Community Discussions and Support
Odp: SMTP relay authentication using POP3 accounts & passwords

Not saying that speculation is bad, but the decision is firm and the January turmoil is history.

Pegasus Mail lives on donations. Mercury will soon live on license fees.

With the above comment, I'm locking this thread since the content now is far away from the topic at hand.

 

<P>Not saying that speculation is bad, but the decision is firm and the January turmoil is history. </P> <P>Pegasus Mail lives on donations. Mercury will soon live on license fees.</P> <P>With the above comment, I'm locking this thread since the content now is far away from the topic at hand.</P> <P mce_keep="true"> </P>

I’m looking for the setting or process that tells the SMTP server to use the POP3 account names & passwords for relay authentication.  On other servers this feature is usually a checkbox underneath the “Use SMTP authentication” option.  However I don’t see such an option in MercuryS.  I also checked through the MercuryP options, thinking there might be a “Create SMTP authentication password file” option, but didn’t see anything like that either.  I didn’t see such a feature described in the help.

 <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

I’ve searched through the forum and haven’t been able to find a similar question.

 

Is there anyway to do this or do I really have to manually maintain the SMTP authentication password file?

 

Thanks for the help!

 

 

&lt;P class=MsoNormal style=&quot;MARGIN: 0in 0in 0pt&quot;&gt;&lt;FONT face=&quot;Times New Roman&quot; size=3&gt;I&rsquo;m looking for the setting or process that tells the SMTP server to use the POP3 account names &amp;amp; passwords for relay authentication.&lt;SPAN style=&quot;mso-spacerun: yes&quot;&gt;&amp;nbsp; &lt;/SPAN&gt;On other servers this feature is usually a checkbox underneath the &ldquo;Use SMTP authentication&rdquo; option.&lt;SPAN style=&quot;mso-spacerun: yes&quot;&gt;&amp;nbsp; &lt;/SPAN&gt;However I don&rsquo;t see such an option in MercuryS.&lt;SPAN style=&quot;mso-spacerun: yes&quot;&gt;&amp;nbsp; &lt;/SPAN&gt;I also checked through the MercuryP options, thinking there might be a &ldquo;Create SMTP authentication password file&rdquo; option, but didn&rsquo;t see anything like that either.&lt;SPAN style=&quot;mso-spacerun: yes&quot;&gt;&amp;nbsp; &lt;/SPAN&gt;I didn&rsquo;t see such a feature described in the help.&lt;/FONT&gt;&lt;/P&gt; &lt;P class=MsoNormal style=&quot;MARGIN: 0in 0in 0pt&quot;&gt;&lt;FONT size=3&gt;&lt;FONT face=&quot;Times New Roman&quot;&gt;&amp;nbsp;&lt;?xml:namespace prefix = o ns = &quot;urn:schemas-microsoft-com:office:office&quot; /&gt;&lt;o:p&gt;&lt;/o:p&gt;&lt;/FONT&gt;&lt;/FONT&gt;&lt;/P&gt; &lt;P class=MsoNormal style=&quot;MARGIN: 0in 0in 0pt&quot;&gt;&lt;FONT face=&quot;Times New Roman&quot; size=3&gt;I&rsquo;ve searched through the forum and haven&rsquo;t been able to find a similar question.&lt;/FONT&gt;&lt;/P&gt; &lt;P class=MsoNormal style=&quot;MARGIN: 0in 0in 0pt&quot;&gt;&lt;FONT size=3&gt;&lt;FONT face=&quot;Times New Roman&quot;&gt;&amp;nbsp;&lt;o:p&gt;&lt;/o:p&gt;&lt;/FONT&gt;&lt;/FONT&gt;&lt;/P&gt; &lt;P class=MsoNormal style=&quot;MARGIN: 0in 0in 0pt&quot;&gt;&lt;FONT face=&quot;Times New Roman&quot; size=3&gt;Is there anyway to do this or do I really have to manually maintain the SMTP authentication password file?&lt;/FONT&gt;&lt;/P&gt; &lt;P class=MsoNormal style=&quot;MARGIN: 0in 0in 0pt&quot; mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt; &lt;P class=MsoNormal style=&quot;MARGIN: 0in 0in 0pt&quot;&gt;&lt;SPAN style=&quot;FONT-SIZE: 12pt; FONT-FAMILY: &#039;Times New Roman&#039;; mso-fareast-font-family: &#039;Times New Roman&#039;; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA&quot;&gt;Thanks for the help!&lt;/SPAN&gt;&lt;/P&gt; &lt;P&gt;&lt;SPAN style=&quot;FONT-SIZE: 12pt; FONT-FAMILY: &#039;Times New Roman&#039;; mso-fareast-font-family: &#039;Times New Roman&#039;; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA&quot;&gt;&lt;/SPAN&gt;&amp;nbsp;&lt;/P&gt; &lt;P&gt;&lt;SPAN style=&quot;FONT-SIZE: 12pt; FONT-FAMILY: &#039;Times New Roman&#039;; mso-fareast-font-family: &#039;Times New Roman&#039;; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA&quot;&gt;&lt;/SPAN&gt;&amp;nbsp;&lt;/P&gt;

It's under MercuryS connection control tab.  Third item on the list after you have checked the first two item to turn off relaying.  There is nothing to tell you to use the users passwd.pm file since that's not used with Netware.

 

 

&lt;p&gt;It&#039;s under MercuryS connection control tab.&amp;nbsp; Third item on the list after you have checked the first two item to turn off relaying.&amp;nbsp; There is nothing to tell you to use the users passwd.pm file since that&#039;s not used with Netware.&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

Thanks for the response.  I don't quite understand.  Are you saying that there IS a way to use POP3 account names and passwords, or are you saying that this function doesn't exist?

BTW I'm using Windows XP, if that helps.

Thanks.

 

&lt;P&gt;Thanks for the response.&amp;nbsp; I don&#039;t quite understand.&amp;nbsp; Are you saying that there &lt;STRONG&gt;IS&lt;/STRONG&gt; a way to use POP3 account names and passwords, or are you saying that&amp;nbsp;this function doesn&#039;t exist?&lt;/P&gt; &lt;P&gt;BTW I&#039;m using Windows XP, if that helps.&lt;/P&gt; &lt;P&gt;Thanks.&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

[quote user="Graystar"]

Thanks for the response.  I don't quite understand.  Are you saying that there IS a way to use POP3 account names and passwords, or are you saying that this function doesn't exist?

BTW I'm using Windows XP, if that helps.

Thanks.

 

[/quote]

 

You cannot use the username and password for the POP3 setup for the AUTH file unless you write something to extract the username and password and put it into the file used by SMTP AUTH. 

You can set a username and password in the SMTP AUTH file to be used to allow relaying.   If your mail client allow you to set this like is done in Pegasus Mail, you can have all users use the same username and password.  If you do not then you'll have to enter the username and password for each user manually.

 

[quote user=&quot;Graystar&quot;]&lt;p&gt;Thanks for the response.&amp;nbsp; I don&#039;t quite understand.&amp;nbsp; Are you saying that there &lt;b&gt;IS&lt;/b&gt; a way to use POP3 account names and passwords, or are you saying that&amp;nbsp;this function doesn&#039;t exist?&lt;/p&gt; &lt;p&gt;BTW I&#039;m using Windows XP, if that helps.&lt;/p&gt; &lt;p&gt;Thanks.&lt;/p&gt; &lt;p mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;[/quote]&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;You cannot use the username and password for the POP3 setup for the AUTH file unless you write something to extract the username and password and put it into the file used by SMTP AUTH.&amp;nbsp; You can set a username and password in the SMTP AUTH file to be used to allow relaying.&amp;nbsp;&amp;nbsp; If your mail client allow you to set this like is done in Pegasus Mail, you can have all users use the same username and password.&amp;nbsp; If you do not then you&#039;ll have to enter the username and password for each user manually. &lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

In the auth file you put username [one space] password. Each line makes a pair. So you can duplicate the authentication so that the information is the same as the pop3 acct/passwords your user knows about. We too would like a simple check-box instead or as add-on for this feature - since that is the most common way email clients set this up.

 /Peter

&lt;P&gt;In the auth file you put username [one space] password. Each line makes a pair. So you can duplicate the authentication so that the information is the same as the pop3 acct/passwords your user knows about. We too would like a simple check-box instead or as add-on for this feature - since that is the most common way email clients set this up.&lt;/P&gt; &lt;P&gt;&amp;nbsp;/Peter&lt;/P&gt;

Hello!

 But why POP can use username and password from NetWare system and SMTP can not?

 Regards.

Boguś

&lt;P&gt;Hello!&lt;/P&gt; &lt;P&gt;&amp;nbsp;But why POP can use username and password from NetWare system and SMTP can not?&lt;/P&gt; &lt;P&gt;&amp;nbsp;Regards.&lt;/P&gt; &lt;P&gt;Boguś&lt;/P&gt;

touché

It is on many peoples' wishlist...

&lt;P&gt;touch&eacute;&lt;/P&gt; &lt;P&gt;It is on many peoples&#039; wishlist...&lt;/P&gt;

[quote user="etalon"]

Hello!

 But why POP can use username and password from NetWare system and SMTP can not?

 Regards.

Boguś

[/quote]

 

Apples and Oranges.  Mercury/32 does not have access to the password data from Netware.  The POP3 server is just passing the username and password to the Netware system, there is no comparison made by Mercury/32.  With the ESMTP AUTH command Mercury/32 must decode and compare the stored username & password with the data submitted.  Now with a Windows system without Netware Mercury/32 can get the  password from the file and could probably use  it but that would require a re-write of the SMTP AUTH software so it would use different techniques for Netware and Windows.

That said, people are working on integrating Mercury/32 with Windows as well and then you'll be back in the same boat.

 

 

[quote user=&quot;etalon&quot;]&lt;p&gt;Hello!&lt;/p&gt; &lt;p&gt;&amp;nbsp;But why POP can use username and password from NetWare system and SMTP can not?&lt;/p&gt; &lt;p&gt;&amp;nbsp;Regards.&lt;/p&gt; &lt;p&gt;Boguś&lt;/p&gt;&lt;p&gt;[/quote]&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;Apples and Oranges.&amp;nbsp; Mercury/32 does not have access to the password data from Netware.&amp;nbsp; The POP3 server is just passing the username and password to the Netware system, there is no comparison made by Mercury/32.&amp;nbsp; With the ESMTP AUTH command Mercury/32 must decode and compare the stored username &amp;amp; password with the data submitted.&amp;nbsp; Now with a Windows system without Netware Mercury/32 can get the&amp;nbsp; password from the file and could probably use&amp;nbsp; it but that would require a re-write of the SMTP AUTH software so it would use different techniques for Netware and Windows.&lt;/p&gt;&lt;p&gt;That said, people are working on integrating Mercury/32 with Windows as well and then you&#039;ll be back in the same boat.&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

[quote user="Thomas R. Stephenson"]

Apples and Oranges.  Mercury/32 does not have access to the password data from Netware.  The POP3 server is just passing the username and password to the Netware system, there is no comparison made by Mercury/32.  With the ESMTP AUTH command Mercury/32 must decode and compare the stored username & password with the data submitted.  Now with a Windows system without Netware Mercury/32 can get the  password from the file and could probably use  it but that would require a re-write of the SMTP AUTH software so it would use different techniques for Netware and Windows.

That said, people are working on integrating Mercury/32 with Windows as well and then you'll be back in the same boat.

  [/quote]

 

Thomas,

almost all other mailservers do all this since years. There are no technical obstacles for this...

For me it's mostly a matter of judgement of the need for this. Both, the mailing list (since years now) and again also this forums shows that there's a long lasting need for. Of course it means developing work. But trying to discuss-away real need (like it's done with the IMAP bugs since years) do not solve anything.

 

(just my 2 cents)

 

[quote user=&quot;Thomas R. Stephenson&quot;]&lt;p&gt;Apples and Oranges.&amp;nbsp; Mercury/32 does not have access to the password data from Netware.&amp;nbsp; The POP3 server is just passing the username and password to the Netware system, there is no comparison made by Mercury/32.&amp;nbsp; With the ESMTP AUTH command Mercury/32 must decode and compare the stored username &amp;amp; password with the data submitted.&amp;nbsp; Now with a Windows system without Netware Mercury/32 can get the&amp;nbsp; password from the file and could probably use&amp;nbsp; it but that would require a re-write of the SMTP AUTH software so it would use different techniques for Netware and Windows.&lt;/p&gt;&lt;p&gt;That said, people are working on integrating Mercury/32 with Windows as well and then you&#039;ll be back in the same boat.&lt;/p&gt;&lt;p&gt;&amp;nbsp; [/quote]&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;Thomas,&lt;/p&gt;&lt;p&gt;almost all other mailservers do all this since years. There are no technical obstacles for this...&lt;/p&gt;&lt;p&gt;For me it&#039;s mostly a matter of judgement of the need for this. Both, the mailing list (since years now) and again also this forums shows that there&#039;s a long lasting need for. Of course it means developing work. But trying to discuss-away real need (like it&#039;s done with the IMAP bugs since years) do not solve anything.&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;(just my 2 cents)&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

Woah, are you serious?  I never knew this.  I had always assumed that the POP login was being used to authenticate SMTP transactions.  After some testing I see that I was wrong.  This means that anyone who knows a 'local' address can send email through it!  That's terrible!

A flat file is a horrible way to deal with this, it really needs to be improved soon.  You can't seriously expect a business to use Mercury for hundreds of users if they have to update a text file every time a password changes!?

I can assure you that authenticating against Novell is very easy, I've written two or three programs that do it.  It's already part of the POP module, there really shouldn't be a big issue with adding it to the SMTP module.

Don't take this the wrong way, but I *really* wish Mercury/Pegasus were open source.  /sigh

 

&lt;p&gt;Woah, are you serious?&amp;nbsp; I never knew this.&amp;nbsp; I had always assumed that the POP login was being used to authenticate SMTP transactions.&amp;nbsp; After some testing I see that I was wrong.&amp;nbsp; This means that anyone who knows a &#039;local&#039; address can send email through it!&amp;nbsp; That&#039;s terrible!&lt;/p&gt;&lt;p&gt;A flat file is a horrible way to deal with this, it really needs to be improved soon.&amp;nbsp; You can&#039;t seriously expect a business to use Mercury for hundreds of users if they have to update a text file every time a password changes!?&lt;/p&gt;&lt;p&gt;I can assure you that authenticating against Novell is very easy, I&#039;ve written two or three programs that do it.&amp;nbsp; It&#039;s already part of the POP module, there really shouldn&#039;t be a big issue with adding it to the SMTP module.&lt;/p&gt;&lt;p&gt;Don&#039;t take this the wrong way, but I *really* wish Mercury/Pegasus were open source.&amp;nbsp; /sigh &amp;nbsp;&lt;/p&gt;

> Woah, are you serious?  I never knew this.  I had always assumed
> that the POP login was being used to authenticate SMTP
> transactions.  After some testing I see that I was wrong.  This
> means that anyone who knows a 'local' address can send email through
> it!  That's terrible!

David Harris has implemented ESMTP AUTH CRAM-MD5 for WinPMail, Mercury and Mercury/32.  They do a SMTP authentication in accordance with RFCs 2554 and 2195.  Mercury and Mercury/32 also do the LOGIN and the strange MS AUTH=LOGIN.

The ESMTP authorization  uses more than a simple username.  It does not have to be the users username and password either.  I use the same one for all the users when coming in via SquirrelMail.  Many mail client also allow you to set ESMTP authorization username and password.

>
> A flat file is a horrible way to deal with this, it really needs to
> be improved soon.  You can't seriously expect a business to use
> Mercury for hundreds of users if they have to update a text file
> every time a password changes!?

I used Mercury/32 for hundreds of users on both Netware and Win32 in the corporate world and this one is a piece of cake to handle.

>
> I can assure you that authenticating against Novell is very easy,
> I've written two or three programs that do it.  It's already part of
> the POP module, there really shouldn't be a big issue with adding it
> to the SMTP module.

You can authenticate against the server but you do not get the username and password from the server to compare with the CRAM-MD5 string.  

>
> Don't take this the wrong way, but I *really* wish Mercury/Pegasus
> were open source.  /sigh

And how would David Harris make money developing, managing and updating this "open source" program?  

&amp;gt; Woah, are you serious?&amp;nbsp; I never knew this.&amp;nbsp; I had always assumed &amp;gt; that the POP login was being used to authenticate SMTP &amp;gt; transactions.&amp;nbsp; After some testing I see that I was wrong.&amp;nbsp; This &amp;gt; means that anyone who knows a &#039;local&#039; address can send email through &amp;gt; it!&amp;nbsp; That&#039;s terrible! David Harris has implemented ESMTP AUTH CRAM-MD5 for WinPMail, Mercury and Mercury/32.&amp;nbsp; They do a SMTP authentication in accordance with RFCs 2554 and 2195.&amp;nbsp; Mercury and Mercury/32 also do the LOGIN and the strange MS AUTH=LOGIN. The ESMTP authorization&amp;nbsp; uses more than a simple username.&amp;nbsp; It does not have to be the users username and password either.&amp;nbsp; I use the same one for all the users when coming in via SquirrelMail.&amp;nbsp; Many mail client also allow you to set ESMTP authorization username and password. &amp;gt; &amp;gt; A flat file is a horrible way to deal with this, it really needs to &amp;gt; be improved soon.&amp;nbsp; You can&#039;t seriously expect a business to use &amp;gt; Mercury for hundreds of users if they have to update a text file &amp;gt; every time a password changes!? I used Mercury/32 for hundreds of users on both Netware and Win32 in the corporate world and this one is a piece of cake to handle. &amp;gt; &amp;gt; I can assure you that authenticating against Novell is very easy, &amp;gt; I&#039;ve written two or three programs that do it.&amp;nbsp; It&#039;s already part of &amp;gt; the POP module, there really shouldn&#039;t be a big issue with adding it &amp;gt; to the SMTP module. You can authenticate against the server but you do not get the username and password from the server to compare with the CRAM-MD5 string. &amp;nbsp; &amp;gt; &amp;gt; Don&#039;t take this the wrong way, but I *really* wish Mercury/Pegasus &amp;gt; were open source.&amp;nbsp; /sigh And how would David Harris make money developing, managing and updating this &quot;open source&quot; program? &amp;nbsp;

[quote user="Thomas R. Stephenson"]

It does not have to be the users username and password either.  I use the same one for all the users when coming in via SquirrelMail.  Many mail client also allow you to set ESMTP authorization username and password.
[/quote]

Ok, I guess that's not so bad.  However, it would be much more secure to use the Novell passwords as each user has a unique pw, and they can be force-updated on a regular cycle.

[quote user="Thomas R. Stephenson"]

And how would David Harris make money developing, managing and updating this "open source" program?  

[/quote]

That's a good question.  I've never authored an Open Source project before, though I've worked on many.

I would like to point out that many people use Dave's software because it is free (as in beer).  If they are paying for it now, why would they be tempted to pay any less for a product that offers them more?  I would think that a corporation would be more willing to support a product that they can rely on to never disappear.  What happens if Dave decides to simply call it quits (he has threatened before)?  Will he sell Mercury to someone else?  How much will they charge?

An open source product will never die, and the price of usage is always the same.  I think most OS projects make money by prioritizing updates, and/or providing support.  Dave really only charges for support right now anyways, so he's really not doing anything different than the OS folks, other than preventing scores of developers from helping him for free.

You may find better answers from the authors of successful open source commercial projects like Zimbra, SugarCRM and the like.
&lt;p&gt;[quote user=&quot;Thomas R. Stephenson&quot;] It does not have to be the users username and password either.&amp;nbsp; I use the same one for all the users when coming in via SquirrelMail.&amp;nbsp; Many mail client also allow you to set ESMTP authorization username and password. [/quote]&lt;/p&gt;&lt;p&gt;Ok, I guess that&#039;s not so bad.&amp;nbsp; However, it would be much more secure to use the Novell passwords as each user has a unique pw, and they can be force-updated on a regular cycle. [quote user=&quot;Thomas R. Stephenson&quot;] And how would David Harris make money developing, managing and updating this &quot;open source&quot; program? &amp;nbsp; [/quote]&lt;/p&gt;&lt;p&gt;That&#039;s a good question.&amp;nbsp; I&#039;ve never authored an Open Source project before, though I&#039;ve worked on many. &lt;/p&gt;&lt;p&gt;I would like to point out that many people use Dave&#039;s software because it is free (as in beer).&amp;nbsp; If they are paying for it now, why would they be tempted to pay any less for a product that offers them more?&amp;nbsp; I would think that a corporation would be more willing to support a product that they can rely on to never disappear.&amp;nbsp; What happens if Dave decides to simply call it quits (he has threatened before)?&amp;nbsp; Will he sell Mercury to someone else?&amp;nbsp; How much will they charge? &lt;/p&gt;&lt;p&gt;An open source product will never die, and the price of usage is always the same.&amp;nbsp; I think most OS projects make money by prioritizing updates, and/or providing support.&amp;nbsp; Dave really only charges for support right now anyways, so he&#039;s really not doing anything different than the OS folks, other than preventing scores of developers from helping him for free. &lt;/p&gt;You may find better answers from the authors of successful open source commercial projects like Zimbra, SugarCRM and the like.
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft