Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SMTP Problem Connection Problem (Can't get remote e-mail client to make SMTP connection)
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
I'm trying to setup a remote PC's e-mail client to use our Kerio Connect v7 mailserver using SMTP/POP3. I've got the POP3 working but can't seem to figure out why SMTP is not.

Note: this is the first time I'm actually setting up and using SMTP/POP3 for an e-mail client. Up till now we've exclusively used the webmail.

I'm testing from my home using Outlook configured to use standard ports (25/110) to connect. I've created a user called "survey" on Kerio.

I've been using a utility called CurrPorts (free and very useful) that lists active ports on a system to troubleshoot the problem. I've got it loaded on our Kerio mailserver and it shows both SMTP and POP3 connections so I don't think there's any problem with our firewall blocking things. I've included a screen capture of what the utility shows.

When the problem started, I setup Outlook on a PC on our LAN the same way as my home PC is setup to confirm that I set it up correctly and it worked here.

I've checked the logs on the Kerio mailserver and I can see the POP3 things, both errors and successful operations. I don't see any SMTP things associated with my Outlook tries. I would think something should show up in there, even it were just an authentication failure.

Any suggestions on what I might be missing here?

[img]index.php?t=getfile&id=1863&private=0[/img]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Your ISP or firewall is probably blocking incoming SMTP (TCP port 25).
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
Using the utility "CurrPorts", I've established that a variety of remote mailservers are successfully connecting to port 25 on our Kerio mail server.

I'm not an e-mail expert so bear with me. Am I correct in assuming that all incoming SMTP e-mail, whether it's from e-mail servers or e-mail clients, would all use port 25? If so, if our firewall or ISP blocked port 25, we wouldn't get any incoming e-mail at all. And I can definitely confirm we get gobs of e-mail.
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
I agree with Kerio_pdobry, but it's simple enough to test. From your home machine, open a command box and type

telnet yourserverip 25

You should see something like

Trying x.x.x.x
Connected to somebox
Escape character is '^]'.


If you don't get connected, you are being blocked. IT CAN BE YOUR ISP BLOCKING OUTGOING PORT 25 or a firewall at your server blocking incoming.

If you do get connected, see http://aplawrence.com/SCOFAQ/FAQ_scotec4testsmtp.html for how to see any problem at the Kerio end (note that you need to wait for the Kerio prompt if you have the SMTP delay option set).

Microsoft disables telnet on Vista and Win 7 . To get it back:

Microsoft disables the telnet client on these operating systems. To correct that stupidity:

* Open Control Panel -> Programs.
* Click "Turn windows features on or off" . On the list that appears, check the box "Telnet Client".
* Click OK. You now have "telnet"

[Updated on: Mon, 22 March 2010 21:36]


Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
I tried your suggestion. From the remote PC I tried connecting to our mail server on both ports 110 and 25. The 110 connection worked and the 25 connection timed out.
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
Therefore either 25 is blocked at your server (which seems not to be the case) or OUTGOING 25 is blocked at your home - not uncommon nowadays and that's what port 587 is for.

Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
Your hunch was correct. My ISP (Charter) does block port 25 traffic that is not directed to their mailservers. I suspect that is done to combat malware.

We created a port redirect on our firewall for port 587 traffic and things started working properly.

Thanks for the suggestion.
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
That is the wrong thing to do!

You should just enable the SMTP Submission service in Kerio Connect! It's the right way to go, as it REQUIRE authentication, so you have a same none-spam-sending server!

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
marook wrote on Tue, 23 March 2010 20:08
That is the wrong thing to do!

You should just enable the SMTP Submission service in Kerio Connect! It's the right way to go, as it REQUIRE authentication, so you have a same none-spam-sending server!



I read that as meaning he just forwarded 587 to an internal IP and had enabled Submission, but you could be right.

Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
OK,

Clarification: Don't just forward port 587 in the firewall to port 25 on Kerio!
Map port 587 directly, so your users are required to use Auth. when sending mail.. Smile
Port 587 also uses SSL, and onlu SSL!

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
I set our firewall to forward port 587 to port 25 on our Kerio server.

I'm not sure I understand why forwarding port 587 to port 25 is worse than forwarding 587 to 587? Almost all e-mail to us is received on port 25 now. All e-mail sent to our domain requires no authentication.

We've set Kerio to require SMTP authentication for sending e-mail out so we don't allow simple SPAM relay exploits. We also restrict SMTP to our LAN network and manually entered external IP addresses.

Is your concern based on users who don't require SMTP authentication?
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
Because port 25 & port 587 is handled in two very different ways!

Port 25: Normal SMTP where you can optionally ask for Authentication. Auth will be asked for IF the TO/CC/BCC is not located in one of your local domains.
This, and Secure SMTP (port 465) should be used for Incoming SMTP to YOUR server (ie. local delivery to your users!)

Port 587: SMTP Submission is the recommended service to use When Your User needs to Send email! It's SSL secured, Requires Authentication and is NOT filters by all the SPAM protection policies you can set (because only authenticated users can use it!).

By forwarding port 587 to your Kerios port 25, you will not require Authentication, you Will add SPAM messures such as SPF, Caller ID, Spam Rating & Blacklisting to Your Users. I'm not sure you would like to use all those resources on your internal users!

So: Make sure SMTP Submission is running, anf forward port 587 to port 587! Smile

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
Thanks for the clarification.
Previous Topic: Webmail: Notes
Next Topic: KMS 6.7 SMTP on ports 25, 465 and 587
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 21:01:09 CET 2017

Total time taken to generate the page: 0.00547 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.