Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    Oct 2008
    Posts
    84

    Default Untangle dropping SMTP Authentication?

    I have untangle setup in bridge mode with a mail server behind it. SMTP authentication is enabled on the mail server and all internal clients work fine. However people outside the network cant authenticate SMTP. According to the mail server logs they never even try too. This leads me to believe untangle might be dropping some packets. Has anyone heard of this?

    I wont be able to get onsite for a few days so I cant remove untangle and see if it fixes. I'm just hoping someone has seen this before and can give me a fix! Thanks

  2. #2
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Untangle won't drop authentication, but it will not allow a secure channel to be set up. Usually I recommend folks set up a second port on their server for clients to connect to via SMTP w/authentication/encryption. Like 587 for example.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  3. #3
    Untangler
    Join Date
    Oct 2008
    Posts
    84

    Default

    does regular smtp authentication count as a secure connection that untangle wont allow? I'm not using ssl or anything like that.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    It's better if you don't allow relay of any kind on port 25. It helps protect your SMTP service from hacking. That said, I have two mail servers behind Untangle right now that allow that process. Untangle simply eavesdrops on the SMTP session, it doesn't modify it only to remove the commands to establish SSL. It will also modify the session if it thinks the message is spam, to move the message into quarantine.

    The only thing I can think of is tarpitting. You can't enable the tarpitting feature if you're going to allow authenticated SMTP over port 25. Most residential IP blocks are permablacklisted thanks to viral infection.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Jan 2009
    Posts
    13

    Default

    I'm having a similar problem, but in reverse.

    Our SMTP server is on the Internet that requires port 26 and authentication. We have custom software that sends an email via SMTP and it cannot get through the Untangle. I have port forwarding rules, packet filtering, and firewall rules that are all permissive.

    Any thoughts?

  6. #6
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Since untangle doesn't inspect traffic on port 26, make sure your port forward rules are correct. You shouldn't have to touch anything else.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  7. #7
    Newbie
    Join Date
    Jan 2009
    Posts
    13

    Default

    Thanks mrunkel. I updated the port forward rule and it appears to be working when I run a telnet session to the mail server on port 26 from the work station.

    But I'm still receiving errors from our custom app that it cannot find the SMTP server.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2