1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

No AUTH after EHLO

Discussion in 'Plesk for Linux - 8.x and Older' started by jhuedder, Jul 31, 2008.

  1. jhuedder

    jhuedder New Pleskian

    22
    73%
    Joined:
    Sep 23, 2004
    Messages:
    24
    Likes Received:
    0
    Hi there,

    my QMail is confusing mail-clients like Outlook when trying to send mail with SMTP-Authentification.

    My Outlook complains "Fehler (0x800CCC80) beim Ausführen der Aufgabe "xxx@yyy.de - Nachrichten werden gesendet": "Vom Server wird keine der von diesem Client unterstützten Authentifizierungsmethoden unterstützt." which means "The server doesn't support any authentication types supported by this client".

    I read the SMTP-AUTH-RFC and found that the SMTP-server should answer "250 - AUTH PLAIN LOGIN ..." after the EHLO-command. But my server doesn't give any answer containing AUTH-types. This is the answer when I gave "telnet abc.xyz.net 25" at the command-prompt:

    220 abc.xyz.net ESMTP
    ehlo testcomputer
    250-abc.xyz.net
    250-STARTTLS
    250-PIPELINING
    250 8BITMIME

    So right now I can only use POP-before-SMTP which is not supported by many mobile clients.

    Any help appreciated.

    Thanks, Joerg (info-at-hueddersen.de)
     
  2. keff

    keff Basic Pleskian

    25
    57%
    Joined:
    Dec 3, 2007
    Messages:
    88
    Likes Received:
    0
    I've got the same problem. Maybe You resolve It ?
     
  3. intosh

    intosh Guest

    0
     
    I have the same problem.

    This is big bug as Outlook 2007 cannot authenticate with Plesk now in any other way then through POP before SMTP. I don't want to use POP before SMTP as it is insecure and I am testing Spamdyke which will broke POP before SMTP anyway.
     
  4. intosh

    intosh Guest

    0
     
    One more problem with no AUTH in EHLO.

    Some servers require user email address verification when sending emails to their domains, as Plesk has no AUTH in ehlo that servers will not be able to verify user email address on server and will reject emails send to them from Plesk.
     
  5. sergius

    sergius Golden Pleskian

    28
    57%
    Joined:
    Nov 6, 2005
    Messages:
    1,898
    Likes Received:
    0
    Gentlemen,

    Thank you for the reports.

    AUTH option will be absent in the response, if the IP address from which the connection is established is in Whitelist (Server> Mail> White List) or when POP3-Authentication is enabled, if there was a connection from this IP address via POP3 (temporary Whitelist).
    You should either remove the credentials for SMTP-Authentication, or remove the appropriate IP addresses from Whitelist.

    Any feedback is appreciated.
     
  6. faris

    faris Guest

    0
     
    Just to confirm what Sergius is saying:

    If you have enabled pop-before-relay then (if the customer has collected email before trying to send) there will be no auth and Outlook 2007 will fall on its face. (The same goes for Apple Mail, Vista Mail and Entourage).

    Similarly, if you have added the ip of the customer trying to auth to Plesk's whitelist, there will be no auth and Outlook 2007 (etc) will fall on its face.

    It is not clear why older versions of Outlook don't suffer from the same problem.
    It is not clear if it is possible to modify Qmail to get round this problem.

    Simple Solution for now: Disabled pop-before-relay and remove any IPs in your whitelist that point to customer IPs.

    Faris.
     
  7. intosh

    intosh Guest

    0
     
    Hello,

    I can confirm that this workaround works for me. Thanks for help. Hope for qmail update to fix that issue.
     
  8. intosh

    intosh Guest

    0
     
    New Outlook evidently checks what response it get from server when connecting so best authorisation method could be choosed. When no auth is returned after ehlo command. Outlook do no try to authenticate.
     
  9. jhuedder

    jhuedder New Pleskian

    22
    73%
    Joined:
    Sep 23, 2004
    Messages:
    24
    Likes Received:
    0
    @sergius: Thanks for your diagnosis. I have the problem that some of my clients use internal mailservers that pull mail every 15 minutes via fetchmail (POP3). This enables them through POP-before-SMTP with a time frame of 20 minutes to relay their mail to my server. On the other hand my private clients use SMTP-authentication, especially through their mobile clients. So I NEED BOTH!! I can't just switch POP-before-SMTP off (which indeed lets QMail send AUTH after EHLO).

    Since you already know that the problem is about the temporary whitelist can't you give any advice how to fix the whole issue?

    Joerg
     
  10. phaetons

    phaetons Guest

    0
     
    I got the same problem,
    i can't disable pop befor smtp because some clients needs it and i also need smpt_auth for a lot of other clients.
    This is a serious problem, not only for me.

    This problem is known since November 2007 (http://forum.swsoft.com/showthread.php?t=38900&page=2&pp=15).

    Sergius, or whoever from Plesk, do you think there is any chance to get a fix within the next year?
     
  11. faris

    faris Guest

    0
     
    You can still do both as long as you ask one set of customers to use, say, port 587 (submission port) and another set to use 25.

    If you then remove the "relaylock" entry (/var/qmail/bin/relaylock) from the config file in /etc/xinet.d/ (or is it not /etc/indet.d for 8.6?) for port 587 then there will be no pop-before-relay on that port, but it will remain on port 25.

    I'm sorry I'm not being terribly specific here but I don't have an 8.6 installation close to hand to check the files.

    Also don't follow my advice blindly -- use at your own risk. It is past midnight as I type, I'm ill, and I'm working from memory.

    Faris.
     
  12. phaetons

    phaetons Guest

    0
     
    Hi faris,
    thanks fpr the hint. I already thought about something like that.

    I will try to set "Pop before smtp" on 587 (because its just 2 customers that have to change the port) and remain smtp_auth on port 25.

    I will let you know here, if it works.
     
  13. phaetons

    phaetons Guest

    0
     
    Ok, that seems to be easy.

    I wanted to activate "POP before SMTP" only on Port 587 and SMTP_AUTH on Port 25.
    System is Plesk 8.6.0 (SuSE).

    In Plesk-Backend "Server > Mail" i set:
    - "Submission" activated
    - "Realying" activated, just for SMTP (not POP3)

    Now there are config-files /etc/xinetd.d/smtp_psa (port 25) and /etc/xinetd.d/submission_psa (port 587).
    Both ports are now Relay-Locked with SMTP_AUTH.

    To change Port 587 from SMTP_AUTH to "POP before SMTP" i changed
    env = SUBMISSION=1 SMTPAUTH=1 SHORTNAMES=1
    to
    env = SUBMISSION=1 POPAUTH=1 POPLOCK_TIME=20 SHORTNAMES=1
    in /etc/xinetd.d/submission_psa.

    Then restarted xinetd with "/etc/init.d/xinetd restart" and it works for me.

    This Changes can be overwritten by Plesk-Backend or Plesk Updates, so if you do something like this, you do it on your own risk!
     
  14. limparty

    limparty Guest

    0
     
    Dear Sergius,

    As your suggestion, how can I know all my client IP address?

    Due to I am new administrative, please give me more detail than usaual.

    I do not understand "remove the credentials for SMTP-Authentication, or remove the appropriate IP addresses from Whitelist", please explain.

    Thank you very much
    Lim
     
  15. shima

    shima Guest

    0
     
    Hi,
    After upgrading to 8.6 not only I can't use outlook (AUTH problem), but also my users can't login to the horde! In addition my poppasswd (qmail) is only 0 KB and even using mchk didn't change it.
    Any Idea about it?
     
Loading...