Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
smtp authentication does not work with outlook [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Mon Jul 16, 2007 9:33 am    Post subject: smtp authentication does not work with outlook [solved] Reply with quote

I have been following this howto to get smtp authentication working with Cyrus-sasl.
This allows me to send emails through my mailserver, even if I'm somewhere else.
The problem is that it doesn't work with outlook. Evolution and Thunderbird go fine,
but outlook refuses to authenticate. I configured the outgoing mail settings in outlook
the authenticate (using TLS) with the smtp-server. But when I try to send an email,
I get a relay access denied error, because outlook does not authenticate.

Does someone have experience with this (very strange) problem? :?
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all.


Last edited by mariourk on Mon Jul 23, 2007 12:52 pm; edited 1 time in total
Back to top
View user's profile Send private message
magic919
Advocate
Advocate


Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK

PostPosted: Mon Jul 16, 2007 10:22 am    Post subject: Reply with quote

Might be worth breaking it down a bit. Can you just smtp-auth without the TLS?
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Mon Jul 16, 2007 10:39 am    Post subject: Reply with quote

Without TLS, outlook still does't authenticate.
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all.
Back to top
View user's profile Send private message
magic919
Advocate
Advocate


Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK

PostPosted: Mon Jul 16, 2007 10:51 am    Post subject: Reply with quote

When you telnet to port 25 and give it an EHLO do you get all the smtp-auth options?
Back to top
View user's profile Send private message
schally
Apprentice
Apprentice


Joined: 13 May 2004
Posts: 207

PostPosted: Mon Jul 16, 2007 11:38 am    Post subject: Re: smtp authentication does not work with outlook Reply with quote

mariourk wrote:

...because outlook does not authenticate...


why do you use outlook anyway when thunderbird is doing fine?
_________________
Our glory is not in never falling but in rising again every time we fall -Konfuzius

greetz
- schally
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Mon Jul 16, 2007 12:35 pm    Post subject: Reply with quote

Quote:

why do you use outlook anyway when thunderbird is doing fine?

Ah, that is a very good question :wink:

The server I'm referring to, is the mailserver of our company.
I'm using Evolution myself. And when I'm working in a windows environment
(sometimes it cannot be avoided... :( ) I use Thunderbird. So far , so good.
Unfortunately most of the users here, use Outlook for their email. In this case,
the laptop users, it's all of them, who use outlook. So...

If it was up to me, I would have abandoned windows a long time ago.
Unfortunately, this is easier said than done. :evil:
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all.
Back to top
View user's profile Send private message
schally
Apprentice
Apprentice


Joined: 13 May 2004
Posts: 207

PostPosted: Mon Jul 16, 2007 12:56 pm    Post subject: Reply with quote

hm,... why you don't make the first step and bann outlock/outlook??
_________________
Our glory is not in never falling but in rising again every time we fall -Konfuzius

greetz
- schally
Back to top
View user's profile Send private message
elgato319
Guru
Guru


Joined: 15 Sep 2005
Posts: 546

PostPosted: Mon Jul 16, 2007 7:37 pm    Post subject: Reply with quote

main.cf:
debug_peer_level = 5
debug_peer_list = 10.x.x.x (ip from the outlook client)

if the outlook client connects again you should see more output in your logfiles.
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Mon Jul 23, 2007 9:05 am    Post subject: Reply with quote

Sorry for the late respons, I've been busy this weekend.

I've used your advise to get some more detailed info from the logs.
There is a difference between outlook and Evolution. But I can't figure out
why there is a difference. Here is the output from the logs.

Download the logfile from outlook here
Download the logfile from Evolution here

I noticed a difference at the beginning of the logs

Outlook
Code:

Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-STARTTLS
Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-ENHANCEDSTATUSCODES
Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-8BITMIME
Jul 23 10:02:19 mail postfix/smtpd[32585]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250 DSN
Jul 23 10:02:19 mail postfix/smtpd[32585]: watchdog_pat: 0x80cb610
Jul 23 10:02:19 mail postfix/smtpd[32585]: vstream_fflush_some: fd 18 flush 133
Jul 23 10:02:19 mail postfix/smtpd[32585]: vstream_buf_get_ready: fd 18 got 36
Jul 23 10:02:19 mail postfix/smtpd[32585]: < uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: MAIL FROM: <mario@famtennapel.com>


Evolution
Code:

Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-STARTTLS
Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-ENHANCEDSTATUSCODES
Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250-8BITMIME
Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 250 DSN
Jul 23 10:07:00 mail postfix/smtpd[32605]: watchdog_pat: 0x80cb610
Jul 23 10:07:00 mail postfix/smtpd[32605]: vstream_fflush_some: fd 18 flush 133
Jul 23 10:07:00 mail postfix/smtpd[32605]: vstream_buf_get_ready: fd 18 got 10
Jul 23 10:07:00 mail postfix/smtpd[32605]: < uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: STARTTLS
Jul 23 10:07:00 mail postfix/smtpd[32605]: > uk-dd61.mxs.adsl.euronet.nl[81.68.251.97]: 220 2.0.0 Ready to start TLS

However, I couldn't figure out why there is a difference.
I hope someone can shed some light on this.
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all.
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Mon Jul 23, 2007 12:47 pm    Post subject: Reply with quote

I think I solved the problem. In outlook I had to enable to use SSL when contacting the SMTP-server.
I tried this before, but that led to another problem. The email returned with this error:
Code:

504 5.5.2 <mario>: Helo command rejected: need fully-qualified hostname

It turned out this was caused by my postfix configuration in /etc/postfix/main.cf
I had to edit the smtpd_recipient_restrictions option and move permit_mynetworks and
permit_sasl_authenticated to the top of the list. (well, almost the top) It now looks like this:
Code:

smtpd_recipient_restrictions =
   check_client_access hash:/etc/postfix/helo_client_exceptions,
   check_sender_access    hash:/etc/postfix/sender_checks,
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   check_policy_service inet:127.0.0.1:10030

I hope this will help someone. :D
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all.
Back to top
View user's profile Send private message
Mr.C.
n00b
n00b


Joined: 25 Feb 2007
Posts: 35

PostPosted: Mon Jul 23, 2007 5:24 pm    Post subject: Reply with quote

Make sure that both files listed here:

Code:
check_client_access hash:/etc/postfix/helo_client_exceptions,
check_sender_access    hash:/etc/postfix/sender_checks,


do *not* have OK results listed, or you have created an open relay.

MrC
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Tue Jul 24, 2007 9:44 am    Post subject: Reply with quote

I will keep an eye on it. Thank you for pointing it out :D
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum