Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SMTP security settings BUG? (PTR check being applied also to authenticated client SMTP communication?)
  •  
Musta

Messages: 2
Karma: 1
Send a private message to this user
Hi,
we just updated to latest version 8.2.2.
There is new security option for SMTP server - checking the sender's IP PTR record.
If the PTR is missing, the server denies the message.

Generally I like this option, BUT I thought this applies only for SMTP Relay.
Surprisingly I just needed to disable this security check, because one of our internal users sufferd from the issue sending mails out of our domain (the client's public IP had no PTR record).

In the other words why this feature checks all SMTP connections including those which originates from authenticated on the server?

There is the log record describing the rule applied:

[07/Mar/2014 09:05:49] Client with IP address 193.86.151.251 has no reverse DNS entry, connection rejected before SMTP greeting

Is this a bug or am I missing something?

Cheers,
Jan
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
The client should use port 587 (SMTP submission service) for sending emails as an authenticated user. Reverse PTR check is not applied there.
  •  
Musta

Messages: 2
Karma: 1
Send a private message to this user
Got it, sorry for my unfamiliarity with this.

Anyway from logical point of view and to anticipate a problem I wouldn't expect this security feature to be aplied globally.

Customers might evaluate moving this feature to the upper box, where specified IP group can be excluded from the scope?

This would prevent such a problem on many networks.

Ok, I just try to push you gently to incorporate in the new release - I know you probably leave it as is Wink

Anyway thank you for your last instant reply!
Jan
Previous Topic: Connect Kerio LDAP with Snom VoIP phones?
Next Topic: Error Messages
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Sep 22 11:55:15 CEST 2017

Total time taken to generate the page: 0.00413 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.