Community Discussions and Support
Mercury with Becky mail client Not support SMTP AUTH

Wow......

now it's ok

that was my problem -_-"

I dont know about local/non-local

thank you everybody for helping

<P>Wow......</P> <P>now it's ok</P> <P>that was my problem -_-"</P> <P>I dont know about local/non-local</P> <P>thank you everybody for helping </P>

when send mail...

Mercury dont read auth file for user and pass word

any user can send mail

what's wrong????

<P>when send mail...</P> <P>Mercury dont read auth file for user and pass word</P> <P>any user can send mail</P> <P>what's wrong????</P>

From the Help:

 

Controlling relaying

SMTP relaying was originally the standard method of propagating mail on the Internet: in normal operation, an SMTP host would accept any message destined for any user, even if that user was not a local user on the system: after it had accepted the message, it would relay it to the correct host for delivery. Mail agents like Pegasus Mail and Outlook) routinely depend on relaying to send mail - in essence, a smaller client (Pegasus Mail or Outlook) is asking a larger implementation (in this case, Mercury) to send the mail on its behalf.

In recent years, relaying has been abused by perpetrators of mass unsolicited commercial e-mail (or "spam"), and many sites wish to control the way relaying is managed. Mercury provides two anti-relaying modes, normal and strict. Normal mode is turned on by checking the control labelled "Do not permit SMTP relaying of non-local mail". Strict mode is turned on by also checking the control labelled "Use strict local relaying restrictions". The default mode is Normal relaying control, although this can be overridden during installation and at any later time.

In either mode, Mercury will always accept mail addressed to any local address. Similarly, mail to any address for which Mercury holds an alias will also be accepted, even if the alias resolves to a non-local address. Both modes can be overridden by an optional requirement for SMTP authentication (see below for more information).

In normal anti-relaying mode, Mercury will accept mail for delivery if either the recipient or the originator has a local e-mail address. If neither address is local, Mercury will compare the IP address of the connecting host to its connection control list (see above): if it finds an "allow" entry in that list that explicitly includes the connecting machine, then it will accept the mail, otherwise it will be failed with a diagnostic like "553 - We do not relay...".

In strict anti-relaying mode, Mercury follows the normal rules described above, but if the "From" address appears to be local, then Mercury will search the connection control list and will only accept the mail if an "allow" entry appears that explicitly permits the connecting host. Note that enabling strict mode automatically checks and disables the normal mode button as well.

The difference between the two modes is that normal mode requires less setup and maintenance, but is less secure, while strict mode practically guarantees that no unauthorised relaying can occur at the expense of having to manage a list of permitted relay hosts.

When you configure Mercury to operate in strict mode, you must ensure that you add "allow" entries to your connection control list for every machine that is to be permitted to relay mail via this copy of Mercury. Note that this does NOT mean that you have to enter the address of every machine from which you want to accept mail - mail to local recipients is always accepted, regardless of the relaying mode. Strict mode only requires "allow" entries for machines from which Mercury is to accept mail to be delivered to non-local addresses. Please note that this use of the allow/refuse list is an overload - that is, it means that the allow/refuse list is being used for two separate purposes, connection control and relaying control. This overloading is possible because relay control only uses allow entries, and any host that can relay from your machine is by definition also allowed to connect to it. You should never use refuse entries to handle relay control - only allow entries.

It is almost always safe to turn on normal anti-relaying mode.

Authenticated SMTP

Mercury supports an Internet standard called Authenticated SMTP: when this feature is enabled, Mercury will advertise to connecting clients that it can accept SMTP authentication. If a client then authenticates correctly, it will be allowed to relay. Pegasus Mail and other widely-used Internet mail clients support authenticated SMTP, and it is an excellent way of allowing your roving users to use your server without opening yourself to relay abuse. Mercury supports three Authentication methods - CRAM-MD5, PLAIN and LOGIN, although LOGIN and PLAIN are very weak and you should avoid clients that use them.

Authenticated SMTP requires that both the client and server have access to a common password. For that reason, you need to provide Mercury with a list of usernames and the passwords that correspond to them - Mercury typically cannot get this information from the operating system for security reasons. Enter the name of the file where Mercury should store the user/password combinations, then click the Edit button to edit it. Each line contains one username/password pair.

Important note:  There is nothing that requires you to have a different SMTP Authentication password for every user on your system, nor is there anything that says that your SMTP Authentication username has to match any real user on your system. If you wish, it is perfectly permissible for you to set up a single AUTH username/password pair and provide it to all your users, although clearly this will have some ramifications for security.

If you check the control marked Authenticated SMTP connections may relay mail, then any authenticated connection (one where the user has provided any valid username/password pair defined in your SMTP Authentication file) will be permitted to relay messages even if it would otherwise have been prevented from doing so by either the normal or strict relaying tests (see above).

If you check the control marked Only Authenticated SMTP connections may relay mail, then SMTP authentication becomes mandatory for relaying - a non-authenticated connection will not be permitted to relay mail even if it would otherwise have been permitted to do so by either the normal or strict relaying tests. Because this option supersedes all other tests, selecting it will check and disable the other three controls in the group.

<p>From the Help:</p><p> </p><p>Controlling relaying SMTP relaying was originally the standard method of propagating mail on the Internet: in normal operation, an SMTP host would accept any message destined for any user, even if that user was not a local user on the system: after it had accepted the message, it would relay it to the correct host for delivery. Mail agents like Pegasus Mail and Outlook) routinely depend on relaying to send mail - in essence, a smaller client (Pegasus Mail or Outlook) is asking a larger implementation (in this case, Mercury) to send the mail on its behalf. In recent years, relaying has been abused by perpetrators of mass unsolicited commercial e-mail (or "spam"), and many sites wish to control the way relaying is managed. Mercury provides two anti-relaying modes, normal and strict. Normal mode is turned on by checking the control labelled "Do not permit SMTP relaying of non-local mail". Strict mode is turned on by also checking the control labelled "Use strict local relaying restrictions". The default mode is Normal relaying control, although this can be overridden during installation and at any later time. In either mode, Mercury will always accept mail addressed to any local address. Similarly, mail to any address for which Mercury holds an alias will also be accepted, even if the alias resolves to a non-local address. Both modes can be overridden by an optional requirement for SMTP authentication (see below for more information). In normal anti-relaying mode, Mercury will accept mail for delivery if either the recipient or the originator has a local e-mail address. If neither address is local, Mercury will compare the IP address of the connecting host to its connection control list (see above): if it finds an "allow" entry in that list that explicitly includes the connecting machine, then it will accept the mail, otherwise it will be failed with a diagnostic like "553 - We do not relay...". In strict anti-relaying mode, Mercury follows the normal rules described above, but if the "From" address appears to be local, then Mercury will search the connection control list and will only accept the mail if an "allow" entry appears that explicitly permits the connecting host. Note that enabling strict mode automatically checks and disables the normal mode button as well. The difference between the two modes is that normal mode requires less setup and maintenance, but is less secure, while strict mode practically guarantees that no unauthorised relaying can occur at the expense of having to manage a list of permitted relay hosts. When you configure Mercury to operate in strict mode, you must ensure that you add "allow" entries to your connection control list for every machine that is to be permitted to relay mail via this copy of Mercury. Note that this does NOT mean that you have to enter the address of every machine from which you want to accept mail - mail to local recipients is always accepted, regardless of the relaying mode. Strict mode only requires "allow" entries for machines from which Mercury is to accept mail to be delivered to non-local addresses. Please note that this use of the allow/refuse list is an overload - that is, it means that the allow/refuse list is being used for two separate purposes, connection control and relaying control. This overloading is possible because relay control only uses allow entries, and any host that can relay from your machine is by definition also allowed to connect to it. You should never use refuse entries to handle relay control - only allow entries. It is almost always safe to turn on normal anti-relaying mode. Authenticated SMTP Mercury supports an Internet standard called Authenticated SMTP: when this feature is enabled, Mercury will advertise to connecting clients that it can accept SMTP authentication. If a client then authenticates correctly, it will be allowed to relay. Pegasus Mail and other widely-used Internet mail clients support authenticated SMTP, and it is an excellent way of allowing your roving users to use your server without opening yourself to relay abuse. Mercury supports three Authentication methods - CRAM-MD5, PLAIN and LOGIN, although LOGIN and PLAIN are very weak and you should avoid clients that use them. Authenticated SMTP requires that both the client and server have access to a common password. For that reason, you need to provide Mercury with a list of usernames and the passwords that correspond to them - Mercury typically cannot get this information from the operating system for security reasons. Enter the name of the file where Mercury should store the user/password combinations, then click the Edit button to edit it. Each line contains one username/password pair. Important note:  There is nothing that requires you to have a different SMTP Authentication password for every user on your system, nor is there anything that says that your SMTP Authentication username has to match any real user on your system. If you wish, it is perfectly permissible for you to set up a single AUTH username/password pair and provide it to all your users, although clearly this will have some ramifications for security. If you check the control marked Authenticated SMTP connections may relay mail, then any authenticated connection (one where the user has provided any valid username/password pair defined in your SMTP Authentication file) will be permitted to relay messages even if it would otherwise have been prevented from doing so by either the normal or strict relaying tests (see above). If you check the control marked Only Authenticated SMTP connections may relay mail, then SMTP authentication becomes mandatory for relaying - a non-authenticated connection will not be permitted to relay mail even if it would otherwise have been permitted to do so by either the normal or strict relaying tests. Because this option supersedes all other tests, selecting it will check and disable the other three controls in the group. </p>

thx. but this help cant help me...

i try pegasus mail client then it works...

why becky mail client not work....??

 

<P>thx. but this help cant help me...</P> <P>i try pegasus mail client then it works...</P> <P>why becky mail client not work....??</P> <P mce_keep="true"> </P>

why becky mail client not work....??

1.  the AUTH command is an ESMTP command and Becky may be only SMTP.

2.  Becky may not have been setup to use the AUTH command.

Turn on session logging in MercuryS and then send mail with Becky.  If it uses the HELO instead of the EHLO greeting it's doing SMTP.

Edit: I just downloaded the latest version of Becky and it does support both CRAM-MD5 and the ESMTP AUTH command.  I could not get it to connect via IMAP4 though.

 

<blockquote>why becky mail client not work....??</blockquote><p>1.  the AUTH command is an ESMTP command and Becky may be only SMTP.</p><p>2.  Becky may not have been setup to use the AUTH command.</p><p>Turn on session logging in MercuryS and then send mail with Becky.  If it uses the HELO instead of the EHLO greeting it's doing SMTP.</p><p><i><b>Edit:</b></i> I just downloaded the latest version of Becky and it does support both CRAM-MD5 and the ESMTP AUTH command.  I could not get it to connect via IMAP4 though. </p><p> </p>

what did you set up in becky?

teach me please....

 

<P>what did you set up in becky?</P> <P>teach me please....</P> <P mce_keep="true"> </P>

[quote user="teemeekiew"]

thx. but this help cant help me...

i try pegasus mail client then it works...

why becky mail client not work....??

 

[/quote]

Does this mean that your Mercury server is still open to relaying without AUTH ?

[quote user="teemeekiew"]<p>thx. but this help cant help me...</p> <p>i try pegasus mail client then it works...</p> <p>why becky mail client not work....??</p> <p mce_keep="true"> </p><p>[/quote]</p><p>Does this mean that your Mercury server is still open to relaying without AUTH ? </p>

i already checked at "Authenticated SMTP connections may relay mail"

but it still not work

that setup is right?

<P>i already checked at "Authenticated SMTP connections may relay mail" </P> <P>but it still not work</P> <P>that setup is right?</P>

Have you checked "Do not permit SMTP relaying of non-local mail"

AND checked "Use strict local relaying restrictions" ?

 

<p>Have you checked "Do not permit SMTP relaying of non-local mail"</p><p>AND checked "Use strict local relaying restrictions" ?</p><p> </p>

what did you set up in becky?

Tools |  Mailbox setup and set the account to use CRAM-MD5 authentication in the 'account' tab and ESMTP in the 'misc' tab.

http://tstephenson.com/pegasus/becky-account

http://tstephenson.com/pegasus/becky-misc

<blockquote>what did you set up in becky?</blockquote><p>Tools |  Mailbox setup and set the account to use CRAM-MD5 authentication in the 'account' tab and ESMTP in the 'misc' tab. </p><p><a href="http://tstephenson.com/pegasus/becky-account%20" mce_href="http://tstephenson.com/pegasus/becky-account ">http://tstephenson.com/pegasus/becky-account </a></p><p><a href="http://tstephenson.com/pegasus/becky-misc%20" mce_href="http://tstephenson.com/pegasus/becky-misc ">http://tstephenson.com/pegasus/becky-misc </a> </p>

yes ...

i already checked them

T_T

<P>yes ...</P> <P>i already checked them</P> <P>T_T</P>

... then the only way anyone could send without authenticating, is if you have a connection control entry that exempts the IP address (or range) from having to.

... then the only way anyone could send without authenticating, is if you have a connection control entry that exempts the IP address (or range) from having to.

Do you mean Becky not support SMTP AUTH?

What should i do for use SMTP AUTH?

T_T

<P>Do you mean Becky not support SMTP AUTH?</P> <P>What should i do for use SMTP AUTH?</P> <P>T_T</P>

I have no idea what Becky can or can't do, I was addressing your question relating to Mercury allowing un-authenticated relaying.

Thomas tried Becky (as above) and says it can do SMTP AUTH.

<p>I have no idea what Becky can or can't do, I was addressing your question relating to Mercury allowing un-authenticated relaying.</p><p>Thomas tried Becky (as above) and says it can do SMTP AUTH. </p>

[quote user="Thomas R. Stephenson"]

what did you set up in becky?

Tools |  Mailbox setup and set the account to use CRAM-MD5 authentication in the 'account' tab and ESMTP in the 'misc' tab.

http://tstephenson.com/pegasus/becky-account

http://tstephenson.com/pegasus/becky-misc

[/quote]

Yes, I set follow that but seem like mercury dont read AUTH file that keep user and password for checking AUTH

any user can send mail.

T_T 

 

[quote user="Thomas R. Stephenson"] <BLOCKQUOTE>what did you set up in becky?</BLOCKQUOTE> <P>Tools |  Mailbox setup and set the account to use CRAM-MD5 authentication in the 'account' tab and ESMTP in the 'misc' tab. </P> <P><A href="http://tstephenson.com/pegasus/becky-account%20" mce_href="http://tstephenson.com/pegasus/becky-account ">http://tstephenson.com/pegasus/becky-account </A></P> <P><A href="http://tstephenson.com/pegasus/becky-misc%20" mce_href="http://tstephenson.com/pegasus/becky-misc ">http://tstephenson.com/pegasus/becky-misc </A> </P> <P>[/quote]</P> <P>Yes, I set follow that but seem like mercury dont read AUTH file that keep user and password for checking AUTH</P> <P>any user can send mail.</P> <P>T_T </P> <P mce_keep="true"> </P>

Yes, I set follow that but seem like mercury don't read AUTH file that keep user and password for checking AUTH

any user can send mail.

Sounds like you have not turned off relaying.  Show us the {MercuryS] section of your mercury.ini  file.  Here's one of mine.  I've flagged the critical parts for turning off relaying, setting strict relaying, turning on AUTH and setting the AUTH username and password file.

 

[MercuryS]
Debug : 1
Logfile : C:\MERCURY\Logs\MERCURYS\MS~y~m~d.LOG
Timeout : 300
Relay : 0
Strict_Relay : 1
Alt_Server_Port : 587
Allow_Illegals : 0
SMTP_Authentication : 1
Auth_File : c:\mercury\pass.txt
Session_logging : c:\mercury\logs\mercurys
Session_logmode : 0
Compliance_Settings : 0
Maximum_Failed_Rcpts : 4
Max_Relay_Attempts : 4
SSL_Mode : 0
ST_Blacklisting : 0
No_VRFY : 0
SMTP_ConnFlags : 0
<blockquote><p>Yes, I set follow that but seem like mercury don't read AUTH file that keep user and password for checking AUTH</p><p>any user can send mail.</p></blockquote><p>Sounds like you have not turned off relaying.  Show us the {MercuryS] section of your mercury.ini  file.  Here's one of mine.  I've flagged the critical parts for turning off relaying, setting strict relaying, turning on AUTH and setting the AUTH username and password file. </p><p> </p>[MercuryS] Debug : 1 Logfile : C:\MERCURY\Logs\MERCURYS\MS~y~m~d.LOG Timeout : 300 <b>Relay : 0</b> <b>Strict_Relay : 1</b> Alt_Server_Port : 587 Allow_Illegals : 0 <b>SMTP_Authentication : 1</b> <b>Auth_File : c:\mercury\pass.txt</b> Session_logging : c:\mercury\logs\mercurys Session_logmode : 0 Compliance_Settings : 0 Maximum_Failed_Rcpts : 4 Max_Relay_Attempts : 4 SSL_Mode : 0 ST_Blacklisting : 0 No_VRFY : 0 SMTP_ConnFlags : 0

I set like you all.... but still cant

 now, mail server and mail client is on 1 computer .

that is the problem?

and version of becky is 2.45

and 1 thing that wanna know ... when you sent mail from becky and type wrong pass with auth file on server , how about the result?

thx. so much 

 

<P>I set like you all.... but still cant</P> <P> now, mail server and mail client is on 1 computer .</P> <P>that is the problem?</P> <P>and version of becky is 2.45</P> <P>and 1 thing that wanna know ... when you sent mail from becky and type wrong pass with auth file on server , how about the result?</P> <P>thx. so much </P> <P mce_keep="true"> </P>

 now, mail server and mail client is on 1 computer .

that is the problem?

No, not a problem at all.

 and version of Becky is 2.45

Mine is 2.48.1

and 1 thing that wanna know ... when you sent mail from Becky and type

wrong pass with auth file on server , how about the result?

I get the  "Cannot relay" error when trying to relay.  Are you sure that you are getting to MercuryS on Mercury/32?  Do you see the connection from Becky on the console? Could you provide a MercuryS session log containing a Becky transaction?

 

<blockquote><p> now, mail server and mail client is on 1 computer .</p> <p>that is the problem?</p></blockquote><p>No, not a problem at all.</p><blockquote><p> and version of Becky is 2.45</p></blockquote><p>Mine is 2.48.1</p><blockquote><p>and 1 thing that wanna know ... when you sent mail from Becky and type wrong pass with auth file on server , how about the result?</p></blockquote><p>I get the  "Cannot relay" error when trying to relay.  Are you sure that you are getting to MercuryS on Mercury/32?  Do you see the connection from Becky on the console? Could you provide a MercuryS session log containing a Becky transaction?</p><p> </p>

Yes i see the connection from Becky on the console.. like this..................

 -----------------------------------------------------------------------------

Connection from 127.0.0.1, Mon Oct 27 10:16:30 2008

EHLO [127.0.0.1]

AUTH CRAM-MD5

RSET

MAIL FROM:< test@mail.mercury >

RCPT TO: < ake@mail.mercury >

DATA

DATA - 16 lines,500 bytes

Quit

4 sec. elapsed, connection closed Mon Oct 27 10:16:34 2008

---------------------------------------------------------------------

But like Server dont read auth file that keep the pair of username and password

what wrong with connection?

OS is Windows2000

thx. for your help

&lt;P&gt;Yes i see the connection from Becky on the console.. like this..................&lt;/P&gt; &lt;P&gt;&amp;nbsp;-----------------------------------------------------------------------------&lt;/P&gt; &lt;P&gt;Connection from 127.0.0.1, Mon Oct 27 10:16:30 2008&lt;/P&gt; &lt;P&gt;EHLO [127.0.0.1]&lt;/P&gt; &lt;P&gt;AUTH CRAM-MD5&lt;/P&gt; &lt;P&gt;RSET&lt;/P&gt; &lt;P&gt;MAIL FROM:&amp;lt; test@mail.mercury &amp;gt;&lt;/P&gt; &lt;P&gt;RCPT TO: &amp;lt; ake@mail.mercury&amp;nbsp;&amp;gt;&lt;/P&gt; &lt;P&gt;DATA&lt;/P&gt; &lt;P&gt;DATA - 16 lines,500 bytes&lt;/P&gt; &lt;P&gt;Quit&lt;/P&gt; &lt;P&gt;4 sec. elapsed, connection closed Mon Oct 27 10:16:34 2008&lt;/P&gt; &lt;P&gt;---------------------------------------------------------------------&lt;/P&gt; &lt;P&gt;But like Server dont read auth file that keep the pair of username and password&lt;/P&gt; &lt;P&gt;what wrong with connection?&lt;/P&gt; &lt;P&gt;OS is Windows2000&lt;/P&gt; &lt;P&gt;thx. for your help&lt;/P&gt;
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft