HELO OK, but not remembered

[Borvik]

I'm trying to test our server for authentication, and I can't seem to get it to work.

I'm testing from a linux box setup at home trying connecting to the exchange server here at work.

Here is a log:

# telnet ******************* 25
Trying ************...
Connected to ******************* (************).
Escape character is '^]'.
220 ******************* Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Fri, 14 Aug 2009 10:45:39 -0400
HELO *****************
250 ******************* Hello [************]
AUTH LOGIN
503 5.5.2 Send hello first.
EHLO *****************
500 5.3.3 Unrecognized command

As you can see the connection is fine - so the firewall is not the issue.

I clearly sent HELO first and got an 250 (OK) response back, yet when I try AUTH LOGIN, it thinks I haven't sent the hello command.

Any ideas?

Thanks.

 

[Zelandakh]

Why are you doing auth login? The next command would normally be mail from if this is an anonymous SMTP transfer.

 

[Borvik]

The server is NOT an open relay (open relays are a bad idea - hence the AUTH LOGIN).

We have an e-commerce site hosted off-site that sends email using our server. When we initially setup that site, and specified that we needed to login to send the email, it was working.

At some point we stopped receiving emails from our site, and I have determined this as the cause. This needs to be fixed - and I don't want it to be an open relay as we tend to get put on blacklists.

 

[strongm]

AUTH LOGIN is an ESMTP command and generally requires EHLO rather than HELO. And EHLO cannot be entered subsequent to an earlier HELO. You'll need to disconnect your SMTP session and reconnect. EHLO has to be your first hello command

 

[strongm]

Having said that, it is a bit odd that your server is suggesting that EHLO is an unrecognized command ...

 

[Borvik]

Yea - EHLO is giving the same response even when it is the first hello command.

As far as AUTH LOGIN requiring EHLO rather than HELO. I connected to a couple of postfix servers and the AUTH LOGIN seems to work fine with HELO. Though this behavior probably varies with program and version.

If exchange does require AUTH LOGIN with EHLO, and EHLO isn't working - then I would bet that's the problem.

Looking into the EHLO problem I saw something about SMTP Fixup on PIX firewalls. I do have a Cisco router with a firewall on it. And tried connecting to the server locally (can't believe I didn't try that before) and EHLO worked and AUTH LOGIN too.

So apparently it is a problem with SMTP Fixup somewhere (1 of 2 devices), once I clear that up it should be good.

Thanks for the getting my thought processes on the right track.

 

[people3]

HI,

Is the Pix using mailguard?

This is an issue we had - not the same as your but may point you in the right direction

http://technet.microsoft.com/en-us/library/dd277550.aspx

Cheers

 

[Borvik]

Possibly - I don't know enough about configuring Cisco routers to do anything with it.

Actually bullet point 4 matches the problem exactly.

I've put a call in to our engineer that handles that, and have yet to hear from him.

Based on the symptoms - ehlo working locally, but not externally - I would hazard a guess and say it does have it enabled (or at something like Mailguard enabled), even though the header does not resemble that of the Mailguard header example given in that article.

 

[58sniper]

You should disable any SMTP inspection on Cisco firewalls. When it's enabled, it's known to cause all of kinds of mailflow problems.

And BTW - not using AUTH LOGIN has little to do with being a relay.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[Borvik]

Yeah, I have my engineer working on disabling the SMTP inspection.