SMTP authentication allows an MTA to authenticate an email client before permitting it to send messages. You can use SMTP authentication to allow remote users to send email via Symantec Brightmail Gateway. A typical use of SMTP authentication is to allow authorized users to relay mail.
Symantec Brightmail Gateway has been tested against versions of the following MUAs for SMTP authentication:
Symantec Brightmail Gateway provides two methods for authenticating user credentials supplied for SMTP authentication. You can use an LDAP authentication source, or you can forward the credentials supplied by the MUA to another SMTP server for authentication.
Symantec Brightmail Gateway supports SMTP authentication via LDAP using simple bind for all supported LDAP directory types. For SMTP authentication via LDAP using password fetching, all supported directory types except Active Directory, Active Directory Global Catalog, and Domino are supported.
Symantec Brightmail Gateway searches all of your authentication directory data sources for a user attempting to authenticate. If the user exists in more than one authentication directory data source, SMTP authentication fails.
For SMTP authentication via SMTP forwarding to an SMTP server, Symantec Brightmail Gateway has been tested against servers hosting versions of the following MTAs:
If not configured correctly, with appropriate security safeguards, use of SMTP authentication can expose your system to significant security threats. Be sure to take appropriate steps to protect your users, systems, and data when you configure SMTP authentication.
To use SMTP authentication, perform the steps listed in Table: Using SMTP Authentication.
Table: Using SMTP Authentication
Choose your authentication source.
You can use either an LDAP server or an SMTP server as your authentication source.
If you choose an LDAP server, you must have or create a directory data source for authentication. See the links in step 5 for more information.
If you choose SMTP forwarding, you must provide details for an SMTP server that supports SMTP authentication. This server cannot be another Symantec Brightmail Gateway appliance. Skip step 2 and see the link in step 3 for more information.
Choose your authentication method.
Required if you choose LDAP, skip if you choose SMTP forwarding
You can authenticate user passwords using either simple bind or password fetching.
If you do not create a custom LDAP query, Symantec Brightmail Gateway defaults to using simple bind. If you want to use password fetching you must create a custom LDAP query.
Symantec Brightmail Gateway supports SMTP authentication via LDAP using simple bind for all supported LDAP directory types. For SMTP authentication via LDAP using password fetching, all supported directory types except Active Directory, Active Directory Global Catalog, and Domino are supported
Configure SMTP authentication mail settings
Enable authentication and provide key authentication details, including whether you will authenticate client credentials via LDAP or via SMTP forwarding.
You must use an IP address/port combination for SMTP authentication that is different from both your inbound and outbound IP address/port combinations.
Configure advanced SMTP authentication settings
Set maximums and other advanced configuration parameters for SMTP authentication.
Configure LDAP authentication
Required for SMTP authentication via LDAP.
If you have not yet created a data source, create a data source and enable SMTP authentication.
See Adding a data source.
If you have already created a data source, enable SMTP authentication.
Provide instructions to end users or configure MUAs
Configure MUAs to connect to the authentication listener port. The default port for the authentication listener is port 587. If you changed this in Step 3 use the changed value.
Configure SMTP authentication alerts
Configure alerts to notify administrators of SMTP authentication login failures.
See Types of alerts.
See Configuring alerts.