Hello everyone!

I went to the "Security & Filtering" tab of the Axigen WebAdmin tool, submenu "Acceptance & Routing". There I selected the "Routing Basic Settings".

The following settings have been changed:
Enable smart host delivery via checked
Host/IP: smtp.sbcglobal.yahoo.com
Port: 25
Authenticate using: checked
Username: <My_DSL_ISP_ACC_login_name>
Password: <My_DSL_ISP_ACC_password>
Use SSL connection: not checked

I am not sure in all honesty what "Allow/Disallow remote delivery" means. The "Allow remote delivery" was checked through default installation, and "Require authentication" was not checked.


Note on the documentation: (skip this paragraph, if you are in a hurry)
I went through the documentation, but that is not very helpful since it says, to allow, check, disallow, uncheck... well, duh. I was hoping for the documentation to specify whether "Allow/Disallow remote delivery" was at all connected to "Smart host" configuration section, and if not, what else what it used for. Obviously, I am not very familiar with the Axigen setup and hence I am using the documentation a lot. At this particular point, it does not seem to be a whole lot explanatory, though.


With the settings above I am able to send emails through my ISP's SMTP server like a charm with the old email server. But Axigen mail server seems not to work for some reason. I am not sure of what part of the communication between my Axigen mail server and my AT&T SMTP server is going wrong.

Axigen mail server returns my mail from "MAILER-DAEMON@localhost.localdomain" with:

I am deeply sorry,
but I was not able to deliver your mail to the following addresses:

xxxx@gmx.net : Relaying not permitted


My questions are:
1) Why is the authentication from Axigen mail server with
smtp.sbcglobal.yahoo.com failing?
2) Why are there soooo many DNR:00000000 entries in the log file?

For your information, I have attached some part of the "everything.txt" log file below.

Thank you for all help you can provide! :)

Hello,

The problem you encountered is caused by the fact that your smarthost does only support 'PLAIN' and 'LOGIN' authentication types:
1130 011921 16 lclhst SMTP-OUT:00000009: << 250-AUTH LOGIN PLAIN XYMCOOKIE
For security reasons, Axigen will only use CRAM-MD5 authentication over unencrypted connections, by default. You can modify this behavior by setting up the smarthost delivery rule manually:
- disable the smarthost related options from 'Security & Filtering' -> 'Acceptance & Routing' -> 'Routing basic settings'
- switch to the 'Advanced settings' tab and press the 'Add Acceptance/Routing Rule' button.
- enter a suggestive rule name
- select Actions -> Relay -> Host -> Add action then enter your smarthost address and port in the corresponding boxes that appear
- select Actions -> Relay -> Authentication -> Add action then enter your smathost credentials in the boxes that appear
- select Actions -> Authentication -> Plain connections -> Add action then enable the 'Plain' and 'Login' checkboxes
After this, use the 'Save configuration' button to activate the rule.


Regarding your other question, both the 'Allow remote delivery' and 'Require Authentication' checkboxes under the 'Routing basic settings' tab should be enabled. These settings control relay permissions during SMTP sessions:
- 'Allow remote delivery' controls whether non-local recipients are to be accepted at all, during SMTP sessions
- 'Require authentication' - if this checkbox is enabled, Axigen will refuse non-local recipients if the user is not authenticated. If the checkbox is disabled, anyone will be allowed to send emails to remote domains, even without authenticating.
Please note that disabling the 'Require authentication' checkbox would make your server act as open relay, and therefore usable by spammers to relay emails without restrictions.

Best regards,

Hello,

The problem you encountered is caused by the fact that your smarthost does only support 'PLAIN' and 'LOGIN' authentication types:
1130 011921 16 lclhst SMTP-OUT:00000009: << 250-AUTH LOGIN PLAIN XYMCOOKIE


Darn! And I absolutely wish I could read that communication log between the two severs like you do. ;)

For security reasons, Axigen will only use CRAM-MD5 authentication over unencrypted connections, by default.

I wished there was an option to select from. On the other hand someone would expect that a huge ISP like AT&T would have stricter security measures, but then again, all that comes from user experience, I guess, and how much of a configuration burden AT&T can put on their customers. Not speaking about eMail clients like Outlook Express and others, which may not even have the option to follow a CRAM-MD5 authentication protocol.


You can modify this behavior by setting up the smarthost delivery rule manually:
- disable the smarthost related options from 'Security & Filtering' -> 'Acceptance & Routing' -> 'Routing basic settings'
- switch to the 'Advanced settings' tab and press the 'Add Acceptance/Routing Rule' button.
- enter a suggestive rule name
- select Actions -> Relay -> Host -> Add action then enter your smarthost address and port in the corresponding boxes that appear
- select Actions -> Relay -> Authentication -> Add action then enter your smathost credentials in the boxes that appear
- select Actions -> Authentication -> Plain connections -> Add action then enable the 'Plain' and 'Login' checkboxes
After this, use the 'Save configuration' button to activate the rule.

Now, this is absolutely COOL!!!. I was already thinking "... oh well, if that ISP does not support this authentication type, I may have to wait for a new version of Axigen Mail Server with a workaround..." but then, the configuration options with filters in Axigen Mail Server seem to have no boundaries at all. Actually, that Mail Server is so powerful, that I wish I would have more experience with it or could learn it all within a day.. There is just so much to learn about it...
Thank you again for your outstanding help! :)

Regarding your other question, both the 'Allow remote delivery' and 'Require Authentication' checkboxes under the 'Routing basic settings' tab should be enabled. These settings control relay permissions during SMTP sessions:
- 'Allow remote delivery' controls whether non-local recipients are to be accepted at all, during SMTP sessions

Thank you for that info too!!!


- 'Require authentication' - if this checkbox is enabled, Axigen will refuse non-local recipients if the user is not authenticated. If the checkbox is disabled, anyone will be allowed to send emails to remote domains, even without authenticating.
Please note that disabling the 'Require authentication' checkbox would make your server act as open relay, and therefore usable by spammers to relay emails without restrictions.

Now - that last paragraph should go into your online documentation for Axigen Mail Server as is. That is absolutely helpful, but unfortunately missing in the documentation! Excellent explanation on your part! Can't you just do a simple Copy & Paste into your documentation sources? ;) If you do that, take the part "Just check the box in front of the option that you want to activate." out, since my 4-year old has figured that part out. :D

And again - Thanks for your help here! I hope others will benefit from it too!