I am developing smtp server and there is a question i don't understand about smtp handshake.
#1. mail client (outlook) -> My SMTP Server
EHLO - AUTH - FROM - TO - DATA - QUIT
It is smtp relay request. My smtp server takes the request and delivers the mail to other mail server.
#2. Other SMTP Server -> My SMTP Server
EHLO - FROM - TO - DATA - QUIT
I understood smtp flow between SMTP servers as follows. AUTH command is not necessary in this case, because AUTH command is for authentication for client to send request relay to smtp server.
#1, #2 are the flow of SMTP that i understand. What I'm curious about is how does my smtp server determine whether this request is from a client or a server. I want to decide whether to do the AUTH command through it.
If my thoughts are wrong, don't laugh too much and i ask for a kind explanation.
Thank you.
The usual modern solution is to separate SMTP submission from regular SMTP transmission traffic, and require authentication for the former, but not the latter.
The latter should only accept inbound traffic for domains you are MXing for, and run on port 25.
Regular users should be blocked from using port 25 (your ISP or corporate firewall probably already does this) and use port 587 for message submission. (Some legacy systems still use 465, but you should not.)
In actual practice, you would check at MAIL FROM whether the sender is internal, in which case reject if they are not authenticated; and otherwise, check in RCPT TO if all recipients are internal, and reject the ones which are not.
See RFC 6409 for the SMTP submission spec, and RFC 8314 for related security recommendations.
Related
I need to provide a SMTP email service to a network and correctly configure the ports.
I understand SMTP uses port 25 over TCP, but have also read that SMTP is mainly used to transfer mail between mail servers and not the individual clients. Would either IMAP or POP3 be needed to send from the client to the server on port 993 or 995? or is there another port or way?
What other ports are needed to send an email via SMTP?
Thanks in advance
I need to implement an intelligent mailing list/relay (on Linux). The idea is that:
The server receives emails to a list address
It parses the mail, and confirms that it's from a trusted source
It looks up a list of recipients in a local database
It does some minor processing on the incoming mail, and sends it out to the list
It returns any bounce messages to the original sender
The server already has sendmail installed, but I can use another MTA if necessary.
This sounds straightforward, and sendmail already has a database look-up capability. However, I don't think this is particularly flexible, and I don't want to give sendmail independent access to my database.
The closest I've come to an existing solution is E-MailRelay, which looks good, but I don't want the overhead of integrating it if I can avoid it.
I'd appreciate a sanity check on my Plan B before starting it, or alternative suggestions. I haven't found any useful docs on this and the Sendmail book doesn't seem to have anything relevant in it.
What I'm thinking about is:
Implement an SMTP delivery agent for sendmail, and have sendmail and the DA running on the same server, with the DA listening on some unspecified port (which?)
Sendmail presumably acts as an SMTP client when connecting to the DA, and my DA will respond to MAIL/RCPT/DATA commands
The DA processes the received mail, which will be either a message out to the mailing list, or a bounce, or possibly a response
The DA then switches to client mode, connects to sendmail, and issues MAIL/RCT/DATA commands to return the response to the original sender
Does this make sense? Thanks.
This turned out to be pretty straightforward, although I didn't use a sendmail delivery agent - I just did everthing in SMTP. The server has two IP addresses, and sendmail is already listening on port 25 on IP#1.
I wrote an SMTP proxy which listens on port 25 on IP#2. This runs an SMTP server, which accepts incoming messages, and re-writes them. It then connects (as a client) to port 25 on IP#1, sending the re-written message to sendmail. sendmail then handles transmission to the re-written destination addresses. This is all transparent to the original mail client.
Not sure how I'd do this if the server only had one IP address, though.
hi i wanted to send mail via smtp protocol to one of my
gmail's accounts...
i tried but finally it occurred and error :
telnet> open alt4.gmail-smtp-in.l.google.com 25
Trying 74.125.131.27...
Connected to alt4.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP b4si2095585vdw.57 - gsmtp
HELO stackoverflow.com
250 mx.google.com at your service
MAIL FROM: <test#stackoverflow.com>
250 2.1.0 OK b4si2095585vdw.57 - gsmtp
RCPT TO: <■■■■#gmail.com> // filtered ;)
250 2.1.5 OK b4si2095585vdw.57 - gsmtp
DATA
354 Go ahead b4si2095585vdw.57 - gsmtp
test
ok
it done
.
550-5.7.1 [5.22.81.102] The IP you're using to send mail is not authorized to
550-5.7.1 send email directly to our servers. Please use the SMTP relay at your
550-5.7.1 service provider instead. Learn more at
550 5.7.1 http://support.google.com/mail/bin/answer.py?answer=10336 b4si2095585vdw.57 - gsmtp
Connection closed by foreign host.
so now how can i send mail without having this problem ?
This is because Google will reject any emails sent from IP in the spamhaus database.
What you need to do is go to http://www.spamhaus.org/lookup/ and follow the instruction there to remove your server ip from spamhaus database.
Please also follow this guide: Prevent mail to Gmail users from being blocked or sent to spam
You can find the answer at the link in the last line of the Google mail served response:
'The IP you're using to send email is not authorized...'
In order to prevent spam, Gmail refuses mail from IP addresses that are not authorized to send mail. The determination of whether or not an IP address is authorized to send mail is made by the ISP that provides you with the IP address. This list typically contains consumer IP ranges offered for dialup, DSL, or other broadband access.
What can I do to fix this?
Your ISP may provide SMTP relays which will accept mail from your IP, and these servers should be authorized to send mail. Some ISPs may provide a way to get an IP that is authorized, either by upgrading to business class service or static IP service. You should reach out to your ISP to see what options are available.
Another alternative is to send mail through your own domain’s servers, either by configuring them to allow relay from your IP address, or by using MSA (mail submission agent). Learn how to use Gmail to send mail from a different address.
Please note that we are unable to whitelist IP addresses or otherwise make exceptions.
In other words, if your IP address is not authorized by your ISP to send mail, you should send your mail through:
Your provider mail server (SMTP relay)
Your own domain mail server.
Mail servers must meet a number of requirements to prevent their messages from being blocked, e.g. have a PTR record. The use of authentication methods such as SPF, DKIM or DMARC minimize the chance that messages are marked as spam.
I had this problem with one of my hotmail addresses, using Thunderbird on Kubuntu. Tried changing sever settings, passwords etc to no avail. In desperation, I deleted the offending email address through "account settings" "account actions" (bottom left of window). If you are on POP3 you will loose all your emails, so make sure you're on IMAP.
You then just select "add email" in Thunderbird and the email is put back as it should be and works perfectly.
I was wondering if anyone might be able to explain to me why it's taking nearly 30 seconds each time my Java web app sends an email using Gmail's SMTP server? See the following timestamps:
13/04/2010-22:24:27:281 DEBUG test.service.impl.SynchronousEmailService - Before sending mail.
13/04/2010-22:24:52:625 DEBUG test.service.impl.SynchronousEmailService - After sending mail.
I'm using spring's JavaMailSender class with the following settings:
email.host=smtp.gmail.com
email.username=myaccount#gmail.com
email.password=mypassword
email.port=465
mail.smtp.auth.required=true
Note that the mail is getting sent and I'm receiving it fine, there's just this delay which is resulting in a slow experience for the application user.
If you know how I can diagnose the problem myself that would be good too :)
It might be that gmail uses this delay to prevent spammers from using their SMTP server from the "outside": if the SMTP is called from the actual webmail client it would not use this delay.
In order to test this, you could open a telnet session to port 25 and do a manual SMTP session
(Search the web for SMTP HELO for examples)
GMail uses SSL for connection. To validate SSL certificate properly certain time is needed. Exact time depends on complexity of the certificate chain and use and accessibility of CRLs and OCSP checking. It's very likely that Java checks OCSPs for the certificate(s) presented, and this can be slow.
Try running your application on different system (preferably in other subnet) to exclude influence of firewalls. Maybe some part of communication (either SMTP itself, or CRL retrieval or OCSP checking) is slowed down by the firewall.
Depending on your OS, you should have a proper mail system that takes care of actually sending mails outside your network.
For instance, Postfix can do the job nicely. The configuration of Postfix would be on another thread, but typically Postfix would accept mails from your LAN (accepting to be a relay for your LAN) and would transfer the mails to gmail.
This is a exemple as to how setup postfix to have gmail as relay.
Having a mail service taking care of the relay of Gmail mails allows your Java application to be freed almost instantly (Postfix absorbs the mail, store it in its queue and forward it to Gmail itself).
I am trying to setup windows server 2008 smtp server to relay emails to gmail smtp. Everything appears to be setup but it is not sending emails. Could you please help me figure out whats wrong.
Below is the setup:
Windows server 2008 with SMTP server
feature installed. Need SMTP server
to forward all messages to gmail smtp
server to send.
I have google apps setup for my
domain, also I can send emails
throught my test app using
gmail smtp.
SMTP Server Configuration: By default has default smtp server virtual directory.
In Properties of that virtual smtp server changed following.
Fully qualified domain name = mydomain.com
smart host = smtp.gmail.com
TCP Port = 587
Out Bound Security = Basic Authentication(my username password for google apps email account)
In domains list under virtual smtp server. I have one default domain that's server dns. I added another one for my domain name.
With above setup i am trying to redirect all email to gmail smtp.
I tested connection to smtp.gmail.com from server on port 587 through telnet and it works.
I am trying to use above server from my web application also by just dropping emails in pickup directory. It get's picked up and also accepts request form web application but never sends an email.
I can see that it adds those emails in queue folder but it stays there forever.
When i try to send emails from web app to above server it rejects if To address is other than my domain.(Am i missing something in list of domains)
Thanks for all answers, finally found solution there is a property for maximum sessions which value was 0 by default. Changed it to 100 and it send all pending emails immediately.
Possible reasons are that some SMTP servers block the outgoing messages if there domain name mismatch, possible to prevent spam mails from being sent. So for example, I will not be able to send my email with an address abc#mydomain.com from my domain yourdomain.com.
Hope that helps.
Ensure your sending domain is the same as the google apps domain
Ensure your sending address is a real address and not just an alias
IIRC you need to use STARTTLS (SSL) not basic authentication
This souds like a DNS issue. Check your /badmail directory. It will have .bad and .bdp files in there. You can open these in notepad (there will be some binary in there).
However, it may point to the possible problem.
You may also want to try and enable logging on the SMTP service. There may be something in there.