assigned to a non-Blacklist sendergroup. Now, let's see why there is the "Unknown command: XXXX"

Can you give a screenshot of you Outlook mail client Outgoing server settings?

Also, make sure the Accept connection behavior for the Sendergroup Accept_Sam_Broandband has Smtp auth set to Preferred

sam_ironport · ‎12-27-2008

Hi kevin :
I solved it already , There was the Firewall issue .
Firewall enable smtp inspect and block the auth command to ironport .
so there was Unknown command : XXXX .
I test it work successful after i disable firewall smtp inspect feature .

thx a lot :)