My customer has a netvanta 7100 that I recently installed. I am trying to get email forwarding working on their system. They have an email server on site that isn't agreeing with the netvanta on authentication. When I run a debug "system," this is what I get.
To SMTP server: EHLO [192.168.200.59] |
To SMTP server: 23 bytes of data |
SMTP Response: 250-mail.xxxxxxx.com Hello [192.168.200.59] |
SMTP Response: 250-SIZE |
SMTP Response: 250-PIPELINING |
SMTP Response: 250-DSN |
SMTP Response: 250-ENHANCEDSTATUSCODES |
SMTP Response: 250-AUTH |
SMTP Response: 250-8BITMIME |
SMTP Response: 250-BINARYMIME |
SMTP Response: 250 CHUNKING |
Unsupported form of SMTP-AUTH: 250-auth |
SMTP server still in dead-time. |
darrenob,
The SMTP server is likely expecting an authentication method not supported by the SMTP client in AOS. AOS only supports the following SMTP authentication methods:
• digest-md5
• cram-md5
• login
• plain
TLS support was added in AOS R10.8 for services that require it like Gmail.
unified provided an e-mail service that he tested with AOS. Here is a sample configuration that should work with Yahoo mail. You will need to replace anything in <brackets>.
!
ip name-server <primary DNS server> <secondary DNS server>
no logging email
logging email receiver-ip smtp.mail.yahoo.com port 587 auth-username <Yahoo-account>@yahoo.com auth-password <Yahoo password>
logging email sender <Yahoo-account>@yahoo.com
!
!
voice user <extension>
email <e-mail address>
voicemail notify email attach-message pcm
voicemail notify schedule Sunday 12:00 am
notify email primary
!
Thanks,
Matt
Message was edited by: matt - updated with info on TLS support
I started using SendGrid for an email relay. (It's meant for email marketing)
Their free account will give you 200 emails a day which is more then enough for most users. (If they go over it's only 0.10 per thousand.)
I tested it with the Adtran NetVanta 644 and it works fine.
darrenob,
The SMTP server is likely expecting an authentication method not supported by the SMTP client in AOS. AOS only supports the following SMTP authentication methods:
• digest-md5
• cram-md5
• login
• plain
TLS support was added in AOS R10.8 for services that require it like Gmail.
unified provided an e-mail service that he tested with AOS. Here is a sample configuration that should work with Yahoo mail. You will need to replace anything in <brackets>.
!
ip name-server <primary DNS server> <secondary DNS server>
no logging email
logging email receiver-ip smtp.mail.yahoo.com port 587 auth-username <Yahoo-account>@yahoo.com auth-password <Yahoo password>
logging email sender <Yahoo-account>@yahoo.com
!
!
voice user <extension>
email <e-mail address>
voicemail notify email attach-message pcm
voicemail notify schedule Sunday 12:00 am
notify email primary
!
Thanks,
Matt
Message was edited by: matt - updated with info on TLS support
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily as well as award points to the users that helped you. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
Thanks,
Matt
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Matt
Matt, we run into this issue quite a bit with having Exchange servers relay messages for Netvanta devices. The funny thing is that I am currently working on one right now and getting the same debug output as the original poster. I assume many Netvanta/Exchange users run into this issue and it seems to me that it would be best to post a solution so that anyone looking for an answer can get their voicemail to email or logging to email up and running. I do see the supported authentication types but I am interested in finding out what Exchange needs so that the Netvanta can get these messages out. I have got them working before but cant remember the best solution. I want to say create an smtp receive connector with anonymous relay from only the ip address of the Netvanta device and will post when I figure it out.
The most likely cause is Exchange requiring TLS support. Starting with AOS R10.8.0 TLS is a supported authentication method. If you are running code prior to R10.8, you can disable TLS on Exchange by going to the Properties of the receive connector and on the Authentication tab uncheck the box for Transport Layer Security (TLS), and check the box to enable Basic Authentication:
You might also need to disable Anonymous users on the Permission Groups tab for the server to request authentication.
Please give that a try and let us know if it resolves the issue.
Thanks,
Matt
Matt, since this is an SBS server, disabling the TLS authentication causes issues with email clients authenticating. Once I disabled this setting Outlook clients would no longer receive internal emails. I believe it has something to do with the way SBS uses certificates. I have not tried this setting on a Windows OS Standard server install at this time. I have however determined the best and most secure way of configuring Exchange to work with the older (non-10.8) firmwares. This requires the creation of a new receive connector that allows anonymous relay from a single or multiple IP addresses. It also works with some Multi-function printers and other PBX devices that do not support TLS. With this setup you do not specify a username or password on the 7100 email settings tab. I have copied and created a pdf document that details the creation of this trusted receive connector. At this time we do not see any increase in Spam, spoofing or zombie attacks with this configuration. Make sure you remove the username and password from the 7100 email forwarding section. You just need enabled, port, ip address of Server and email sender, I made my sender voicemail@theirdomain.com.
Thanks for the information and for being willing to share the document. To attach it to your reply click the "Use advanced editor" link on the top right corner of the reply box. On the resulting page you will be able to add an attachment.
I just wanted to update this post to mention that starting with AOS R10.8 TLS security is supported for services that require it like Gmail.
Thanks,
Matt
Hi Everyone,
I have a similar problem with a NV7100 and a Small Business Server. We upgraded to the latest firmware on the NV7100 but cannot get the relaying of emails to work. It is a SBS 2008 server - we setup a separate receive connector for internal relaying without authentication (selected Exchange and Legacy Exchange server in permission group and externally secured in authentication) - which works fine at our office. We added the NV7100 internal IP in the allowed IP list in the Anti-Spam option. But we get an error 5.7.1 with that setting.
The problem is we cannot add the IP of the Netvanta in the list of remote servers - because the exchange server console will not allow it because it would create an open relay - since the netvanta is our gateway and we have the internal Exchange server with port forwarding etc. set up.
When I change the relay setting to authentication with basic or TLS and put in anonymous in the permission group I get the "Unsupported form of SMTP-AUTH: 250-authSMTP server still in dead-time." message.
I also have a Netvanta 7100 connected via VPN from a remote site and even that one is not able to relay through the connector either even though I added its IP in the list of remote servers to allow relaying.
Other devices like a NAS server on the other side of the VPN tunnel can relay - but that one may work because it is joined to the domain and doesn't have that issue.
In all the documents provided here there there is no mentioning of open relay consideration - why? Also why can't we do authentication with the Exchange server? If so how would that work - would the username be "domain.local\username" or how does that need to be entered? I have tried that without luck so I assume the format is wrong but I couldn't figure out how it needs to be formatted.
Thanks for your help,
Frank
Frank,
Can you verify the source address of the SMTP traffic from the NetVanta 7100 matches the relay-IP you have configured? Also, for the case where the NetVanta 7100 is the gateway you can use the logging email source-interface command to change to another vlan or a loopback IP address to get around that issue.
Thanks,
Matt
Sorry for not replying sooner. Once I changed the source interface to the GRE-Tunnel IP's and added those to the allowed relaying addresses it was working fine.
Thank you,
Frank
I just wanted to update this post to mention that AOS R10.9.2 was recently released, which included a fix for e-mail servers that use TLS.
Having the same issue, however, we are an ISP and also a reseller. We have our own Email system that all of our Broadband clients use. It uses TLS and will not work with the 7100. No options to modify the server settings. Can provide logging if needed for TAC to look at.
If you are not using AOS R10.9.2 please load it on the Netvanta 7100. That version is critical if you are using a mail server with TLS. If still have problems after updating to that version, I will need to see the output from a debug system and the current configuration of the unit. You can upload them to the FTP server with the instructions below:
Open Internet Explorer web browser on their PC
Type the following URL: ftp://ftp.adtran.comPress the Alt key, click View, and then click Open FTP Site in Windows Explorer
Double-click the "Incoming" folder
Drag and drop files from PC into the Internet Explorer windowReply to this post with the exact filenames used so we can retrieve the files
Thanks,
Matt
Running 10.10, do I need to downgrade? I assumed 10.9.2 features carried forward.
It is always best to check the release notes for a given version to confirm a specific fix. This particular TLS fix is not currently in R10.10.0, but R10.11.0 will contain this fix when it is released. If you need features specific to R10.10 that will prevent you from downgrading to R10.9.2, you can subscribe to the area to be alerted by e-mail when R10.11.0 is released.
Thanks,
Matt
Matt,
That worked great, thanks.