Mailing List CGatePro@mail.stalker.com Message #98090
From: Urs Grtzner <ugruetzner@ems.ch>
Subject: Re: Forwarding authentication problem
Date: Wed, 10 Jun 2009 21:54:46 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 German (intel) <http://www.ctmdev.com>
From: David Colville <david姍eyoptions.com.au>
Subject: Re: Forwarding authentication problem
Date: Thu, 11 Jun 2009 01:43:50 +1000
To: "CommuniGate Pro Discussions" <CGatePr姓ail.stalker.com>
X-Mailer: Apple Mail (2.930.3)

__________

On 11/06/2009, at 1:29 AM, Urs Grtzner wrote:

On our CGP Server with domain ems.ch we have SMTP AUTH enabled to avoid
Spam with faked sender adresses like name@ems.ch.

One of our users kaeser委ms.ch has also an address kaeser妾ms-ag.ch. The
domain cms-ag.ch is hosted on another server of our sister company. The
address is not an account but a simple forwarder. What comes in to
kaeser妾ms-ag.ch is immediately forwarded to kaeser委ms.ch. Cybernet is
the Internet provider of cms-ag.ch, its the Cybernet's SMTP which
finally forwards the mail to our SMTP ems.ch


Problem: Testmails sent from any account ems.ch to kaeser妾ms-ag.ch are
not forwarded (in this case back...) to our server, see the error
message below.

Why does our CGP Server obviously consider the original sender as a
client sender which needs authentication?
_____________


>So if I'm not mistaken - your server is preventing the cybernet server
from passing on emails from a "ems.ch" domain address - ie the Cybernet
server isn't authenticating
>before sending emails with a "from" address that's in the ems.ch domain.

Your not mistaken, it seems to happen like this, if I am interpreting
the message from the Cybernet server correctly. But how could the
Cybernet server authenticate at our server?

>I would believe this wouldn't be occurring, except for the fact that
you are sending a test message from the "ems.ch" domain - does the same
issue occur if you send an
>email from a gmail account, for example?

Yes, as I wrote we were sending testmails from accounts user@ems.ch.
Only these test  mails do never arrive at the final account of
kaeser委ms.ch. When I send from my mac.com acount or others, all these
are coming through.

I think its a rare case where the snake is biting his tail. SMTP AUTH
does not allow to accept mails with the own domain as sender without
authenticating. But how is a "foreign" server able to authenticate? Its
somewhat crude that the original return path is not recognized by the
SMTP module which would "whitewash" the mail.






The original message was received at Wed, 10 Jun 2009 09:07:40 +0200 (CEST)
from cust.static.84-253-63-242.cybernet.ch [84.253.63.242]

  ----- The following addresses had permanent fatal errors -----
<kaeser委ms.ch>
   (reason: 575 ijauch委ms.ch sender requires authentication)

  ----- Transcript of session follows -----
... while talking to mail.ems.ch.:
MAIL From:<ijauch委ms.ch> SIZE=956
<<< 575 ijauch委ms.ch sender requires authentication
554 5.0.0 Service unavailable
Final-Recipient: RFC822; kaeser委ms.ch
Action: failed
Status: 5.0.0
Diagnostic-Code: SMTP; 575 ijauch委ms.ch sender requires authentication
Last-Attempt-Date: Wed, 10 Jun 2009 09:07:58 +0200 (CEST)
test



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster