Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Problem with Blackberry phones (Cannot receive mails from my own domain with Blackberry phones)
  •  
Gaby

Messages: 35
Karma: -2
Send a private message to this user
If someone using a Blackbery phone tries to send a mail message to another account in my own domain it is rejected.

Here is the debug.log:


[11/Mar/2015 09:32:47][2500] {smtps} Task 37702 handler starting
[11/Mar/2015 09:32:47][2500] {smtps} SMTP server session begin; client connected from 74.82.85.10:16805
[11/Mar/2015 09:32:47][2500] {smtps} Looking up address 74.82.85.10 in DNS blacklist SpamCop...
[11/Mar/2015 09:32:47][2500] {smtps} Address 10.85.82.74.bl.spamcop.net not found in DNS blacklist SpamCop
[11/Mar/2015 09:32:47][2500] {smtps} Looking up address 74.82.85.10 in DNS blacklist SpamHaus SBL-XBL...
[11/Mar/2015 09:32:47][2500] {smtps} Address 10.85.82.74.zen.spamhaus.org not found in DNS blacklist SpamHaus SBL-XBL
[11/Mar/2015 09:32:47][2500] {smtps} Delaying SMTP greeting to 74.82.85.10:16805 for 5 seconds
[11/Mar/2015 09:32:52][2500] {smtps} Sent SMTP greeting to 74.82.85.10:16805
[11/Mar/2015 09:32:52][2500] {smtps} Command EHLO smtp10.bis6.us.blackberry.com
[11/Mar/2015 09:32:52][2500] {smtps} Sent reply to EHLO: 250 mail.XXXXX.com.ar ...
[11/Mar/2015 09:32:52][2500] {smtps} Command MAIL FROM:<SRS0=4M7Bkl=DZ=XXXXX.com.ar=XXXXX1<_at_>srs.bis6.us.blackberry.com > SIZE=1006
[11/Mar/2015 09:32:53][2500] {smtps} Sent reply to MAIL: 250 2.1.0 Sender <SRS0=4M7Bkl=DZ=codimat.com.ar=XXXXX1<_at_>srs.bis6.us.blackberry.com > ok
[11/Mar/2015 09:32:53][2500] {smtps} Command RCPT TO:<XXXXX1<_at_>XXXXX.com.ar>
[11/Mar/2015 09:32:53][2500] {smtps} Sent reply to RCPT: 250 2.1.5 Recipient <XXXXX2<_at_>XXXXX.com.ar> ok (local)
[11/Mar/2015 09:32:53][2500] {smtps} Command DATA
[11/Mar/2015 09:32:53][2500] {smtps} Retrieving Caller-ID record for domain XXXXX.com.ar
[11/Mar/2015 09:32:53][2500] {smtps} Retrieval finished, success=no
[11/Mar/2015 09:32:53][2500] {smtps} SMTP: Message from IP address 74.82.85.10 was rejected because of missing authentication for local domain sender <XXXXX1<_at_>XXXXX.com.ar>.
[11/Mar/2015 09:32:53][2500] {smtps} Command DATA failed: Authentication required for local domain sender <XXXXX1t<_at_>XXXXXt.com.ar>
[11/Mar/2015 09:32:59][2500] {smtps} Command QUIT
[11/Mar/2015 09:32:59][2500] {smtps} SMTP server session end
[11/Mar/2015 09:32:59][2500] {smtps} Task 37702 handler END


I assume this is because the phone sends the message through another server instead of using my own domain smtp server.

How can I fix this?

Thanks in advance.


Gaby
  •  
ksnyder (KERIO)

Messages: 557
Karma: 36
Send a private message to this user
The IP Address: 74.82.85.10 resolves to Blackberry. Incidentally, that IP address also appears on blacklists ( http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a74.82 .85.10&run=toolpage).

To fix it, you could add the IP address to a Whitelist (sender policy/authentication settings, spam settings, etc. just to cover all bases).

[Updated on: Thu, 12 March 2015 16:21]


Ken Snyder
Director, Sales Engineering | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Brian Carmichael (Kerio)

Messages: 598
Karma: 61
Send a private message to this user
The rejection is caused by the sender anti-spoofing feature. You should add Blackberry's IP address to the whitelist, or disable the feature. More information is available in the knowledge base: http://kb.kerio.com/product/kerio-connect/server-configurati on/security/configuring-anti-spoofing-in-kerio-connect-1491. html

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Gaby

Messages: 35
Karma: -2
Send a private message to this user
I have to politely disagree with your argument. As you can see here:

[11/Mar/2015 09:32:47][2500] {smtps} Looking up address 74.82.85.10 in DNS blacklist SpamCop...
[11/Mar/2015 09:32:47][2500] {smtps} Address 10.85.82.74.bl.spamcop.net not found in DNS blacklist SpamCop
[11/Mar/2015 09:32:47][2500] {smtps} Looking up address 74.82.85.10 in DNS blacklist SpamHaus SBL-XBL...
[11/Mar/2015 09:32:47][2500] {smtps} Address 10.85.82.74.zen.spamhaus.org not found in DNS blacklist SpamHaus SBL-XBL

the message is checked by two blacklists and none of them find the sender listed there.

The issue has to do with the fact that the real sender is a RIM server. Because of this, there is no authentication performed.

Thanks!


Gaby
  •  
Gaby

Messages: 35
Karma: -2
Send a private message to this user
I'm unable to do that.

I've unticked "Reject messages with spoofed local domain sender identity" and no luck.

Also, I cannot add the IP ranges of RIM (Blackberry) servers under "Never reject messages from this IP group..." because this item is alredy used with another set of IPs and I cannot add another range (what a shame Kerio!).

The only solution is to untick "user must authenticate in order to send messages from a local domain"

I don't want to do such thing. I think this would be a huge security breach.

So. I'm in the oven... don't know how to fix this.

Thnks


Gaby.
  •  
Pavel Dobry (Kerio)

Messages: 5161
Karma: 242
Send a private message to this user
There is an option "User must authenticate in order to send messages from a local domain.". Which is exactly what you do (or RIM does). It sends an email with your email address and do not authenticate to your server. You either need to disable this option (and be prepared for spoofed spams) or put all RIM IP addresses into the whitelist "Never rejects messages from this IP address group".

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Pavel Dobry (Kerio)

Messages: 5161
Karma: 242
Send a private message to this user
Gaby wrote on Thu, 12 March 2015 16:03

Also, I cannot add the IP ranges of RIM (Blackberry) servers under "Never reject messages from this IP group..." because this item is alredy used with another set of IPs and I cannot add another range (what a shame Kerio!).

Gaby.


You can add whatever range you want. It could also include the existing range, which is there. Just go to IP address group definition.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Brian Carmichael (Kerio)

Messages: 598
Karma: 61
Send a private message to this user
@Gaby, you are on the right track to add the Blackberry servers to the "Never reject messages from this IP group...". To clarify, you can create a different address group for this particular whitelist. Please review the following article http://kb.kerio.com/product/kerio-connect/server-configurati on/time-ranges-and-ip-address-groups/defining-ip-address-gro ups-in-kerio-connect-1163.html

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Gaby

Messages: 35
Karma: -2
Send a private message to this user
Brian and Pavel:

You're right. I'm a complete idiot. Don't know why i got confused about adding more ranges. Maybe because I'm always in a rush. Problem solved after adding RIM's ranges.

Thanks everybody for your help!

Gaby.
Previous Topic: Scalability Guidelines
Next Topic: Kerio Connect Web Client not showing new unread emails
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Feb 20 16:22:32 CET 2017

Total time taken to generate the page: 0.03137 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.