Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » External webserver cant send error 550 5.7.1 Authentication Required (External webserver cant send error 550 5.7.1 Authentication Required)
  •  
troutdevmag

Messages: 7
Karma: 0
Send a private message to this user
Kerio Connect 9.0.1 (394) - OSX 10.9.4

We have our mail on our local mail server with Kerio and our website is hosted on a different shared LAMP server with a contact form. Our DNS has mx and SPF record set to our mail server and the A record set to our LAMP server.

- We have added the LAMP server IP address to the IP Address Groups for SMTP, security, relay etc. on Kerio
- We have added LAMP server to the whitelist on Kerio.
- We have added the LAMP server IP address to the SPF/TXT DNS records eg ip4:XXX.XXX.XX.X
- Our external webserver can send mail successfully from say a gmail address, just not addresses from our domain.

When our external web server processes the form and tries to send mail FROM any of our email addresses the external server gets "Returned to sender 550 5.7.1 Authentication Required (in reply to end of DATA command)". Sending TO one of our addresses is ok its just sending from. Kerio does not appear to log anything in all the logs I have searched through. Can anyone have any ideas to problem solve this issue? Here is the error, note I have changed all the domain/IP addresses for as this is an open forum:

------------------------------------------------------------ --------------------------------------------
<somename<_at_>ourdomain.com>: host mail.ourdomain.com[OUR-MAIL-SERVER-IP-ADDRESS] said: 550 5.7.1
Authentication Required (in reply to end of DATA command)
Reporting-MTA: dns; mx03.our-external-webserver-domain.com
X-Postfix-Queue-ID: 4ADAF2133C
X-Postfix-Sender: rfc822; somename<_at_>ourdomain.com
Arrival-Date: Fri, 4 Mar 2016 10:28:21 +1100 (AEDT)

Final-Recipient: rfc822; somename<_at_>ourdomain.com
Original-Recipient: rfc822;somename<_at_>ourdomain.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.ourdomain.com
Diagnostic-Code: smtp; 550 5.7.1 Authentication Required
------------------------------------------------------------ --------------------------------------------
  •  
Brian Carmichael (Kerio)

Messages: 723
Karma: 70
Send a private message to this user
This is related to the sender anti-spoofing security feature. Rejected messages should be reported in the security log. More information is available in our knowledge base. http://kb.kerio.com/product/kerio-connect/server-configurati on/security/configuring-anti-spoofing-in-kerio-connect-1491. html

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
troutdevmag

Messages: 7
Karma: 0
Send a private message to this user
Thanks.

Yes we had already added the new IP to groups and the "Reject messages with spoofed sender identity." was already ticked. Still no luck..

Do we need to add another SMTP server or domain?
  •  
troutdevmag

Messages: 7
Karma: 0
Send a private message to this user
Found the error:

[04/Mar/2016 12:24:27] SMTP: Message from IP address XXX.XX.XX.XX was rejected because of missing authentication for local domain sender <me<_at_>mydomain.com.au>.

[Updated on: Fri, 04 March 2016 04:40]

  •  
troutdevmag

Messages: 7
Karma: 0
Send a private message to this user
Does our contact form need to authenticate?

Or can we allow that IP address through?
  •  
troutdevmag

Messages: 7
Karma: 0
Send a private message to this user
I have now added this IP to groups as it was different from our web server. Do I need to add it to SMTP servers as per:

kb kerio com /product/kerio-connect/server-configuration/services/configu ring-the-smtp-server-1167.html
  •  
troutdevmag

Messages: 7
Karma: 0
Send a private message to this user
That fixed it, thanks!
  •  
troutdevmag

Messages: 7
Karma: 0
Send a private message to this user
Just to clarify I just needed to add the correct IP address that our webserver uses to send emails to Allowed IP Groups. I found this address in the security log as advised by Brian.

Thanks for the help.
Previous Topic: Migrate from OSX 10.7 (Connect 8.4) to 10.11 (Connect 9.x)
Next Topic: Koff and outlook 2010
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Aug 16 15:25:13 CEST 2017

Total time taken to generate the page: 0.00949 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.