setting user ACLs on SMTP using Basic Authentication -- iis smtp nntp

iis smtp nntp : setting user ACLs on SMTP using Basic Authentication

Bob H
8/8/2007 1:52:06 PM

I'm using IIS 6 on Server 2003 set up a SMTP relay server for some network
devices to use to send logs and alerts. These devices are not windows based
and are dynamically IP addressed so I am stuck with basic authentication.

This server is a stand alone and not in an AD.

The problem is that when I go to the Access tab, and select the
Authentication button there is no "Users" button to set up users with access.
I work mostly with Exchange and I know that this is a choice on the SMTP
servers. Where or how can I set up ACLs for local users to access and relay?

I did try to test just in case all local users get access once authenticaed
but that failed.

Am I missing something basic here?

Thanks for your help.

Sanford Whiteman
8/9/2007 1:14:36 AM

[quoted text, click to view]

No, there is not. As you wondered, local SAM users may authenticate.
However, you are likely not authenticating correctly. You may have
figured out that you will not be able to use Integrated Windows
Authentication from a typical dumb device with an SMTP client module. You
will have to use basic, but this means with IIS SMTP that your devices
_must_ use the unencrypted AUTH LOGIN mechanism. The popular CRAM
mechanisms are not supported.

Have you tested authentication using several mechanisms from a more robust
mail client that is known to support several (such as Opera or The Bat!)?
Can you tell us what mechanisms are being attempted by your network
devices (use netmon)?

Bob H
8/9/2007 10:14:01 AM

Sandy,
Thanks for the info.

I'm using a VB Script that uses CDO to test with. I'm not sure which auth
method CDO uses. A sample of the related script items is below. I'll set
up a capture to see what is really going on.

Thanks, Bob

Script snipet:
Set objMail = CreateObject("CDO.Message")
'Type of authentication, NONE - 0, Basic (Base64 encoded) 1, NTLM 2
objMail.Configuration.Fields.Item
_("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
objMail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusername") = "username"
objMail.Configuration.Fields.Item
_("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "password"
'Use SSL for the connection (False or True)
objMail.Configuration.Fields.Item
_("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False

[quoted text, click to view]

Sanford Whiteman
8/9/2007 9:48:43 PM

[quoted text, click to view]
1

Base64 is AUTH LOGIN, which IIS SMTP supports when Basic Authentication =
is =

enabled.

What do you see in your IIS logs when you do this CDO test? Are you abl=
e =

to authenticate, and thus to relay)?

If (as expected, since it's MS-to-MS) an AUTH LOGIN session works from =

CDO, while an AUTH session from your network devices does not: this =

establishes that your network devices don't support the LOGIN mechanism.=
=

Your logs will correlate with this same finding.

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about iis smtp nntp

home · blog · groups

Questions? Comments? Contact the dn