* smtp authentication (sendmail relay) @ 2000-12-17 8:29 Harry Putnam 2000-12-17 9:06 ` Kai Großjohann ` (2 more replies) 0 siblings, 3 replies; 26+ messages in thread From: Harry Putnam @ 2000-12-17 8:29 UTC (permalink / raw) [ALERT patience requireed] Finding myself in an unusaual temporary situation where for technical reasons I cannot relay my outgoing mail through my normal ISP smtp machine. My setup is single user running Redhat linux 6.2. Connected by ppp to an ISP and sending with local sendmail to ISP mail machine Normally I set the smart_host to my ISPs smtp.machine. That is temporarily broken for now. I have a second smtp.server that I can use. The smtp side of newsguy.com. I use that pop server routinely. But suddenly find I don't know how to authenticate my relay to an smtp.server that is not part of the isp I'm dialed up with. I know how to set /etc/sendmail.cf to relay to that server but not how to authenticate my outgoing relay to that machine. In fact, not really sure where those smtp negotiations get handled. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 8:29 smtp authentication (sendmail relay) Harry Putnam @ 2000-12-17 9:06 ` Kai Großjohann 2000-12-17 16:53 ` Harry Putnam 2000-12-17 10:51 ` jas 2000-12-17 16:34 ` Stainless Steel Rat 2 siblings, 1 reply; 26+ messages in thread From: Kai Großjohann @ 2000-12-17 9:06 UTC (permalink / raw) Cc: ding On Sun, 17 Dec 2000, Harry Putnam wrote: > I have a second smtp.server that I can use. The smtp side of > newsguy.com. I use that pop server routinely. But suddenly find I > don't know how to authenticate my relay to an smtp.server that is > not part of the isp I'm dialed up with. I know how to set > /etc/sendmail.cf to relay to that server but not how to authenticate > my outgoing relay to that machine. I don't know that ISP, but it is possible for them to use your IP address for authentication. To get the right IP address, you have to use their server for dialin, of course. Another common scheme is smtp-after-pop. Here, the idea is that you connect to the POP server, and if that's successful, then for 5 minutes (or whatever) you're (your IP address is) allowed to use the SMTP server. I think there are also schemes for doing authentication within SMTP, but I think they are rarely used. They are also non-standard, I think. kai -- A large number of young women don't trust men with beards. (BFBS Radio) ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 9:06 ` Kai Großjohann @ 2000-12-17 16:53 ` Harry Putnam 2000-12-17 19:44 ` Kai Großjohann 0 siblings, 1 reply; 26+ messages in thread From: Harry Putnam @ 2000-12-17 16:53 UTC (permalink / raw) Cc: ding Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Gro_johann) writes: > On Sun, 17 Dec 2000, Harry Putnam wrote: > > > I have a second smtp.server that I can use. The smtp side of > > newsguy.com. I use that pop server routinely. But suddenly find > > I > > don't know how to authenticate my relay to an smtp.server that is > > not part of the isp I'm dialed up with. I know how to set > > /etc/sendmail.cf to relay to that server but not how to > > authenticate > > my outgoing relay to that machine. > > I don't know that ISP, but it is possible for them to use your IP > address for authentication. To get the right IP address, you have > to > use their server for dialin, of course. Hoping it won't be considered too off-topic to discuss the nitty gritty details of mail sending and retrieval here: First let me say, that it appears the easiest temporary way may be to just let gnus do the pop and smtp transactions. I haven't actually done that before but it is fairly well documented here and on gnu.emacs.gnus. So shouldn't have too much trouble with that. However as is ofter the case, I'm looking for a more optimal solution, that could be used by simply overwriting sendmail.cf and restarting sendmail. Let me explain my situation a little better, making use of the nifty `picture mode' and listing the tools involved: My machine .. running local sendmail for send and fetchmail/sendmail/procmail for retrieval. _______ | | | Me | |______| / \ / \ / \ / \ ISP|ISPsmtp Newsguy|POP3 So.. I connect to a local ISP, use there SMTP server to relay my outgoing mail via my local sendmail. No special authentication is required, apparently done transparently, from the ISP authentication (login). (sendmail.cf set to this smtp.server as the machine to relay to) (That is temporarily broken) I collect mail from newsguys' POP3 server using fetchmail, in the simplest possible format, which includes authentication: cat .fetchmailrc poll pop.newsguy.com proto pop3 nodns user reader password xxxxxxxx Fetchmail drops it in /var/spool/mail where gnus snarfs it. To direct sendmail to deliver to a different smpt server, is no harder than editing the single line in sendmail.cf: DSsmtp:smtp.MYLOCAL.ISP to read DSsmtp:smtp.newsguy.com And restarting sendmail. But when doing this, the connection is rejected by newsguy since no authentication is provided. The hub of my question is how to provide that authentication and not have to make other changes in my current setup. I want to be able to simply overwrite sendmail, restart it and.... bingo. Now relying thru server smtp.XXX.XXX One would expect that Newsguy.com would have this kind of info readily available but apparently there techs only deal with `windows' clients. > > Another common scheme is smtp-after-pop. Here, the idea is that > you > connect to the POP server, and if that's successful, then for 5 > minutes (or whatever) you're (your IP address is) allowed to use > the > SMTP server. This sounds like a possible option... > > I think there are also schemes for doing authentication within > SMTP, > but I think they are rarely used. They are also non-standard, I > think. Is this last `within' scheme what I am describing above? jas@slipsten.extundo.com writes: > On Sun, 17 Dec 2000, Harry Putnam wrote: > > > I have a second smtp.server that I can use. The smtp side of > > newsguy.com. [...] > > Perhaps you could use modern smtpmail.el which support SMTP > authentication (RFC 2554), rather than a local sendmail? If so, > customize > the `smtpmail' group. Another posssible way .. thanks. > > Hopefully Emacs will contain smtpmail.el with AUTH support in the > future. XEmacs mail-lib in CVS contains it now. "Robin S. Socha" <robin@socha.net> writes: > * Harry Putnam <reader@newsguy.com> writes: > > > Finding myself in an unusaual temporary situation where for > > technical > > reasons I cannot relay my outgoing mail through my normal ISP > > smtp > > machine. > > You are now reader@socha.net, PWD R34d3r > To login, use reader@socha.net, to relay over this machine, get > POP3 > first (smtp after pop). https://socha.net:666/webmail/ is also > there, > altough the account settings are slightly broken ;-) Thanks Robin.. same as above solution `smtp after pop'. Due to your characteristic breivity... Its not clear if there would be a way to do what I've described above on that smtp server. Please set -v to the next higher level.... : ) ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 16:53 ` Harry Putnam @ 2000-12-17 19:44 ` Kai Großjohann 2000-12-19 0:13 ` Harry Putnam 0 siblings, 1 reply; 26+ messages in thread From: Kai Großjohann @ 2000-12-17 19:44 UTC (permalink / raw) Cc: ding On 17 Dec 2000, Harry Putnam wrote: > However as is ofter the case, I'm looking for a more optimal > solution, that could be used by simply overwriting sendmail.cf and > restarting sendmail. To find out what the newsguy.com smtp server wants, it might be easiest to talk to it directly: telnet smtp.newsguy.com 25 Make liberal use of the HELP command... Without authentication, the typical command sequence is this: /---- | HELO lucy.cs.uni-dortmund.de | MAIL FROM: <Kai.Grossjohann@cs.uni-dortmund.de> | RCPT TO: <reader@newsguy.com> | DATA | From: Kai Grossjohann <Kai.Grossjohann@cs.uni-dortmund.de> | To: Harry Putnam <reader@newsguy.com> | Subject: test | | testing the test | . \---- HELO tells the other smtp server who my machine is. MAIL FROM and RCPT TO (including the colon and the angle brackets) give the envelope sender and recipient, DATA indicates that the mail itself follows (terminated by a line which contains only a dot). The message itself also contains From and To, but these are the headers, not the envelope. If the envelope says the message goes to John, and the header says Paul, then the message will go to John. You might wish to compare with what you see. > > I think there are also schemes for doing authentication within > > SMTP, but I think they are rarely used. They are also > > non-standard, I think. > > Is this last `within' scheme what I am describing above? Could be. This depends on whether the SMTP server asks you for authentication. > "Robin S. Socha" <robin@socha.net> writes: > > You are now reader@socha.net, PWD [...] > > To login, use reader@socha.net, to relay over this machine, get > > POP3 > > first (smtp after pop). https://socha.net:666/webmail/ is also > > there, > > altough the account settings are slightly broken ;-) > > Thanks Robin.. same as above solution `smtp after pop'. > > Due to your characteristic breivity... Its not clear if there would > be a way to do what I've described above on that smtp server. > Please set -v to the next higher level.... : ) You need to tell Gnus to get mail from machine socha.net, logging in with given login and password. (It's not clear to me whether the login name should be "reader" or "reader@socha.net".) And then you put socha.net as smarthost into sendmail.cf, and for a couple of minutes after getting mail, you can do "sendmail -q" and the mail will be relayed. For the above scheme, it's not important that you actually HAVE mail at that machine. It's sufficient for you to CONTACT the machine, then the SMTP-after-POP will work. kai -- A large number of young women don't trust men with beards. (BFBS Radio) ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 19:44 ` Kai Großjohann @ 2000-12-19 0:13 ` Harry Putnam 2000-12-19 1:51 ` Glenn Shiffer 0 siblings, 1 reply; 26+ messages in thread From: Harry Putnam @ 2000-12-19 0:13 UTC (permalink / raw) Cc: ding Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes: [...]snipped good summary > For the above scheme, it's not important that you actually HAVE mail > at that machine. It's sufficient for you to CONTACT the machine, then > the SMTP-after-POP will work. Nice summary Kai, helpful to have a printout to see what commands are needed. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-19 0:13 ` Harry Putnam @ 2000-12-19 1:51 ` Glenn Shiffer 2000-12-19 2:41 ` Harry Putnam 0 siblings, 1 reply; 26+ messages in thread From: Glenn Shiffer @ 2000-12-19 1:51 UTC (permalink / raw) Cc: ding I just got to reading this thread- Glad to see you got the answer, it's a strange system, but the way it was explained to me when I used newsguy was this way they wern't and open relay. Once the relay authinticates you, it will stay open for about 4 hours. Glenn ----- Original Message ----- From: "Harry Putnam" <reader@newsguy.com> To: "Kai Großjohann" <Kai.Grossjohann@CS.Uni-Dortmund.DE> Cc: <ding@gnus.org> Sent: Monday, December 18, 2000 7:13 PM Subject: Re: smtp authentication (sendmail relay) > Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes: > > [...]snipped good summary > > > For the above scheme, it's not important that you actually HAVE mail > > at that machine. It's sufficient for you to CONTACT the machine, then > > the SMTP-after-POP will work. > > Nice summary Kai, helpful to have a printout to see what commands are needed. > > ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-19 1:51 ` Glenn Shiffer @ 2000-12-19 2:41 ` Harry Putnam 0 siblings, 0 replies; 26+ messages in thread From: Harry Putnam @ 2000-12-19 2:41 UTC (permalink / raw) Cc: Kai Großjohann, ding "Glenn Shiffer" <fubar@pobox.com> writes: > I just got to reading this thread- > > Glad to see you got the answer, it's a strange system, but the way it was > explained to me when I used newsguy was this way they wern't and open relay. > > Once the relay authinticates you, it will stay open for about 4 hours. > > Glenn When I first started using newsguy, it was still `zippo' and `superzippo'. I always wished they hadn't made that dorky name change. I liked `reader@superzippo.com' better but The Zippo company of cigarette lighter fame sued them and they had to change there name. Back then you could telnet right into the pop server, login, stomp around in there, run a shell, edit/read or whatever /var/spool/mail/USER I remember getting a message from some automated cron job on their pop server for weeks after I had a vi session crash and leave a *.swp file in there. That was early 97 or so. My trouble turned out to be a little different. Not a reverse MX lookup. That was in place The bank of phones that my dialup at home uses goes to a machine that talks to my ISP some 130 miles away it does something (unknown) unusual and the smtp server won't talk to it. Same reason the smtp server on newsguy wouldn't talk to it. (I think) .... They are supposed to be fixing that. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 8:29 smtp authentication (sendmail relay) Harry Putnam 2000-12-17 9:06 ` Kai Großjohann @ 2000-12-17 10:51 ` jas 2000-12-17 16:34 ` Stainless Steel Rat 2 siblings, 0 replies; 26+ messages in thread From: jas @ 2000-12-17 10:51 UTC (permalink / raw) Cc: ding On Sun, 17 Dec 2000, Harry Putnam wrote: > I have a second smtp.server that I can use. The smtp side of newsguy.com. > I use that pop server routinely. But suddenly find I don't know how to > authenticate my relay to an smtp.server that is not part of the isp I'm dialed > up with. I know how to set /etc/sendmail.cf to relay to that server but not > how to authenticate my outgoing relay to that machine. > > In fact, not really sure where those smtp negotiations get handled. Perhaps you could use modern smtpmail.el which support SMTP authentication (RFC 2554), rather than a local sendmail? If so, customize the `smtpmail' group. Hopefully Emacs will contain smtpmail.el with AUTH support in the future. XEmacs mail-lib in CVS contains it now. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 8:29 smtp authentication (sendmail relay) Harry Putnam 2000-12-17 9:06 ` Kai Großjohann 2000-12-17 10:51 ` jas @ 2000-12-17 16:34 ` Stainless Steel Rat 2000-12-17 18:41 ` Simon Josefsson 2000-12-17 21:29 ` Harry Putnam 2 siblings, 2 replies; 26+ messages in thread From: Stainless Steel Rat @ 2000-12-17 16:34 UTC (permalink / raw) * Harry Putnam <reader@newsguy.com> on Sun, 17 Dec 2000 | In fact, not really sure where those smtp negotiations get handled. If newsguy is doing what I suspect they are doing, they don't. Authenticated SMTP hooks into POP authentication. When you authenticate yourself to the POP server, a flag is set that allows you to use that host's SMTP server to relay mail. That flag is cleared after some set period. It is probably a bit more complex than this, but this is what the end users see. -- Rat <ratinox@peorth.gweep.net> \ When not in use, Happy Fun Ball should be Minion of Nathan - Nathan says Hi! \ returned to its special container and PGP Key: at a key server near you! \ kept under refrigeration. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 16:34 ` Stainless Steel Rat @ 2000-12-17 18:41 ` Simon Josefsson 2000-12-17 21:01 ` Harry Putnam 2000-12-17 21:29 ` Harry Putnam 1 sibling, 1 reply; 26+ messages in thread From: Simon Josefsson @ 2000-12-17 18:41 UTC (permalink / raw) Cc: (ding) Stainless Steel Rat <ratinox@peorth.gweep.net> writes: > | In fact, not really sure where those smtp negotiations get handled. > > If newsguy is doing what I suspect they are doing, they don't. > Authenticated SMTP hooks into POP authentication. There is SMTP AUTH (rfc 2554) and SMTP STARTTLS (rfc 2246 + 2595) too, they are better than the POP cludge. Harry might use telnet to find out if it's supported by the server or not, just say "ehlo foo" to the server, and notice if STARTTLS or AUTH CRAM-MD5 is part of the response. $ telnet test.smtp.org 25 Trying 209.220.147.188... Connected to test.smtp.org. Escape character is '^]'. 220 test.smtp.org ESMTP Sendmail 8.11.2.Beta1 ready at Sun, 17 Dec 2000 10:38:48 -0800 (PST); see http://test.smtp.org/ ehlo foo 250-test.smtp.org Hello slipsten.extundo.com [195.42.214.241], pleased to meet you 250-ENHANCEDSTATUSCODES 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN 250-STARTTLS 250 HELP ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 18:41 ` Simon Josefsson @ 2000-12-17 21:01 ` Harry Putnam 2000-12-17 21:14 ` Kai Großjohann 2000-12-17 21:24 ` Lloyd Zusman 0 siblings, 2 replies; 26+ messages in thread From: Harry Putnam @ 2000-12-17 21:01 UTC (permalink / raw) Cc: (ding) Simon Josefsson <sj@extundo.com> writes: > Harry might use telnet to find out if it's supported by the server or > not, just say "ehlo foo" to the server, and notice if STARTTLS or AUTH > CRAM-MD5 is part of the response. [...] snipped examples Newsguy, bars telnet access to port 25 and has for a couple years. All you can get there is no response to commands. So I guess there is no way to set authentication info in sendmail.cf or something similar eh. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 21:01 ` Harry Putnam @ 2000-12-17 21:14 ` Kai Großjohann 2000-12-17 22:45 ` Colin Walters 2000-12-17 21:24 ` Lloyd Zusman 1 sibling, 1 reply; 26+ messages in thread From: Kai Großjohann @ 2000-12-17 21:14 UTC (permalink / raw) Cc: Stainless Steel Rat, (ding) On 17 Dec 2000, Harry Putnam wrote: > Newsguy, bars telnet access to port 25 and has for a couple years. > All you can get there is no response to commands. ?? How does the mail get sent, then? Sending a mail involves connecting to port 25, and whether or not that connection is via telnet is immaterial. I think. But your second sentence seems to imply that it accepts the connection, just doesn't respond when you type something. When you do "telnet smtp.newsguy.com 25", do you get a `connection refused' error, or something else? kai -- A large number of young women don't trust men with beards. (BFBS Radio) ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 21:14 ` Kai Großjohann @ 2000-12-17 22:45 ` Colin Walters 2000-12-17 23:06 ` Lloyd Zusman 0 siblings, 1 reply; 26+ messages in thread From: Colin Walters @ 2000-12-17 22:45 UTC (permalink / raw) Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes: > How does the mail get sent, then? Sending a mail involves > connecting to port 25, and whether or not that connection is via > telnet is immaterial. I think. Maybe it drops anything that tries telnet options negotiation? ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 22:45 ` Colin Walters @ 2000-12-17 23:06 ` Lloyd Zusman 0 siblings, 0 replies; 26+ messages in thread From: Lloyd Zusman @ 2000-12-17 23:06 UTC (permalink / raw) Colin Walters <walters@cis.ohio-state.edu> writes: > Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes: > > > How does the mail get sent, then? Sending a mail involves > > connecting to port 25, and whether or not that connection is via > > telnet is immaterial. I think. > > Maybe it drops anything that tries telnet options negotiation? Well, I was able to make a normal telnet connection to that host. And besides, when you use telnet to connect a port other than 23 (the standard telnet port), no telnet options negotiation is done. As the telnet man page states: ... When connecting to a non-standard port, telnet omits any automatic initiation of TELNET options. ... -- Lloyd Zusman ljz@asfast.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 21:01 ` Harry Putnam 2000-12-17 21:14 ` Kai Großjohann @ 2000-12-17 21:24 ` Lloyd Zusman 2000-12-17 22:15 ` Harry Putnam 1 sibling, 1 reply; 26+ messages in thread From: Lloyd Zusman @ 2000-12-17 21:24 UTC (permalink / raw) Harry Putnam <reader@newsguy.com> writes: > Simon Josefsson <sj@extundo.com> writes: > > > Harry might use telnet to find out if it's supported by the server or > > not, just say "ehlo foo" to the server, and notice if STARTTLS or AUTH > > CRAM-MD5 is part of the response. > > [...] snipped examples > > Newsguy, bars telnet access to port 25 and has for a couple years. > All you can get there is no response to commands. Here's my `typescript' of a telnet SMTP session to newsguy. As you can see, it worked perfectly. Soon after recording this session, I went back and sent myself some email via another telnet session to `smtp.newsguy.com', and it worked fine. Did you connect to `smtp.newsguy.com' or perhaps some other `newsguy' host? Script started on Sun Dec 17 16:16:46 2000 1> telnet smtp.newsguy.com 25 Trying 209.155.56.71... Connected to smtp.newsguy.com. Escape character is '^]'. 220 newsguy.com ESMTP Sendmail 8.11.0/8.9.1; Sun, 17 Dec 2000 13:14:33 -0800 (PST) ehlo asfast.com 250-newsguy.com Hello IDENT:root@acholado.net [216.182.19.128], pleased to meet you 250-ENHANCEDSTATUSCODES 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 2000000 250-DSN 250-ONEX 250-ETRN 250-XUSR 250 HELP quit 221 2.0.0 newsguy.com closing connection Connection closed by foreign host. 2> exit Script done on Sun Dec 17 16:17:20 2000 > So I guess there is no way to set authentication info in sendmail.cf or > something similar eh. > > > > > > -- Lloyd Zusman ljz@asfast.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 21:24 ` Lloyd Zusman @ 2000-12-17 22:15 ` Harry Putnam 2000-12-17 22:26 ` Lloyd Zusman ` (2 more replies) 0 siblings, 3 replies; 26+ messages in thread From: Harry Putnam @ 2000-12-17 22:15 UTC (permalink / raw) Cc: ding Lloyd Zusman <ljz@asfast.com> writes: > Script started on Sun Dec 17 16:16:46 2000 > 1> telnet smtp.newsguy.com 25 > Trying 209.155.56.71... > Connected to smtp.newsguy.com. > Escape character is '^]'. > 220 newsguy.com ESMTP Sendmail 8.11.0/8.9.1; Sun, 17 Dec 2000 13:14:33 -0800 (PST) > ehlo asfast.com [...] Ekkkk. I'll be damned: bsd > telnet smtp.newsguy.com 25 Trying 209.155.56.71... telnet: connect to address 209.155.56.71: Connection refused telnet: Unable to connect to remote host reader@satellite /anex/reader bsd > date Sun Dec 17 14:01:54 PST 2000 And... Newsguy tech staff have told me over the phone that telnet is not allowed. Not sure what the deal is now. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 22:15 ` Harry Putnam @ 2000-12-17 22:26 ` Lloyd Zusman 2000-12-17 23:31 ` Harry Putnam 2000-12-17 23:02 ` Lloyd Zusman 2000-12-18 7:49 ` Steinar Bang 2 siblings, 1 reply; 26+ messages in thread From: Lloyd Zusman @ 2000-12-17 22:26 UTC (permalink / raw) Harry Putnam <reader@newsguy.com> writes: > Lloyd Zusman <ljz@asfast.com> writes: > > > Script started on Sun Dec 17 16:16:46 2000 > > 1> telnet smtp.newsguy.com 25 > > Trying 209.155.56.71... > > Connected to smtp.newsguy.com. > > Escape character is '^]'. > > 220 newsguy.com ESMTP Sendmail 8.11.0/8.9.1; Sun, 17 Dec 2000 13:14:33 -0800 (PST) > > ehlo asfast.com > > [...] > Ekkkk. I'll be damned: > bsd > telnet smtp.newsguy.com 25 > Trying 209.155.56.71... > telnet: connect to address 209.155.56.71: Connection refused > telnet: Unable to connect to remote host > reader@satellite /anex/reader > bsd > date > Sun Dec 17 14:01:54 PST 2000 > > > And... Newsguy tech staff have told me over the phone that telnet is not > allowed. > > Not sure what the deal is now. Well, the only thing I can think of is reverse DNS. Many servers don't allow connection to them unless the connecting host's IP address has a valid reverse DNS entry. The IP address of machine from which I was connecting indeed does have a valid reverse DNS entry, and so perhaps this is why my connection works. In case you don't know what "reverse DNS" is, it's a function of DNS service which will return your domain name when your IP address is fed to it. Normal, "forward" DNS goes in the opposite direction: it returns an IP address when a domain name is supplied. The people who supply your IP (i.e., your ISP) are responsible for supplying reverse DNS for your IP address. Ask your ISP if this can be enabled. It's extremely common these days for ISP's to provide reverse DNS, because for security reasons, most servers on the net (SMTP, NNTP, telnetd, ftpd, etc. etc. etc.) are requiring valid reverse DNS from those who connect to them. If your ISP won't supply this service, I regrettably must suggest that you switch ISP's. And by the way, if your ISP says that reverse DNS isn't possible with dynamic IP's, this isn't true, since many, many ISP's routinely supply proper reverse DNS entries for their dynamic IP customers. HTH -- Lloyd Zusman ljz@asfast.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 22:26 ` Lloyd Zusman @ 2000-12-17 23:31 ` Harry Putnam 2000-12-17 23:41 ` Lloyd Zusman 0 siblings, 1 reply; 26+ messages in thread From: Harry Putnam @ 2000-12-17 23:31 UTC (permalink / raw) Cc: ding Lloyd Zusman <ljz@asfast.com> writes: > Well, the only thing I can think of is reverse DNS. Many servers > don't allow connection to them unless the connecting host's IP address > has a valid reverse DNS entry. The IP address of machine from which I > was connecting indeed does have a valid reverse DNS entry, and so > perhaps this is why my connection works. Bingo... I think you've hit on it. Turns out I can connect to smtp.newsguy.com from my DSL connection at a different location. (Same ISP) So apparently they are not supplying it for dialin accounts. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 23:31 ` Harry Putnam @ 2000-12-17 23:41 ` Lloyd Zusman 0 siblings, 0 replies; 26+ messages in thread From: Lloyd Zusman @ 2000-12-17 23:41 UTC (permalink / raw) Harry Putnam <reader@newsguy.com> writes: > Lloyd Zusman <ljz@asfast.com> writes: > > > Well, the only thing I can think of is reverse DNS. Many servers > > don't allow connection to them unless the connecting host's IP address > > has a valid reverse DNS entry. The IP address of machine from which I > > was connecting indeed does have a valid reverse DNS entry, and so > > perhaps this is why my connection works. > > Bingo... I think you've hit on it. Turns out I can connect to > smtp.newsguy.com from my DSL connection at a different location. > (Same ISP) So apparently they are not supplying it for dialin > accounts. Great! Well ... sort-of "great!" ... it's good to know why this is a problem, but it still has to be corrected. Your ISP should provide reverse DNS for dial-in accounts, because as I mentioned earlier, it's hard to use the net these days without reverse DNS (as you are discovering), and this service is routinely provided by the majority of ISP's these days. If yours refuses to give you reverse DNS service, I strongly suggest you change ISP's, if at all possible. Contact me privately if you want to discuss some ways for you to work around this reverse DNS problem. -- Lloyd Zusman ljz@asfast.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 22:15 ` Harry Putnam 2000-12-17 22:26 ` Lloyd Zusman @ 2000-12-17 23:02 ` Lloyd Zusman 2000-12-18 7:49 ` Steinar Bang 2 siblings, 0 replies; 26+ messages in thread From: Lloyd Zusman @ 2000-12-17 23:02 UTC (permalink / raw) And one more point ... Harry Putnam <reader@newsguy.com> writes: > [ ... ] > > And... Newsguy tech staff have told me over the phone that telnet is not > allowed. > > [ ... ] It turns out that when you do a "telnet [hostname] 25", this looks to the receiving host no different than a connection via any other means. Therefore, no matter what the newsguy staff might have said, there is essentially no way for a remote SMTP server to disable telnet access via port 25 and still allow other forms of SMTP access, at least when the basic protocol is being used. Just a point of information that I meant to add to my previous message about this. And once again, HTH. -- Lloyd Zusman ljz@asfast.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 22:15 ` Harry Putnam 2000-12-17 22:26 ` Lloyd Zusman 2000-12-17 23:02 ` Lloyd Zusman @ 2000-12-18 7:49 ` Steinar Bang 2 siblings, 0 replies; 26+ messages in thread From: Steinar Bang @ 2000-12-18 7:49 UTC (permalink / raw) >>>>> Harry Putnam <reader@newsguy.com>: > [...] > Ekkkk. I'll be damned: > bsd > telnet smtp.newsguy.com 25 > Trying 209.155.56.71... > telnet: connect to address 209.155.56.71: Connection refused > telnet: Unable to connect to remote host > reader@satellite /anex/reader > bsd > date > Sun Dec 17 14:01:54 PST 2000 > And... Newsguy tech staff have told me over the phone that telnet is > not allowed. "telnet" may be, but telnetting to some other port should be possible to distinguish from any other TCP connection to that port. This is what happened when I tried it: $ telnet smtp.newsguy.com smtp Trying 209.155.56.71... Connected to smtp.newsguy.com. Escape character is '^]'. 220 newsguy.com ESMTP Sendmail 8.11.0/8.9.1; Sun, 17 Dec 2000 23:44:19 -0800 (PST) ehlo viffer.metis.no 250-newsguy.com Hello [194.19.99.131], pleased to meet you 250-ENHANCEDSTATUSCODES 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 2000000 250-DSN 250-ONEX 250-ETRN 250-XUSR 250 HELP quit 221 2.0.0 newsguy.com closing connection Connection closed by foreign host. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 16:34 ` Stainless Steel Rat 2000-12-17 18:41 ` Simon Josefsson @ 2000-12-17 21:29 ` Harry Putnam 2000-12-17 21:45 ` Lloyd Zusman 1 sibling, 1 reply; 26+ messages in thread From: Harry Putnam @ 2000-12-17 21:29 UTC (permalink / raw) Cc: (ding) Stainless Steel Rat <ratinox@peorth.gweep.net> writes: > * Harry Putnam <reader@newsguy.com> on Sun, 17 Dec 2000 > | In fact, not really sure where those smtp negotiations get handled. > > If newsguy is doing what I suspect they are doing, they don't. > Authenticated SMTP hooks into POP authentication. When you authenticate > yourself to the POP server, a flag is set that allows you to use that > host's SMTP server to relay mail. That flag is cleared after some set > period. > > It is probably a bit more complex than this, but this is what the end users > see. So, if that is the case then I should be able to relaty through them since that is my source of POP3. So does the relay have to happen in conjunction with a POP3 retrieval .... Any one know how that is setup? Maybe the messages from a staight on attempt to relay will provide a clue. Couldn't think of a way to get more verbose stuff since telnet is disabled: bsd > cat .bashrc|mail -v -s"TESTnewsguySMTP" reader@newsguy.com reader@newsguy.com... Connecting to smtp.newsguy.com. via smtp... reader@newsguy.com... Deferred: Connection refused by smtp.newsguy.com. bsd > ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 21:29 ` Harry Putnam @ 2000-12-17 21:45 ` Lloyd Zusman 2000-12-17 23:03 ` Harry Putnam 0 siblings, 1 reply; 26+ messages in thread From: Lloyd Zusman @ 2000-12-17 21:45 UTC (permalink / raw) Harry Putnam <reader@newsguy.com> writes: > Stainless Steel Rat <ratinox@peorth.gweep.net> writes: > > > * Harry Putnam <reader@newsguy.com> on Sun, 17 Dec 2000 > > | In fact, not really sure where those smtp negotiations get handled. > > > > If newsguy is doing what I suspect they are doing, they don't. > > Authenticated SMTP hooks into POP authentication. When you authenticate > > yourself to the POP server, a flag is set that allows you to use that > > host's SMTP server to relay mail. That flag is cleared after some set > > period. > > > > It is probably a bit more complex than this, but this is what the end users > > see. > > So, if that is the case then I should be able to relaty through them > since that is my source of POP3. So does the relay have to happen in > conjunction with a POP3 retrieval .... Any one know how that is setup? Well, I'm not sure if relay works via newsguy's SMTP server or not, since I only used it to send mail to a newsguy email address that I have. > Maybe the messages from a staight on attempt to relay will provide a > clue. Yep. I agree. Enclosed at the bottom of this email is another typescript showing the following scenario: (1) Connect to `smtp.newsguy.com' via telnet for an SMTP session, and attempt to relay ... this fails. (2) Connect to `pop.newsguy.com' via telnet for a POP3 session, and then immediately log out. (3) Re-connect to `smtp.newsgiy.com' via telnet for an SMTP session, and re-attempt the same relay ... this time, it succeeds. > Couldn't think of a way to get more verbose stuff since telnet is > disabled: On a Unix-like machine you can type `script' from your shell, and then enter interactive commands, such as the telnet commands to the newsguy servers that I issued. When you're done, you type `exit' from your shell, and everything that appeared on your screen since you last typed `script' will be stored in a file called `typescript', in your local directory. Edit out any passwords and any control characters from this file (especially the ^M characters), and this is an exact log of what took place within the telnet sessions. > [ ... ] Here's the typescript log for what I described above: Script started on Sun Dec 17 16:34:01 2000 1> telnet smtp.newsguy.com 25 Trying 209.155.56.71... Connected to smtp.newsguy.com. Escape character is '^]'. 220 newsguy.com ESMTP Sendmail 8.11.0/8.9.1; Sun, 17 Dec 2000 13:31:53 -0800 (PST) ehlo asfast.com 250-newsguy.com Hello IDENT:root@acholado.net [216.182.19.128], pleased to meet you 250-ENHANCEDSTATUSCODES 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 2000000 250-DSN 250-ONEX 250-ETRN 250-XUSR 250 HELP mail from: ljz@asfast.com 250 2.1.0 ljz@asfast.com... Sender ok rcpt to: ljz@nyct.net 550 5.7.1 ljz@nyct.net... Relaying denied - please authenicate by logging into the pop server quit 221 2.0.0 newsguy.com closing connection Connection closed by foreign host. 2> telnet pop.newsguy.com 110 Trying 209.155.56.72... Connected to pop.newsguy.com. Escape character is '^]'. +OK QPOP (version 2.3a) at perry.pathlink.com starting. <22701.977088806@perry.pathlink.com> user XXXXXXXXXX +OK Password required for elhipo. pass YYYYYYYYYY +OK elhipo has 8 messages (11553 octets). quit +OK Pop server at perry.pathlink.com signing off. Connection closed by foreign host. 3> telnet smtp.newsguy.com 25 Trying 209.155.56.71... Connected to smtp.newsguy.com. Escape character is '^]'. 220 newsguy.com ESMTP Sendmail 8.11.0/8.9.1; Sun, 17 Dec 2000 13:33:58 -0800 (PST) ehlo asfast.com 250-newsguy.com Hello IDENT:root@acholado.net [216.182.19.128], pleased to meet you 250-ENHANCEDSTATUSCODES 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 2000000 250-DSN 250-ONEX 250-ETRN 250-XUSR 250 HELP mail from: ljz@asfast.com 250 2.1.0 ljz@asfast.com... Sender ok rcpt to: ljz@tiac.net 250 2.1.5 ljz@tiac.net... Recipient ok data 354 Enter mail, end with "." on a line by itself Subject: This is a test of newsguy relay after a pop access It looks like the test succeeded . 250 2.0.0 eBHLYBM22848 Message accepted for delivery quit 221 2.0.0 newsguy.com closing connection Connection closed by foreign host. 4> exit Script done on Sun Dec 17 16:37:05 2000 -- Lloyd Zusman ljz@asfast.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 21:45 ` Lloyd Zusman @ 2000-12-17 23:03 ` Harry Putnam 2000-12-17 23:20 ` Lloyd Zusman 2000-12-17 23:27 ` Russ Allbery 0 siblings, 2 replies; 26+ messages in thread From: Harry Putnam @ 2000-12-17 23:03 UTC (permalink / raw) Cc: ding Lloyd Zusman <ljz@asfast.com> writes: [...] > > Here's the typescript log for what I described above: [...] snipped dialog > Subject: This is a test of newsguy relay after a pop access > > It looks like the test succeeded I can't seem to get connected to smtp server. My transcript tells a different story: (but at least I was able to connect to pop server) bsd > telnet pop.newsguy.com 110 Trying 209.155.56.72... Connected to pop.newsguy.com. Escape character is '^]'. +OK QPOP (version 2.3a) at perry.pathlink.com starting. <32050.977092832@perry.pathlink.com> user xxxxx +OK Password required for xxxxx pass xxxxxxx +OK xxxxx has 0 messages (0 octets). quit +OK Pop server at perry.pathlink.com signing off. Connection closed by foreign host. bsd > telnet smtp.newsguy.com 25 Trying 209.155.56.71... telnet: connect to address 209.155.56.71: Connection refused telnet: Unable to connect to remote host Script done on Sun Dec 17 14:44:35 2000 I notice a lengthy pause between typing the telnet command to connect to smtp server and the error message being returned. Possibly something to do with my ISP DNS machine?. But seemsno way to connect to smtp server. Seem there would be tools to manage this... I seem to recall something about fetchmail .... but not recognizing it in man page. ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 23:03 ` Harry Putnam @ 2000-12-17 23:20 ` Lloyd Zusman 2000-12-17 23:27 ` Russ Allbery 1 sibling, 0 replies; 26+ messages in thread From: Lloyd Zusman @ 2000-12-17 23:20 UTC (permalink / raw) Harry Putnam <reader@newsguy.com> writes: > Lloyd Zusman <ljz@asfast.com> writes: > > > [...] > > I can't seem to get connected to smtp server. My transcript tells a > different story: > (but at least I was able to connect to pop server) > [ ... ] > > I notice a lengthy pause between typing the telnet command to connect > to smtp server and the error message being returned. > > Possibly something to do with my ISP DNS machine?. But seemsno way to > connect to smtp server. Yes, I really think it has to do with the fact that your ISP is not supplying reverse DNS for your connection. Determine your IP address using `ifconfig' or some other means, and then type: nslookup www.xxx.yyy.zzz where "www.xxx.yyy.zzz" is your IP address. If you get a response which contains something like this ... can't find www.xxx.yyy.zzz: Non-existent host/domain ... then it would be almost certain that your ISP is not providing reverse DNS for your connection. They really *should* supply this, because as I mentioned earlier, more and more services on the internet are requiring proper reverse DNS in order for you to connect to them, and I'm pretty sure that a large service like newsguy would indeed be set up in this fashion. It's possible that this can be fixed very quickly by contacting your ISP and requesting that they set up reverse DNS for you. The DNS configuration is complicated, and quite often small errors creep in which disable things like reverse DNS. I have found from my own experience that ISP's often screw up reverse DNS, and that the tech support people at an ISP frequently only have to make a quick fix to some config file in order to get your reverse DNS working. If this is the case, your problems will be a lot closer to being solved after only making one short phone call to your ISP. And in any case, you really *should* have proper reverse DNS these days if you want to access services on the internet, irrespective of these specific SMTP problems. > Seem there would be tools to manage this... I seem to recall something > about fetchmail .... but not recognizing it in man page. Fetchmail might indeed handle this. But again ... without proper reverse DNS, it doesn't matter whether you access your SMTP via telnet or fetchmail or sendmail or whatever. -- Lloyd Zusman ljz@asfast.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: smtp authentication (sendmail relay) 2000-12-17 23:03 ` Harry Putnam 2000-12-17 23:20 ` Lloyd Zusman @ 2000-12-17 23:27 ` Russ Allbery 1 sibling, 0 replies; 26+ messages in thread From: Russ Allbery @ 2000-12-17 23:27 UTC (permalink / raw) Harry Putnam <reader@newsguy.com> writes: > bsd > telnet smtp.newsguy.com 25 > Trying 209.155.56.71... > telnet: connect to address 209.155.56.71: Connection refused > telnet: Unable to connect to remote host > Script done on Sun Dec 17 14:44:35 2000 > I notice a lengthy pause between typing the telnet command to connect to > smtp server and the error message being returned. > Possibly something to do with my ISP DNS machine?. But seemsno way to > connect to smtp server. Perhaps your ISP is one of the ones that blocks port 25 connections to any systems other than their local customer relay servers to try to cut down on spam from their customers? -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/> ^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2000-12-19 2:41 UTC | newest] Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2000-12-17 8:29 smtp authentication (sendmail relay) Harry Putnam 2000-12-17 9:06 ` Kai Großjohann 2000-12-17 16:53 ` Harry Putnam 2000-12-17 19:44 ` Kai Großjohann 2000-12-19 0:13 ` Harry Putnam 2000-12-19 1:51 ` Glenn Shiffer 2000-12-19 2:41 ` Harry Putnam 2000-12-17 10:51 ` jas 2000-12-17 16:34 ` Stainless Steel Rat 2000-12-17 18:41 ` Simon Josefsson 2000-12-17 21:01 ` Harry Putnam 2000-12-17 21:14 ` Kai Großjohann 2000-12-17 22:45 ` Colin Walters 2000-12-17 23:06 ` Lloyd Zusman 2000-12-17 21:24 ` Lloyd Zusman 2000-12-17 22:15 ` Harry Putnam 2000-12-17 22:26 ` Lloyd Zusman 2000-12-17 23:31 ` Harry Putnam 2000-12-17 23:41 ` Lloyd Zusman 2000-12-17 23:02 ` Lloyd Zusman 2000-12-18 7:49 ` Steinar Bang 2000-12-17 21:29 ` Harry Putnam 2000-12-17 21:45 ` Lloyd Zusman 2000-12-17 23:03 ` Harry Putnam 2000-12-17 23:20 ` Lloyd Zusman 2000-12-17 23:27 ` Russ Allbery
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).