Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Local server mail blocked (Local (127.0.0.1) sending is blocked by anti-spoofing)
  •  
Will Mayall

Messages: 171
Karma: 5
Send a private message to this user
On a Linux server, I have Kerio Connect installed. Testing on the server using "mail" works fine as long as I have "Sender anti-spoofing protection" off.

I have a group of local IP addresses that includes 127.0.0.1. That group is chosen to "Never reject messages from this IP address group."

The same is also true for the Spam Repellent setting but that's less of an issue since it just means the connection is delayed.

Why would tests via the "mail" command not be accepted if 127.0.0.1 is in the IP Address Group?

Thanks,

Will Mayall
  •  
Will Mayall

Messages: 171
Karma: 5
Send a private message to this user
The reason I am anxious to get this resolved is so that system status messages can be properly sent.
  •  
Pavel Dobry (Kerio)

Messages: 5222
Karma: 251
Send a private message to this user
Have you replaced sendmail? Guide ex. here http://kb.kerio.com/product/kerio-connect/installation-and-u pgrade/installing-kerio-connect-on-ubuntu-server-1404-lts-16 28.html
What is the debug log for SMTP server? Sender antispoofing should not be involved if the IP is on a whitelist. Unless you connect via IPv6 address which is not on the whitelist.

[Updated on: Thu, 04 February 2016 18:59]

  •  
Will Mayall

Messages: 171
Karma: 5
Send a private message to this user
Yes, I replaced sendmail (the instructions need a slight update).

Below is an example. Note that I don't think there should be a 20 second delay (anti-spoofing but IP 127.0.0.1 is in IP Address group) or that authentication is needed (same IP Address Group).

[03/Feb/2016 15:03:41][18806] {smtps} Task 22 handler BEGIN
[03/Feb/2016 15:03:41][18806] {smtps} Task 22 handler starting
[03/Feb/2016 15:03:41][18806] {smtps} SMTP server session begin; client connected from localhost:40253
[03/Feb/2016 15:03:41][18806] {smtps} Delaying SMTP greeting to localhost:40253 for 20 seconds
[03/Feb/2016 15:04:01][18806] {smtps} Sent SMTP greeting to localhost:40253
[03/Feb/2016 15:04:01][18806] {smtps} Command ehlo MYHOST.com
[03/Feb/2016 15:04:01][18806] {smtps} Sent reply to EHLO: 250 MYHOST.com ...
[03/Feb/2016 15:04:01][18806] {smtps} Command mail from:<postmaster<_at_>MYHOST.com>
[03/Feb/2016 15:04:01][18806] {smtps} Sent reply to MAIL: 250 2.1.0 Sender <postmaster<_at_>MYHOST.com> ok
[03/Feb/2016 15:04:01][18806] {smtps} Command rcpt to:<mayall<_at_>MYHOST.com>
[03/Feb/2016 15:04:01][18806] {smtps} Sent reply to RCPT: 250 2.1.5 Recipient <mayall<_at_>MYHOST.com> ok (local)
[03/Feb/2016 15:04:01][18806] {smtps} Command data
[03/Feb/2016 15:04:01][18806] {smtps} SMTP: Message from IP address 127.0.0.1 was rejected because of missing authentication for local domain sender <postmaster<_at_>MYHOST.com>.
[03/Feb/2016 15:04:01][18806] {smtps} Command DATA failed: Authentication required for local domain sender <postmaster<_at_>MYHOST.com>
[03/Feb/2016 15:04:01][18806] {smtps} Connection to SMTP server localhost lost: (11) Unknown error 11
[03/Feb/2016 15:04:01][18806] {smtps} SMTP server session end
[03/Feb/2016 15:04:01][18806] {smtps} Task 22 handler END
  •  
Pavel Dobry (Kerio)

Messages: 5222
Karma: 251
Send a private message to this user
Will Mayall wrote on Thu, 04 February 2016 20:33
Yes, I replaced sendmail (the instructions need a slight update).

Below is an example. Note that I don't think there should be a 20 second delay (anti-spoofing but IP 127.0.0.1 is in IP Address group) or that authentication is needed (same IP Address Group).

[03/Feb/2016 15:03:41][18806] {smtps} Task 22 handler BEGIN
[03/Feb/2016 15:03:41][18806] {smtps} Task 22 handler starting
[03/Feb/2016 15:03:41][18806] {smtps} SMTP server session begin; client connected from localhost:40253
[03/Feb/2016 15:03:41][18806] {smtps} Delaying SMTP greeting to localhost:40253 for 20 seconds
[03/Feb/2016 15:04:01][18806] {smtps} Sent SMTP greeting to localhost:40253
[03/Feb/2016 15:04:01][18806] {smtps} Command ehlo MYHOST.com
[03/Feb/2016 15:04:01][18806] {smtps} Sent reply to EHLO: 250 MYHOST.com ...
[03/Feb/2016 15:04:01][18806] {smtps} Command mail from:<postmaster<_at_>MYHOST.com>
[03/Feb/2016 15:04:01][18806] {smtps} Sent reply to MAIL: 250 2.1.0 Sender <postmaster<_at_>MYHOST.com> ok
[03/Feb/2016 15:04:01][18806] {smtps} Command rcpt to:<mayall<_at_>MYHOST.com>
[03/Feb/2016 15:04:01][18806] {smtps} Sent reply to RCPT: 250 2.1.5 Recipient <mayall<_at_>MYHOST.com> ok (local)
[03/Feb/2016 15:04:01][18806] {smtps} Command data
[03/Feb/2016 15:04:01][18806] {smtps} SMTP: Message from IP address 127.0.0.1 was rejected because of missing authentication for local domain sender <postmaster<_at_>MYHOST.com>.
[03/Feb/2016 15:04:01][18806] {smtps} Command DATA failed: Authentication required for local domain sender <postmaster<_at_>MYHOST.com>
[03/Feb/2016 15:04:01][18806] {smtps} Connection to SMTP server localhost lost: (11) Unknown error 11
[03/Feb/2016 15:04:01][18806] {smtps} SMTP server session end
[03/Feb/2016 15:04:01][18806] {smtps} Task 22 handler END


127.0.0.1 does not seem to to be in IP address group which whitelists Spam Repellent and Sender Policy. I would recommend contacting our technical support and providing mailserver.cfg file for review.
  •  
Will Mayall

Messages: 171
Karma: 5
Send a private message to this user
I stepped through the issue with tech support and it looks like a problem with the IP Address List and IPv6. Turning off IPv6 fixed the issue.
Previous Topic: IMAP IDLE for Mail 3.0?
Next Topic: Mac Mail Calendar Sharing
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Apr 24 17:03:53 CEST 2017

Total time taken to generate the page: 0.01006 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.