Email problem from CiscoWorks machine

Answered Question
Oct 12th, 2009

Hello,


I have configured the SMTP server in Cisco Common Services under Server -> Admin.


For e.g.

the SMTP Server is: mail.abc.com

Administrator Email Id: [email protected]


However, when I run a RME sync archive job with my email id ([email protected]) it fails. I ran a wireshark and noticed that the Cisco Works machine generates a HELO command to the host name of its own machine (lets says machine name 'CiscoWorks') to which

I get an 'RST'(Reset) packet. Access to the outside mail server is open on port 25.


Is this right ? Shouldn't it send a HELO abc.com instead.


Thanks.

Correct Answer by Joe Clarke about 7 years 4 months ago

I don't know of any for Windows. But your understanding is correct. The local SMTP gateway would relay messages from CiscoWorks and other applications to the official gateway. The local gateway would speak authenticated SMTP to the official gateway.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
tech_trac Tue, 10/13/2009 - 02:35

We connect to the Linux based Exim Mail Server. And I believe Exim is configured to accept 'HELO MAILSERVER.com' i.e. the domain

name of the mail server. Whereas, the CiscoWorks sends email notifications with 'HELO localhost' i.e. Cisco works machine name

and it gets rejected.


Is it possible to change the parameter Cisco Works use to send HELO command to.

tech_trac Tue, 10/13/2009 - 04:43

Is there a password that can be set for SMTP Server account login via Cisco Works. If so, then HELO to localhost may work.


Below is the SMTP log from Cisco Works. Even though I had configured mail.abc.com as the SMTP server in Common Services yet the Cisco Works sends a HELO request to localhost (can be seen in wireshark). The error in Wireshark shows "550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)". Please assist.


[ Tue Oct 13 15:36:08 GST 2009 ] INFO [Util : sendMail] : sendMail() - Starts

[ Tue Oct 13 15:36:08 GST 2009 ] INFO [Util : sendMail] : SMTP Server:mail.abc.com

[ Tue Oct 13 15:36:08 GST 2009 ] INFO [Util : sendMail] : From ID:[email protected]

[ Tue Oct 13 15:36:08 GST 2009 ] INFO [Util : sendMail] : To ID:[email protected]

[ Tue Oct 13 15:36:08 GST 2009 ] INFO [Util : sendMail] : Subject:JobId: 1709,Job Status: Job Succeeded,Application: ArchiveMgmt, Run Type: Immediate

[ Tue Oct 13 15:36:09 GST 2009 ] ERROR [Util : sendMail] : Unknown error in connecting to the SMTP server [mail.abc.com]

[ Tue Oct 13 15:36:09 GST 2009 ] ERROR [Util : sendMail] : Exception: java.lang.NullPointerException

[ Tue Oct 13 15:36:09 GST 2009 ] ERROR [Util : sendMail] :

Joe Clarke Tue, 10/13/2009 - 07:20

No, SMTP passwords are not supported by LMS. The 550 error means your SMTP server is rejecting the IP of the LMS server. Talk to your SMTP admins, and make sure mail.abc.com is allowed to relay mail for the LMS server.

tech_trac Tue, 10/13/2009 - 09:05

Hello,


I believe relaying is allowed. Because I ran manual SMTP commands on the Cisco Works machine with


HELO mail.abc.com


and its works fine. The problem is only with 'HELO localhost' which is what Cisco Works machine generates for email notification.


Please advise.

Joe Clarke Tue, 10/13/2009 - 09:14

The proper protocol is for the mail client to send:


HELO


So, if the client is sending:


HELO localhost


Then there is a problem with the Java API obtaining the client's local hostname. Make sure the client's IP address properly resolves to the client's correct hostname.

tech_trac Tue, 10/13/2009 - 10:57

Hello,


It is infact the client hostname. I had stated localhost for understanding.


I think the Exim mail server does not allow relaying unless the machine/IP has authenticated itself with the mail server against the 'From' email account. So due to lack of password for SMTP in Common Services, it does not get authenticated and hence is rejected by the mail server.


What could be the solution. For a third party email service provider it is difficult to change their security options for one of the customers i.e. to relax the authentication bit to relay emails.


Shouldn't Cisco Products include SMTP password option for better security. Because, if authentication were not required, then any spammer could use this service to relay junk emails with all freedom. I am now facing same problem with ASA CSC-SSM email notification feature due to the given reason.


Thanks.

Joe Clarke Tue, 10/13/2009 - 11:01

If you cannot have the SMTP server blindly allow relaying for the CiscoWorks host, you could create your own SMTP gateway, and configure it to use the main SMTP server with proper authentication. That is, install your own SMTP server which anonymously relays for the LMS server, then sends all mail to mail.abc.com using the SMTP authentication system required there.

tech_trac Tue, 10/13/2009 - 11:18

Thanks for the suggestion.


It is probably outside the Cisco domain, but could you please suggest any easy to install/configure SMTP gateway.


I haven't tried any before.

Joe Clarke Tue, 10/13/2009 - 11:19

I use sendmail on FreeBSD. I wouldn't say it's easy, though. I have quite a few friends that say Postfix is the way to go, but I'm happy with sendmail.

tech_trac Tue, 10/13/2009 - 11:46


Would you know any on Windows (it is inherently easy).


Please confirm if my understanding is correct.


Using the SMTP gateway would mean its configuration would hold the email user account and password information and hence it do the authentication for every mail sent through it.

Correct Answer
Joe Clarke Tue, 10/13/2009 - 12:00

I don't know of any for Windows. But your understanding is correct. The local SMTP gateway would relay messages from CiscoWorks and other applications to the official gateway. The local gateway would speak authenticated SMTP to the official gateway.

tech_trac Wed, 10/14/2009 - 07:15

Hello,


Does the SMTP gateway need to be published on the internet and registered in the global DNS (Host A/MX record) to send out the email.


Thanks.

Joe Clarke Wed, 10/14/2009 - 07:54

No. The gateway should only forward email to mail.abc.com. For instance, in our lab, I have a machine setup to relay email from our lab devices up to our corporate MX. There is no way this server is reachable from the internet, and does not participate in any other mail exchanges.

tech_trac Thu, 10/15/2009 - 02:33

I installed an SMTP gateway and the emails are now going out. However, the From field is empty when the mail is recieved. Does the CiscoWorks SMTP client populate the 'From Header' in email with administrator email Id or is it blank. In wireshark, I can see that 'MAIL FROM" is populated with correct 'From' i.e. the administrator id. I believe

there are two from fields i.e. the SMTP envelope From and the email From header. Which one does the CiscoWorks SMTP client

set.

tech_trac Thu, 10/15/2009 - 06:33


For the From to appear in the Inbox, the FROM: should come after the DATA command during SMTP communication. But in case of CiscoWorks I only see it before DATA command.


Does CiscoWorks support it to be after DATA command.

Joe Clarke Thu, 10/15/2009 - 08:26

Yes, it does, and you've seen in the logs you posted before. As long as the administrator email ID is populated in Common Services > Server > Admin > System Preferences, the From: header should be populated in the email.

tech_trac Thu, 10/15/2009 - 10:01

Hello,


I was refering to the Wireshark trace.


As an example, I have put the From field in quotes below. I don't see the From after DATA command in Wireshark


HELO some-hostname

servers response

MAIL FROM: some address

250 ok something

RCPT TO: recipient address

250 ok something

DATA

"From: recipient address"

more headers


email body

Joe Clarke Thu, 10/15/2009 - 10:10

It should be there. The code writes it as you can see in the log snippet in your first follow-up post. Exactly what email is being sent that is not showing the full headers?

tech_trac Sat, 10/17/2009 - 02:21

I am only trying to compare the wireshark trace for one-to-one mapping.


I generated email for CiscoWorks via RME-Sync Archive and the wireshark trace from CiscoWorks is


1. HELO

2. MAIL FROM:

3. RCPT TO:

4. DATA

5. .

6. QUIT


So there is no trace for 'from:' IMF protocol after the DATA command.


I then tried a trace from my outlook client while generating an email and I could see that the 'from:' IMF record is sent after the DATA Command.


Apparently, CiscoWorks machine is not generating it. Do I need to restart any service etc for this.


Lastly, in this example I have used the same email Id for MAIL FROM: (i.e. Administrator ID in Common Services) and RCPT TO:. Hope that should not matter.


Please assist.


Thanks.

Joe Clarke Sat, 10/17/2009 - 12:30

I was able to reproduce this, and I filed CSCtc60402 to track the problem. I have produced a patch you can try if you open a TAC service request.

tech_trac Sat, 10/17/2009 - 12:33

Thanks. I will check and post an udpate.


When is this patch expected to be released as part of LMS update, in case I cannot raise a TAC due to the support contract.

tech_trac Mon, 10/19/2009 - 08:22

Setting up an SMTP gateway to send the password out to our internet Mail Server, worked well with CiscoWorks notifications.


But then I got stuck with NAM (Network Analysis Module) email notifications. It does not have the option of configuring SMTP password nor does it allow to change the sender/administrator email id (as in CiscoWorks).


The SMTP gateway allows only one user account to be used for authentication (if sender and receiver domain are the same which is my case). So for e.g. I have configured [email protected] with its account password in the SMTP gateway for necessary authentication. But I cannot add the second account in the gateway i.e. for [email protected] with its password required by our internet Mail Server.


Please advise whether NAM administrator email id can be changed or not. If not then why is there so much difference in every Cisco Product with regards to SMTP configuration/notifications.


Please suggest.


Thanks.

Actions

This Discussion