SMTP Authentication not working

[hedbanger83]

Hi,

We just moved our domain from a Plesk server to a cpanel server. We all had Outlook set to "My Outgoing Server (SMTP) requires authentication" and everything worked fine on the Plesk server. I have read the other reloated threads in this forum but I can't find anything that solves my issue. Apparently SMTP authentication is enabled by default with cpanel. However, we can only sned emails through outlook when we "uncheck" the "My Outgoing Server (SMTP) requires authentication". This is really bothering me because it seems that SMTP authentication IS NOT enabled on my server. And obviously I don't want random people being about the send through my server. Receiving messages via pop3 is perfectly fine, but sending email only works when NOT authenticating. I jsut keep getting a popup box asking me for the username and password when I try to send emails with SMTP auth enabled. Just doesn't make any sense.

[UPDATE]
I have another domain on the same server which was set up before the one I'm having issues with. SMTP authentication through outlook DOES work on this account. Outgoing emails are sent without any problems, and it doesn't keep popping up a box asking for the username and password. But also, SMTP auth is NOT required, I can also send emails without SMTP authentication on this domain.

Can anyone help?

Thanks, Kyle

[hedbanger83]

OK,

All i had to do to get SMTP Authentication working with OUTLOOK was to reset each of the passwords on each email account, in the domain's cPanel. And now I can send through Outlook with SMTP authentication enabled.

But, SMTP Authentication still doesn't appear to be REQUIRED, as I can ALSO send without SMTP authentication enabled in outlook.

Any ideas?

Thanks.

[SB-Nick]

Hello,

SMTP Authentication is enabled by default on cPanel.
- Are you sure you are using the right SMTP server, the one that belongs to that cPanel server? Did you check if the SMTP ip matches the ip you have attached on the cPanel Server?
- Did you try with a differnet mail client?

[hedbanger83]

My server has 8 IP's, And I have the option selected in WHM/Exim configuration, to show the originating IP as the sending domain's IP (Instead of the server's MAIN ip address). I am definately connecting to my own server.

[hedbanger83]

OK here's the deal.

I telnet'ed into my server's SMTP port via command line using:

"telnet mydomain.com 25"

I then issued an "EHLO mydomain.com"

Then I did a "MAIL FROM: vsdds@gtgrgrvgrgtr.com"

I get in return "250 OK"

And then: "RCPT TO: realusername@realdomain.com"

At that point it tells me it failed..

"550-Verification failed for <vsdds@gtgrgrvgrgtr.com>
550-The mail server could not deliver mail to vsdds@gtgrgrvgrgtr.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
550 Sender verify failed"

Seems like authentication works in this case.

However, the only thing it seems to be checking is whether or not the MAIL FROM domain itself "gtgrgrvgrgtr.com" is a real domain, despite whether the mail account name (vsdds) exists or not.

In this case, gtgrgrvgrgtr.com is NOT a real domain name so it fails with the "Verification failed" message.

If I do all of this again and instead issue a "MAIL FROM: bc7rg468frfe@gmail.com"

Where "bc7rg468frfe" is an email account that doesn't exist at gmail
and then issue a "RCPT TO: realusername@realdomain.com"

It accepts and sends out the email...

And this doesn't matter whether realdomain.com is located on my server or not.


And last but not least..

If I try again and issue "MAIL FROM: fakeusername@mydomain.com"

In which mydomain.com is an actual domain name on my server, and fakeusername is an email account which isn't even set up on the server...

and then issue "RCPT TO: anyaccount@anywhere.com"...

it accepts and the email is delivered through my server. fakeusername isn't even an email account on the server, even though the domain IS.

But it still accepts and goes through..

This does not seem like Authentication to me at all. As long as the domain portion of the MAIL FROM email address exists, the email will be sent out. Even if that domain does not exist on my server. Therefore it seems that anyone can simply connect to my server and supply any valid domain name in the MAIL FROM address, and the email will go through.

WHAT?!!

I would expect SMTP authentication to require a username and password for authentication, and that the email account actually exists for that domain.

I have read elsewhere that with OUTLOOK there's the possibility that if you've already authenticated successfully to the pop server, that SMTP authentication isn't required, and thats why it may allow emails to be sent without SMTP authentication enabled for that email account in OUTLOOK. Which sort of makes sense.

But from looking at my experiment with telneting into my SMTP server and issuing commands, I am not convinced that it's working.

Also the following info may be of assistance.. After I issue the EHLO mydomain.com I receive:

250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP

Does the AUTH PLAIN LOGIN have anything to do with this issue?


Thank you for any help,
Kyle

[hedbanger83]

By the way, I telnet'ed into my server from my DSL line. I did not log into my server via SSH and then telnet locally from there.

IF I SSH into my server first, and then do the same thing, they all seem to get rejected with:

550-mydomain.com [xxx.xxx.xxx.xxx] is currently not permitted to relay
550-through this server. Perhaps you have not logged into the pop/imap server
550-in the last 30 minutes or do not have SMTP Authentication turned on in your
550 email client.

UNLESS, I issue an:
AUTH LOGIN before sending the MAIL FROM and RCPT TO data.
After providing the base64 encodings of the username (email address) and the password. I get authenticated and can then provide the MAIL FROM and RCPT TO data and send out a message.

So authentication only seems to work when logged into the server first, and not when connecting from outlook or some other mail client on a remote computer. I'm assuming webmail would also authenticate fine because of this reason.

Any ideas?

[hedbanger83]

I'm slowly starting to figure out the deal here. Even though nobody is replying, I thought it would be useful to continue updating this thread for the benefit of other people.

Anyways, I tried telneting into the server from a different IP address (My home ISP instead of my work ISP). Anyways, i conducted that same tests as before and it appears that my emails were rejected. I'm assuming this is because exim is storing a list of safe IP addresses somewhere. It appears that once somebody successfully authenticates from a certain IP address, that IP becomes trusted and allows pretty much anything to be sent through the server from that IP. I'm assuming that this is the reason I was able to send out pretty much any email through my server before, because I (or any one of the other computers in the office that shares the DSL) had obviously authenticated at an earlier time from our DSL's IP. I guess this would be fairly inconvenient if there was some sort of spyware spam robot installed on someone's computer in the office.

I will update again when I find out more information

[hedbanger83]

Yup, so I'm stupid.

Anyways, the deal is this. If someone sharing your location's WAN connection has successfully logged into the POP or IMAP server in question (apparently in the last 30 minutes), then anyone or anything connecting with that IP is allowed to send anything it wants through the SMTP server, without any need to re-authenticate. If nobody logs in via POP or IMAP for over 30 minutes, I'm assuming that the next person or program that attempts to send an email, will get denied with the message:

"550-domain_in_question.com [your_current_public_ip] is currently not permitted to relay
550-through this server. Perhaps you have not logged into the pop/imap server
550-in the last 30 minutes or do not have SMTP Authentication turned on in your
550 email client."

I never really payed attention to that message, but now it makes sense.

So, I had telnet'ed into my server at port 25 from my home (Which had never authenticated via POP or IMAP before), tried sending an email, and got rejected with the above message.

I then telnet'ed to my server via POP:
telnet mydomain.com 110

logged in to the POP server:
USER myemailaddress
PASS myemailaddress_password

and i became "logged in" to the POP server.

I then disconnected from the POP server:
quit

and reconnected to the SMTP port:
telnet mydomain.com 25

EHLO mydomain.com

MAIL FROM: anythingiwant@some_real_domain_name (not necessarily on this server)

RCPT TO: any_valid_string_of_characters@some_other_real_domain_name

and voila.....

250 Accepted

The email can be sent..

Once my IP changes, I would most likely have to re-authenticate via POP before I could send outgoing email through the server.

So that's that.. I'm a newbie, but hopefully my ignorance has helped someone else who's really confused about this same issue.

Cheers

[MVA]

thanks for posting this. it's Greek to me but glad for the effort

[jsmall]

I am having the same problem on one of my servers. I have two cPanel servers and the other one works properly with both POP before SMTP and SMTP_auth. We have been working on this problem for weeks and cannot get it resolved.

To reproduce the problem, you must not authenticate to the server via POP for at least 30 mins. Then try to send an email using SMTP_auth on.

[nitaish]

I think it is pop before smtp setting. How do we disable this setting?

[nitaish]

I think I found the problem. I have CSF installed in my server and had RELAYHOSTS enabled which caused the IPs to be added in the /etc/relayhosts file and hence did not require authentication for at least 30 minutes after accessing pop3. I have disabled the setting and deleted all the entries from /etc/relayhosts. This worked for me.

[nitaish]

Just when I thought the problem is resolved, it appeared again. Does anybody know a solution?