Authenticated SMTP outbound with Domino?
by Volker Weber
Now this will be interesting. We are trying to save my Domino server from being obsolete.
I will need to send my outbound SMTP mail over relays that require authentication. So far I have been able to send them to open relays but those die quickly. I would also be able to deliver directly but many servers will not accept mail from my lowly domain.
AFAIK there is no option in Domino to send SMTP mail over authenticated sessions. It can only do that inbound. Is that true? If it is I would be interested to learn about a workaround.
Comments
SMTP authentication is for email clients, not servers - servers deliver their own mail or relay it to one that can. Many ISP's down here in NZ offer a mail relay (SMTP Queue) that can be set to accept your IP as part of its local network and hence happily route mail for you.
Otherwise the server needs to do the hard work itself - are things so bad that your server has mail rejected because of your 'lowly' domain? What basis I wonder do they not accept your mail? Thats like reverse ORBZ - not big enough? bugger off! Crazy!
I haven't tried it yet, but in the R5 server document you can set authentication options for outgoing SMTP, including client certificates. Doesn't that work ?
FWIW, the R6 help explicitly says it works...
Both my ISP and the SP that hosts my public site will relay mail for me. My mail server however sits behind the wall in my intranet. It is assigned an arbitrary IP address. If I want to relay mail over the SP's SMTP relay I need to authenticate. Domino does not seem to be able to do that.
I find it very disturbing that IBM has the necessary code to do that. It is in the client, which will happily authenticate with any server. They also have a POP retriever, which is also not available in the server. So instead of using their code I need to rely on all sorts of instable third party offerings.
To that end it might be better to move to a different mail server who has all these capabilities. In the end I only need a decent IMAP server with a webmail interface.
No, Jan-Piet, I am pretty sure, it can only do that on inbound connections. If you find a way to do it on outbound connections please send me a screenshot.
Correct me if I am wrong. Server authentification by receiving SMTP servers is done with reverse DNS and a check if that host name and domain name is linked to the IP number.
It doesn't matter if your server is behind a firewall with an internal IP number as the main info is the host and domain name.
I use the services of dyndns.org to get an "official" hostname. With some tools in the SMC Barricade router (or a client software such as DDCient for Linux or Windows) the host name gets regularly the currently assigned IP number by the provider.
The configured the hostname of the domino server to the hostname.dyndns.org. So far no probs.
My host already has a dynamic DNS address that I could use. However, when you reverse DNS a T-Online IP address you will not get the DYNDNS name. Instead you get this: p50817c64.dip.t-dialin.net
Additionally I also WANT to relay my mail via a smarthost. I think I found a workaround for this. This little service will add the SMTP authentication: http://netwinsite.com/dmail/smtpauth.htm. It looks pretty straigtforward.
Colin, there are indeed SMTP servers who can authenticate against other SMTP servers with ASMTP. One example would be the SuSE Linux Open Exchange Server. From the docs:
http://sdb.suse.de/en/sdb/html/rsimai_slox_smtp_auth.html
If anything ever kills my Domino server it would be an offering like this.
Volker, you are right; SMTP auth doesn't work on D6 outgoing.
Solution is here now.
Thanks for posting this information, it's been very helpful. For those of you running Domino on Linux, see smtpauthprox at http://bent.latency.net/smtpprox/smtpauthprox.
Requirements are perl, smtpprox 1.2, mmencode (usually in metamail package) and sharutils. I got this working for outbound mail via my ISP's relay host, after changing the following line:
if (uc(substr($what, 0, 4)) eq 'HELO') {
to
if (uc(substr($what, 0, 4)) eq 'EHLO') {
since apparently Domino prefers the EHLO command when sending mail.
Hey Vowe! Haven't talked to you since Lotusphere! I'm trying to get a hold of Matthew Melendy. I'm trying to use his suggested solution to this 'issue', but keep coming up with problems! I have a Domino server that is running on Red Hat 9.
