| Configuring SMTP relay with authentication [message #147417] |
Thu, 16 January 2020 21:57 |
derek_500
Messages: 38
Registered: September 2006
Location: MA, USA
|
|
|
|
Hello all,
Previously we allowed SMTP relay without authentication from LAN IP addresses. We have several hardware devices that can send out email notifications, so this made sense. We have decided to change this policy and require authentication. We use Active Directory for authentication and it is configured properly under our domain settings - Directory Service with a secure LDAPS connection.
Previously, under SMTP Server settings, we had checked 'Allow relay only for:' with only 'Users from IP address group: (our LAN address group).
Today I checked 'Users authenticated through SMTP for outgoing mail', figuring this would allow us to relay using a username and password on the device. I can still send non-authenticated emails, as the first box is still checked, but when I add a username and password to any of our devices, they fail and we get an error in the security log:
SMTP: Authentication failed for user ----<_at_>----.---. Attempt from IP address ##.#.#.#. External authentication service rejected authentication due to invalid password or authentication restriction.
Failed SMTP login from ##.#.#.# with SASL method LOGIN.
Under 'configuring the SMTP server' https://manuals.gfi.com/en/kerio/connect/content/server-conf iguration/services/configuring-the-smtp-server-1167.html I do acknowledge the note "If you select both the Users from IP address group and Users authenticated through SMTP options, and the SMTP authentication fails, Kerio Connect does not verify whether the user belongs to the allowed IP address and users cannot send outgoing messages." - this is consistent with our results, authentication fails and the message is not sent. If I remove the username and password from the device, messages will send again.
At this time we are still okay, non-authenticated devices can still relay their messages to us. What other setting is required for SMTP relay authentication using AD accounts?
|
|
|
|
Members
Search
Help
Register
Login
Home
