Send mail via smtp from local DVR

georgedorila · November 11, 2020, 11:33am

I’m trying to send an email from a local dvr via smtp, and email is rejected.I can’t find the reason in log file. Could someone help me?
logfile:
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: [192.168.100.8:25] connection accepted from [192.168.100.242:38406]
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Set smtp greeting to [mail.connord.ro]
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: SPF result for EHLO domain connected from <192.168.100.242>: None (spfHeader = ‘none (dvrdvs: dvrdvs does not designate permitted sender hosts) client-ip=192.168.100.242; helo=dvrdvs; mechanism=default; identity=helo; receiver=cnn-server-2019;’; spfExplanation = ‘null’)
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Greylist enabled
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Set max data size to 10240 KB
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Set max received headers to 30
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Maximum recipient count set to 1000
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Wait for processing response at least 10 seconds
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: STARTTLS extension allowed
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: 8BIT MIME accepted
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: BINARY DATA extension allowed
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: PIPELINING extension allowed
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: DSN extension denied
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Set local delivery to auth
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Set remote delivery to auth
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Authentication disabled
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Set SPF result to pass
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Set remote delivery to auth
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Allowed authentication types: plain login cram-md5 digest-md5 gssapi
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Created new queue item with id 002A6B0C
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: Reject delivery to connord.ro for mail 2A6B0C
2020-11-11 12:52:03 +0200 08 cnn-server-2019 SMTP-IN:000018C2: closing session from [192.168.100.242]

indreias · November 13, 2020, 10:14am

Hello George,

Please increase the log level for SMTP Receiving service to Protocol Communication so we could get more hints of why the message was rejected.

My bet is that the DVR device is using a non authenticated session and, by default, relaying messages to external domains are accepted only from authenticated sessions (otherwise you will be acting as an open-relay, which is not good at all).

If this is the case you have 2 options:

configure the DVR to send messages with a dedicated account (like dvr@your.domain)
if this device is a trusted one you may add a relaying exception for that IP address (WebAdmin > Security & Filtering > Acceptance & Routing > Routing basic settings > Allow/Disallow relaying > Exceptions > Add)

HTH,
Ioan

georgedorila · November 13, 2020, 11:23am

Ok, the log is here:2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: [192.168.100.8:25] connection accepted from [192.168.100.242:54589]
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Set smtp greeting to [mail.connord.ro]
2020-11-13 13:19:56 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: >> 220 mail.connord.ro
2020-11-13 13:19:56 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: << HELO dvrdvs
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Set remote delivery to auth
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Greylist disabled
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Set max data size to 10240 KB
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Set max received headers to 30
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Maximum recipient count set to 1000
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Wait for processing response at least 10 seconds
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: STARTTLS extension allowed
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: 8BIT MIME accepted
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: BINARY DATA extension allowed
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: PIPELINING extension allowed
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: DSN extension denied
2020-11-13 13:19:56 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Set local delivery to all
2020-11-13 13:19:57 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: SPF result for EHLO domain connected from <192.168.100.242>: None (spfHeader = ‘none (dvrdvs: dvrdvs does not designate permitted sender hosts) client-ip=192.168.100.242; helo=dvrdvs; mechanism=default; identity=helo; receiver=cnn-server-2019;’; spfExplanation = ‘null’)
2020-11-13 13:19:57 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Allowed authentication types: plain login cram-md5 digest-md5 gssapi
2020-11-13 13:19:57 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: Set remote delivery to auth
2020-11-13 13:19:57 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: >> 250 cnn-server-2019 Axigen ESMTP hello
2020-11-13 13:19:57 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: << AUTH LOGIN
2020-11-13 13:19:57 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: >> 503 No ESMTP capabilities requested
2020-11-13 13:19:57 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: >> 421 cnn-server-2019 remote peer has closed connection
2020-11-13 13:19:57 +0200 08 cnn-server-2019 SMTP-IN:00001DD6: closing session from [192.168.100.242]

indreias · November 13, 2020, 12:56pm

Hello George,

It seems that the DVR is using the obsolete HELO greeting (as introduced by RFC821) and this is why Axigen is closing connection when it tries to authenticate.

2020-11-13 13:19:56 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: >> 220 mail.connord.ro
2020-11-13 13:19:56 +0200 16 cnn-server-2019 SMTP-IN:00001DD6: << HELO dvrdvs

Most probably there is no way to enable ESMTP (introduced byr RFC2821 into the DVR configuration so I see no other options but to disable authentication on DVR side and add a relay exception (if needed - local delivery, by default, is permitted without authentication) for its IP address.

HTH,
Ioan

georgedorila · November 16, 2020, 11:39am

Hello Ioan,
Is done and is working!

Thank you for your time,
George