Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Failed SMTP login...but it hasn't
  •  
zebby

Messages: 240
Karma: 2
Send a private message to this user
Hi,

We have a server that generates reports everyday at 4am and emails them to certain people in the company.
In the SMTP setup of this server application, we have the internal IP address for our Kerio server, the port to use (25) the user name and password (we have an email account set up for it to use)

The emails are always sent OK but also everday in the security log I get:
[30/Nov/2012 04:00:55] Failed SMTP login from 10.10.10.223

But it hasn't failed as the emails have been sent.

So when I see:
[01/Nov/2012 03:27:12] Failed SMTP login from 71.127.158.108

Which is someone in the US being rather naughty, how do I know Kerio isn't letting them in and send mail anyway?
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
What are your settings in the "Relay Control" tab of the "SMTP Server" setting in KC?

Do you have "Users from IP address group" ticked? If you have your internal IP addresses listed there, your report server can send without credentials.

Also check the mail log at the same time, what does it say?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
zebby

Messages: 240
Karma: 2
Send a private message to this user
Hi freakinvibe, thanks for the response!

I do have 'Users from IP address group' ticked and my internal range is set there. The report server has to provide credentials as it won't allow you to save the SMTP settings on it unless there is a username/password set.

The mail log just shows me the mail being delivered normally:
[27/Nov/2012 04:00:50] Recv: Queue-ID: 50b43af2-000121b3, Service: SMTP, From: <network@ourdomain.co.uk>, To: <jen.cooke<_at_>ourdomain.co.uk>, Size: 78942, Sender-Host: 192.168.10.223, Sender-Host-Name: hannah.ourdomain.local

[27/Nov/2012 04:00:50] Sent: Queue-ID: 50b43af2-000121b3, Recipient: <jen.cooke<_at_>ourdomain.co.uk>, Result: delivered, Status: 2.0.0 , Remote-Host: 127.0.0.1, Remote-Host-Name: localhost

I see there's nothing in the mail log that corrosponds with the SMTP attempt from the rogue IP so I guess I'm worrying without reason!

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I've see this happen with notifications sent by Microsoft services. It seems that regardless of what you enter for account credentials, they always use NTLM authentication first, which fails and then falls back to an alternate login method, or no login if there wasn't a place to enter login info, which succeeds. In a couple of cases I got around it by specifying a domain account instead of a local Kerio account for login credentials, but in cases where there wasn't a place to enter login credentials, I've had to live with it.

Scott
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
It will go through even if you provide the wrong credentials because it comes from the internal network.

What is a bit strange is that in the first log snippet it shows your report server as

10.10.10.223

in the second one it is

192.168.10.223

Does your report server have multiple local IP addresses?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
zebby

Messages: 240
Karma: 2
Send a private message to this user
Hmmm....the NTLM thing makes sense, the email address it uses is a Kerio local one.

It does use 2 local IP's, a rather cumbersome and odd setup I inherited with a server talking to an ACD/switchboard. I'm confident it really only needs one IP but as the saying goes, if it aint broke...
Previous Topic: kerio ldap server and postini
Next Topic: Account Size
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 21:07:41 CEST 2017

Total time taken to generate the page: 0.00477 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.