Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Senior Member jalal's Avatar
    Join Date
    May 2003
    Location
    Germany
    Posts
    1,377

    Default recent upgrade breaks SMTP mailing

    Since about a year I (and all my customers) have been able to use SMTP authentication to send emails and thus avoid having to use the silly POP before SMTP method of authentication.
    Since the 14th August security "upgrade" SMTP authentication has been disabled and I'm now left with the task of explaining that users have to poll for the email before they can send it.

    Am I the only one who has had this problem (the only one using SMTP authentication?)?

    And, if anyone from Westhost is reading this, can we please have SMTP working the way it was?

    Thanks in advance.

  2. #2
    Member
    Join Date
    Nov 2003
    Location
    Detroit, Michigan USA
    Posts
    53

    Default

    I'm not seeing the problem and my servers were touched this pass week also.
    -Andy

  3. #3
    Junior Member
    Join Date
    Aug 2004
    Posts
    5

    Default Re: recent upgrade breaks SMTP mailing

    Quote Originally Posted by jalal
    Since the 14th August security "upgrade" SMTP authentication has been disabled.... Am I the only one who has had this problem (the only one using SMTP authentication?)?
    Jalal,

    I am having exactly the same problem. Have been using SMTP auth for a long time; now it is suddenly broken.

    What is perhaps more troubling is that my domain's SMTP server will now accept and send email from UNauthenticated users... Set your email client to do NO AUTHENTICATION on your SMTP server and see what happens....

    Certainly seems like a security hole to me! :shock:

    WestHost???

  4. #4
    Junior Member
    Join Date
    Aug 2004
    Posts
    5

    Default

    Jalal,

    After an extensive online chat with Westhost support, the problem was fixed for my domain, and, according to tech support, for everyone else. In other words, yours should work now.

    They said a "security setting was set too high," but I couldn't get anymore details than that. If yours still doesn't work, I suggest asking to escalate to an admin right away.

    The support agent was very helpful, but he/she ultimately had to escalate to an admin to resolve the issue.

    Good luck!

  5. #5
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,721

    Default

    Not sure if this has been taken care of over all the accounts.

    Jalal, When you had your clients use SMTP authentication did they simply use the username without domain added then the password to authenticate? I just noticed one account I had recently set up. I had for the username both username with the at domain in the field and it would not work. I then did some looking and my others had simply the username. Now it could have been I had this account set wrong in the first place but I thought I had sent out on it before today. Don't know if this is relevent or not but thought I would mention it.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  6. #6
    Senior Member jalal's Avatar
    Join Date
    May 2003
    Location
    Germany
    Posts
    1,377

    Default

    Things seem to be back the way they used to be. I've just sent some test emails from my own account without POP and they went off OK. Rather disturbingly I didn't need authentication either... although it worked with both SMTP auth and without it.

    Shawn, most of my clients use 'user@domain.com' for their logins. But its hard to be precise, I administer a mix of old Westhost accounts tranferred to Reseller and some accounts that originated in the Reseller and they each have their quirks. When I first created packages as a Reseller, I turned off the 'POP before SMTP' on the understanding that that would turn on SMTP auth, which it seemed to do so I thought no more about it. 'POP before SMTP' is pretty broken anyhow, I don't know why it is still there.
    Anyway, short answer, I've lost track of what each client is using/doing to logon etc. Sometime I'm going to have to setup a database and get all that information a bit more organized.

    cheers
    jalal

  7. #7
    Junior Member
    Join Date
    Aug 2004
    Posts
    5

    Default

    Quote Originally Posted by wildjokerdesign
    I had for the username both username with the at domain in the field and it would not work. I then did some looking and my others had simply the username. Now it could have been I had this account set wrong in the first place but I thought I had sent out on it before today. Don't know if this is relevent or not but thought I would mention it.
    Actually, I think this is relevant. After Westhost support/admins had "fixed" the problem, I was still unable to authenticate to my SMTP server. I found that I, too, was using "user@domain" as the username to authenticate against. Once I changed it to just "user," it worked.

    Unfortunately, I had switched my settings around so much while troubleshooting this problem with WH support that I couldn't remember what I had used originally, so I wasn't sure if this was caused by a change on their end or mine.

    :arrow: At this point, though, it would appear that you must use only the username (and not the domain part) when authenticating to SMTP.

    Quote Originally Posted by jalal
    Rather disturbingly I didn't need authentication either... although it worked with both SMTP auth and without it.
    Westhost support informed of something else that may be of interest. Anyway, it turns out that the "unauthenticated SMTP access" I mentioned earlier as a potential security hole isn't really as it appears. Apparently, anytime you authenticate to POP3 (yes, POP3), your server remembers the IP from which the request originated. It writes this IP into /etc/mail/relay-domains, which is subsequently used by the SMTP server (sendmail) to check the originating IP of the SMTP request.

    If the IP is found in the file, then "unauthenticated" SMTP access is granted; if the IP is not found, access to SMTP should be denied.

    I think this only applies when unauthenticated access is initiated in the first place, though I am not 100% certain of that.

  8. #8
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,721

    Default

    Yes it works with SMTP auth or without for me also. It is a bit confusing to me since in Outlook when I set up an account I have to enter user@domain.com for Incoming Mail Server > Account name but if I choose Outgoing Mail Server > My server requires authentication then I have to use the Settings button and choose Log on using and simply use the username in the Account name field. Wish I could wrap my head around all the ends and outs of email better. Guess I'll just keep trying and reading the articles on you site. Thanks again for those they can be a real life saver!
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  9. #9
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,721

    Default

    toastk, Your post got in befor mine. I think you are right on about the set up. I had thought about the explination for the unauthenticated SMTP access but was just not sure how to explain it. What you describes make sense.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  10. #10
    Senior Member jalal's Avatar
    Join Date
    May 2003
    Location
    Germany
    Posts
    1,377

    Default

    toastk

    I think you hit the nail on the head... hehe.

    Just to check I had my site checked out by abuse.net to see if it was an open relay and they said no, everything is fine.

    So, good....

Similar Threads

  1. Replies: 5
    Last Post: 03-05-2008, 09:43 PM
  2. MySQL4.1.9 to MySQL 5.0.27 upgrade
    By bookish in forum PHP / MySQL
    Replies: 3
    Last Post: 02-20-2007, 07:37 PM
  3. Upgrade status?
    By Allison A in forum General Discussion
    Replies: 1
    Last Post: 01-25-2004, 10:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •