8 Replies Latest reply: Apr 25, 2006 1:57 AM by Torsten Grambs-Oracle RSS

    SMTP AUTH issues

    412657
      I have been struggling with trying to set up smtp_in to allow relaying from external connections as long as they authenticate themselves for awhile now with no luck. I am aware of the need to set orclpwdencryptenable=1 in OID and change passwords after. I have my smtp_in instance configured with starttls enabled and the wallet pointing to the default apache tls wallet. I have Relay Allowed set to Authenticated, have *.mydomain.com in Trusted domains and trusted sender domains, set Authentication to optional, sasl authentication enabled, etc. When I try to connect from an external network using the pine smtp client I get:
      535 5.7.0 Authentication Failed

      I tried this with a brand new account created after changing the orclpwdencryptenable=1 as well.
      telnet localhost 25 gives:
      220 server ready. Unauthorized Access Prohibited.
      ehlo x
      250-feta.temperagen.com Hello localhost, pleased to meet you
      250-8BITMIME
      250-SIZE
      250-DSN
      250-ENHANCEDSTATUSCODES
      250-AUTH DIGEST-MD5 CRAM-MD5
      250-XAUTH
      250 HELP

      Any ideas? Could someone who has smtp auth working tell me what different settings you have?

      Thanks in advance,
      Chris
        • 1. Re: SMTP AUTH issues
          412657
          I'm still having problems with this and I have no idea what is going wrong. I found a document on how to check smtp auth via a telnet session (it was in some sasl documentation) and tried that and still got an Authentication Failed.

          220 server ready. Unauthorized Access Prohibited.
          ehlo x
          250-feta.xxx.com Hello 192.168.100.26, pleased to meet you
          250-8BITMIME
          250-SIZE
          250-DSN
          250-ENHANCEDSTATUSCODES
          250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
          250-XAUTH
          250 HELP
          AUTH PLAIN dGVzdDEAdGVzdDEAdGVzdDR0ZXN0
          535 5.7.0 Authentication failed
          451 4.4.0 Disconnected or network error

          Does anyone have SMTP AUTH working in any way?
          • 2. Re: SMTP AUTH issues
            433455
            Hi,

            we have smtp_in working with authentication the way you want. Please check, if you have setup the follwoing:

            - Trusted Relay Domains -> yourdomain.com
            - Trusted Domains -> *.yourdomain.com
            - Trusted Sender Domains -> yourdomain.com auth

            That should get you going with smtp auth.

            Cheers,
            Stephan
            • 3. Re: SMTP AUTH issues
              Torsten Grambs-Oracle
              Hello Stephan, hello cblack,

              it would be really interesting which client you are using.
              Along with this, what SMTP_IN in loglevel 30 says. The ehlo says that you disabled plain text encryption, which should not be disabled for first tests.

              cblack,
              what are your detailed oid setting for smtp_in and which clients you are using ?

              I personally checked out this extensively and it worked perfectly.

              Best regards,
              Torsten
              • 4. Re: SMTP AUTH issues
                Torsten Grambs-Oracle
                Hello cblack,

                seen that AUTH PLAIN and LOGIN are enabled.
                Have you checked Metalink Note:333074.1 Secure transmission and authentication in OCS 10.1.1 EMail ?

                The same is applicable for 10.1.2 ++

                - Torsten
                • 5. Re: SMTP AUTH issues
                  412657
                  Thanks for your reply. I have tried this with PLAIN auth as well. I have also set the orclpwdencryptionenable to 1 as described in that document and tried accounts that were created after than change in the OID had been made. I am testing using pine and telnet (creating the base64 string as described in a kb document). The server is not currently back up so I can't easily get you all the parameters. I will do so soon however.
                  • 6. Re: SMTP AUTH issues
                    Torsten Grambs-Oracle
                    Thanks Chris,

                    I had not tested using pine nor telnet, therefore really asking you to use 2 methods, Oracle Connector for Outlook and/or Mozilla Thunderbird as indicated in the previous mentioned Note. For telnet, I am not sure how to encrypt a password (except the base64 PLAIN auth), pine - I personally do not use pine.

                    Thanks - Torsten
                    • 7. Re: SMTP AUTH issues
                      412657
                      I have solved this issue with the help of a couple oracle techs working on an SR. The core issue was that the "username" used when authenticating to SMTP AUTH in order to relay is "username@domain" NOT just "username". I missed this entirely since the login for imap is just "username".
                      • 8. Re: SMTP AUTH issues
                        Torsten Grambs-Oracle
                        Hi Chris,

                        the IMAP login can be username standalone as long it's in the default domain. However, if you have more than 1 domain, "user@domain" login is required for both SMTP and IMAP.

                        - Torsten