Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Sending email from Outlook 2003 with SMTP
  •  
averyb

Messages: 10
Karma: 0
Send a private message to this user
I'm trying to figure out a way, so remote users can send email from Outlook using our Kerio 6.1.0 mailserver as the SMTP server. As I am remote to the server, I'm using myself as the guinea pig. I, like the remote users, am on a completely separate IP network in a different city.

My original config is to download mail from Kerio using Pop3 and to use a local SMTP to send email.

I've enabled all three SMTP relay options in Kerio. Firewall is open on the proper ports etc . . .
I've configured and tested Outlook (closing and restarting Outlook each time) using all three of the authentication options on the Outgoing Server tab and none of them worked.

Then I tried adding another port for the SMTP service on the Kerio server. Still didn't work. Then I tied secure Http, but it didn't work.

Each test from within Outlook returns that the outgoing SMTP server was found, but it did not respond.

I am at a loss and would appreciate any suggestions.

Thanks

[Updated on: Thu, 29 December 2005 22:49]

  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
Your ISP is most likely blocking traffic on port 25. As a base test, open a command prompt and type:

telnet your_mailserver_name 25 (using your real mailserver dns name or ip)

If the connection fails, this indicates either a configuration issue on the local machine, or that your ISP is blocking access on port 25. The way to get around this is add another port to the SMTP service in the MailServer, such as 2525. Then edit the account in Outlook so that it uses port 2525 for SMTP.

Note you should also test that you can make a connection on the new port you try by doing:

telnet your_mailserver_name 2525

If you are unable to make a connection on the alternate port, such as 2525, you are either behind a firewall, or your ISP is blocking all ports except the normal ports (which is extremely rare, but it can happen)

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
SMTP doesn't work on 25, or an alternate port, and HTTP doesn't work? It sounds like a network configuration problem. Since POP3 works, the DNS should be good.

It could be either a port blocking/redirection or NAT issue at a firewall or router. To rule out Outlook, try and telnet to port 25 on the mailserver and see if you get a greeting. Also, enable SMTPS logging in the KMS debug log. You should be able to see there if you're connecting or not.

Since HTTP and an alternate SMTP port is also affected, it's probably not your ISP blocking SMTP traffic. Check your firewall/router for whatever rules have been set up for POP3 access. You should be able to duplicate the settings for SMTP and HTTP.

Scott

[Updated on: Thu, 29 December 2005 23:16]

  •  
averyb

Messages: 10
Karma: 0
Send a private message to this user
Thanks for the quick replies.

I typoed the original post. Secure SMTP does not work. Secure HTTP is not relevant to my problem.

The mail server is behind a firewall (which I control). Access is allowed through the firewall to the Kerio server on Pop3, imap4, and smtp. Imap is working fine. I do not allow port 80 to reach the email server. Users can access webmail using SSL.

When I telneted to the server on port 25, and I got weird stuff after hitting <Enter> a bunch of times. 220 the a bunch of * on one line. A few <Enters> later, I got a bunch of heart symbols.

I used an alternate port (2526) for testing. Added that port to SMTP Service. Bounced Service. COnfigured OUtlook to use that port. Allowed that port to get through the firewall to that server. For a quick test I allowed Open SMTP Relay and I still couldn't send an email. I can see the firewall processing against that rule, so the traffic is hitting the firewall. FOr somereason Kerio just isn't responding.

Looking at the Kerio Security log, I see that my tests are registering as Spam Attacks.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Can you post the exact error messages from the debug log (SPAM processing logging must be turned on).

Normally, when telnetting to port 25 you should get

220 mail.yourdomain.com ESMTP ready

If you get *** it could be that your firewall has its own SMTP proxy, trying to forward SMTP requests to KMS.

Also, try to disable any SPAM protection on KMS temporarily to isolate the problem.

Regards, Pascal

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
averyb wrote on Fri, 30 December 2005 02:34

Thanks for the quick replies.

I typoed the original post. Secure SMTP does not work. Secure HTTP is not relevant to my problem.

The mail server is behind a firewall (which I control). Access is allowed through the firewall to the Kerio server on Pop3, imap4, and smtp. Imap is working fine. I do not allow port 80 to reach the email server. Users can access webmail using SSL.

When I telneted to the server on port 25, and I got weird stuff after hitting <Enter> a bunch of times. 220 the a bunch of * on one line. A few <Enters> later, I got a bunch of heart symbols.

I used an alternate port (2526) for testing. Added that port to SMTP Service. Bounced Service. COnfigured OUtlook to use that port. Allowed that port to get through the firewall to that server. For a quick test I allowed Open SMTP Relay and I still couldn't send an email. I can see the firewall processing against that rule, so the traffic is hitting the firewall. FOr somereason Kerio just isn't responding.

Looking at the Kerio Security log, I see that my tests are registering as Spam Attacks.



Please note, that Outlook does not use SMTPS protocol. For secured connections it uses SMTP protocol with STARTTLS command. So, connection to SMTPS port from Outlook will not work.

The 220 **** reply is probably modified by PIX firewall.
Make sure that your firewall is not blocking port 25 and SMTP command STARTTLS.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
This is an Outlook "feature".

Outlook uses TLS (STARTTLS command in SMTP protocol) when sending e-mails to standard port 25. For non-standard ports it uses SSL (SMTPS protocol).

So, if you need to use non-standard port (other than 25), you have to set correct port number for SMTPS service in Outlook account settings. This is valid only for IMAP and POP3 accounts.

Kerio Outlook Connector uses TLS (STARTTLS) regardless the port number.
  •  
averyb

Messages: 10
Karma: 0
Send a private message to this user
I configured port 2526 as an alternate port on Kerio for SMTP service and allowed it through the firewall.

The telnet test worked to that port.

SMTP, POP3, IMAP, LDAP, HTTP, Secure HTTP are all running on this server. The firewall allows SMTP (25 & 2526), POP3, IMAP, and Secure Http to reach the email server.

I tried all three authentication methods available in Outlook and none of them worked. I added my public IP to the allowed people to relay in Kerio. All three Relay options are selected.

Seeing "SMTP Spam attack detected from <My Public IP>, client closed connection before SMTP greeting" in the Security log got me thinking about SMTP timeouts.

When I disable the SMTP greeting delay on the Spam Repellent tab everything works fine. I reduced it to 5 seconds and still couldn't get Outlook to connect. Setting it to 2 seconds seems to work.

Any warnings or concerns about reducing the value of the SMTP Greeting delay?

Anyway to increase the timeout in Outlook 2003 that anyone knows of?

  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
As pdobry has mentioned, you are behind a Cisco PIX firewall or some similar device that is corrupting authentication data that is being sent over the SMTP protocol. Because of this you will need to disable the smtp protocol inspector on your Cisco PIX device.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
averyb

Messages: 10
Karma: 0
Send a private message to this user
I don't have a SMTP protocol inspector running on the PIX.

Changing the SMTP Greeting Delay solved the problem.

Turns out that the real problem was sending email from outside the company LAN using KOC. I'll look into that and post questions as needed.
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
If you telnet to your MailServer on the SMTP port and you get:

220 *****************************2****************

This indicates that the PIX protocol inspector is running on the SMTP port.
Quote:

By default, the PIX Firewall inspects port 25 connections for SMTP traffic. If you have SMTP servers using ports other than port 25, you must use the fixup protocol smtp port-number command to have the PIX Firewall inspect these other ports for SMTP traffic. The syntax of the fixup protocol smtp command is as follows:

fixup protocol smtp port [-port ]
no fixup protocol smtp port [-port ]
clear fixup protocol smtp

where port[-port] is a single port or port range that the PIX Firewall will inspect for SMTP connections.

Use the no form of the command to disable the inspection of traffic on the indicated port for SMTP connections. If the fixup protocol smtp command is not enabled for a given port, then potential mail server vulnerabilities are exposed.


Hope that helps.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
pwhodges

Messages: 144
Karma: 0
Send a private message to this user
Can I remind people that they don't need to make up their own alternate port numbers for SMTP submission when 25 is blocked. Port 587 has long been designated for this purpose (RFC 2476).

Paul
Previous Topic: Delete emails
Next Topic: Solved: FreeBusy Problem
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 17 20:19:21 CET 2017

Total time taken to generate the page: 0.00543 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.