SMTP authentication allows an MTA to authenticate an email client before permitting it to send messages. You can use SMTP authentication to allow remote users to send email via Symantec Brightmail Gateway. A typical use of SMTP authentication is to allow authorized users to relay mail.
SMTP authentication is a service extension to the ESMTP protocol. For more information on SMTP authentication, see RFC 4954:
http://www.ietf.org/rfc/rfc4954.txt
Many email clients, also known as Mail User Agents (MUAs), support SMTP authentication. Supported clients allow users to provide appropriate credentials to enable SMTP authentication.
Symantec Brightmail Gateway has been tested against versions of the following MUAs for SMTP authentication:
Symantec Brightmail Gateway provides two methods for authenticating user credentials supplied for SMTP authentication. You can use an LDAP authentication source, or you can forward the credentials supplied by the MUA to another SMTP server for authentication.
Symantec Brightmail Gateway supports SMTP authentication via LDAP using simple bind for all supported LDAP directory types. For SMTP authentication via LDAP using password fetching, all supported directory types except Active Directory, Active Directory Global Catalog, and Domino are supported.
Note:
Symantec Brightmail Gateway searches all of your authentication directory data sources for a user attempting to authenticate. If the user exists in more than one authentication directory data source, SMTP authentication fails.
See About data sources and functions.
For SMTP authentication via SMTP forwarding to an SMTP server, Symantec Brightmail Gateway has been tested against servers hosting versions of the following MTAs:
Warning:
If not configured correctly, with appropriate security safeguards, use of SMTP authentication can expose your system to significant security threats. Be sure to take appropriate steps to protect your users, systems, and data when you configure SMTP authentication.
See Best practices for using SMTP authentication.
To use SMTP authentication, perform the steps listed in Table: Using SMTP Authentication.
Table: Using SMTP Authentication
Step | Action | Description |
---|---|---|
Step 1 | Choose your authentication source. | Required You can use either an LDAP server or an SMTP server as your authentication source. If you choose an LDAP server, you must have or create a directory data source for authentication. See the links in step 5 for more information. If you choose SMTP forwarding, you must provide details for an SMTP server that supports SMTP authentication. This server cannot be another Symantec Brightmail Gateway appliance. Skip step 2 and see the link in step 3 for more information. Note: |
Step 2 | Choose your authentication method. | Required if you choose LDAP, skip if you choose SMTP forwarding You can authenticate user passwords using either simple bind or password fetching. If you do not create a custom LDAP query, Symantec Brightmail Gateway defaults to using simple bind. If you want to use password fetching you must create a custom LDAP query. See Creating and testing a custom authentication and quarantine address resolution query. Symantec Brightmail Gateway supports SMTP authentication via LDAP using simple bind for all supported LDAP directory types. For SMTP authentication via LDAP using password fetching, all supported directory types except Active Directory, Active Directory Global Catalog, and Domino are supported |
Step 3 | Configure SMTP authentication mail settings | Required Enable authentication and provide key authentication details, including whether you will authenticate client credentials via LDAP or via SMTP forwarding. You must use an IP address/port combination for SMTP authentication that is different from both your inbound and outbound IP address/port combinations. |
Step 4 | Configure advanced SMTP authentication settings | Optional Set maximums and other advanced configuration parameters for SMTP authentication. |
Step 5 | Configure LDAP authentication | Optional Required for SMTP authentication via LDAP. If you have not yet created a data source, create a data source and enable SMTP authentication. See Adding a data source. See Enabling functions on a new data source. See Creating an authentication data source. If you have already created a data source, enable SMTP authentication. |
Step 6 | Provide instructions to end users or configure MUAs | Required Configure MUAs to connect to the authentication listener port. The default port for the authentication listener is port 587. If you changed this in Step 3 use the changed value. |
Step 7 | Configure SMTP authentication alerts | Optional Configure alerts to notify administrators of SMTP authentication login failures. See Types of alerts. See Configuring alerts. |