Using SMTP authentication

book

Article ID: 179729

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

 

Resolution

Using SMTP authentication

SMTP authentication allows an MTA to authenticate an email client before permitting it to send messages. You can use SMTP authentication to allow remote users to send email via Symantec Brightmail Gateway. A typical use of SMTP authentication is to allow authorized users to relay mail.

SMTP authentication is a service extension to the ESMTP protocol. For more information on SMTP authentication, see RFC 4954:

http://www.ietf.org/rfc/rfc4954.txt

Many email clients, also known as Mail User Agents (MUAs), support SMTP authentication. Supported clients allow users to provide appropriate credentials to enable SMTP authentication.

Symantec Brightmail Gateway has been tested against versions of the following MUAs for SMTP authentication:

  • Outlook Express

  • Outlook 2003

  • Outlook 2007

  • Foxmail (Chinese)

  • Thunderbird 2

  • Mail.app (for MacOS)

Symantec Brightmail Gateway provides two methods for authenticating user credentials supplied for SMTP authentication. You can use an LDAP authentication source, or you can forward the credentials supplied by the MUA to another SMTP server for authentication.

Symantec Brightmail Gateway supports SMTP authentication via LDAP using simple bind for all supported LDAP directory types. For SMTP authentication via LDAP using password fetching, all supported directory types except Active Directory, Active Directory Global Catalog, and Domino are supported.

Note:
Symantec Brightmail Gateway searches all of your authentication directory data sources for a user attempting to authenticate. If the user exists in more than one authentication directory data source, SMTP authentication fails.

See About data sources and functions.

For SMTP authentication via SMTP forwarding to an SMTP server, Symantec Brightmail Gateway has been tested against servers hosting versions of the following MTAs:

  • Exchange

  • Domino

  • Sendmail

Warning:
If not configured correctly, with appropriate security safeguards, use of SMTP authentication can expose your system to significant security threats. Be sure to take appropriate steps to protect your users, systems, and data when you configure SMTP authentication.

See Best practices for using SMTP authentication.

To use SMTP authentication, perform the steps listed in Table: Using SMTP Authentication.

Table: Using SMTP Authentication

Step

Action

Description

Step 1

Choose your authentication source.

Required

You can use either an LDAP server or an SMTP server as your authentication source.

If you choose an LDAP server, you must have or create a directory data source for authentication. See the links in step 5 for more information.

If you choose SMTP forwarding, you must provide details for an SMTP server that supports SMTP authentication. This server cannot be another Symantec Brightmail Gateway appliance. Skip step 2 and see the link in step 3 for more information.

Note:
Using SMTP forwarding may have an adverse impact on mail processing performance.

Step 2

Choose your authentication method.

Required if you choose LDAP, skip if you choose SMTP forwarding

You can authenticate user passwords using either simple bind or password fetching.

If you do not create a custom LDAP query, Symantec Brightmail Gateway defaults to using simple bind. If you want to use password fetching you must create a custom LDAP query.

See Creating and testing a custom authentication and quarantine address resolution query.

Symantec Brightmail Gateway supports SMTP authentication via LDAP using simple bind for all supported LDAP directory types. For SMTP authentication via LDAP using password fetching, all supported directory types except Active Directory, Active Directory Global Catalog, and Domino are supported

Step 3

Configure SMTP authentication mail settings

Required

Enable authentication and provide key authentication details, including whether you will authenticate client credentials via LDAP or via SMTP forwarding.

You must use an IP address/port combination for SMTP authentication that is different from both your inbound and outbound IP address/port combinations.

See Configuring SMTP authentication mail settings.

Step 4

Configure advanced SMTP authentication settings

Optional

Set maximums and other advanced configuration parameters for SMTP authentication.

See Configuring SMTP advanced settings.

See SMTP advanced authentication settings.

Step 5

Configure LDAP authentication

Optional

Required for SMTP authentication via LDAP.

If you have not yet created a data source, create a data source and enable SMTP authentication.

See Adding a data source.

See Enabling functions on a new data source.

See Creating an authentication data source.

If you have already created a data source, enable SMTP authentication.

See Enabling or editing the authentication function.

Step 6

Provide instructions to end users or configure MUAs

Required

Configure MUAs to connect to the authentication listener port. The default port for the authentication listener is port 587. If you changed this in Step 3 use the changed value.

Step 7

Configure SMTP authentication alerts

Optional

Configure alerts to notify administrators of SMTP authentication login failures.

See Types of alerts.

See Configuring alerts.