Please Add SMTP Authentication and Custom Port Support

ParisDragon · Wed May 24, 2006 11:06 pm

Unless I am missing something you can not use SMTP authentication or alternate port numbers to send to mail servers. We enforce SMTP authentication to prevent spammers from using our mail servers without an account, even though we have relay disabled. The reason is most spyware doesnt utilize SMTP authentication, YET and so it is stopped. Also using an alternate port would allow special servers to hide on those ports for sending email. Now I could just make the from address something else, however our mail server does a reverse look up to verify the sender is a legit account and if it is a local account it isnt allowed without SMTP auth. The other issue if I make it originate from say a hotmail account it would then ask hotmail's DNS if the SPF allowed hotmail emails to come from that IP, which it most certainly would not and then be blocked.

If I allow a bypass for the Mikrotiks IP then every NAT customer behind it could then freely send email through our servers, meaning their spyware would then freeflow the outbound stuff.

changeip · Thu May 25, 2006 12:39 am

I second that.

Have you tried using SRC-NAT to change from port 25 to the alternate port? Never tried but that should also work for changing the outbound port at least. SMTP AUTH would be very nice addition though.

Sam

ParisDragon · Thu May 25, 2006 1:09 am

Yes I had, but once again all email coming from NATed customers inside use that address going outbound and they get converted, so the solution doesnt work for what I need.

changeip · Thu May 25, 2006 1:26 am

Can you src-nat on the outbound chain - that would just grab anything generated on the local MT not the forward traffic... just a thought- without looking at it directly I cant remember if thats doable.

Sam

pike · Fri Jun 23, 2006 11:11 am

SMTP Authentication will be great! :-)

jarosoup · Sat Jun 24, 2006 3:59 am

We have been needing this feature for a few years now. Come on Mikrotik, can't you put your Dude developers on this for just a week?

leequince · Sun Jun 25, 2006 12:00 am

Just port a drop rule in the forward table for the customer IP range to the IP of the server!!! Etc.. for Port 25 Traffic

Lee

lrhea · Tue Jul 18, 2006 7:45 pm

Just port a drop rule in the forward table for the customer IP range to the IP of the server!!! Etc.. for Port 25 Traffic

Lee

That would mean any spyware infected user could relay through our server, no thank you, been there, done that, got the sleepness night to prove it.

lquince · Wed Jul 19, 2006 3:25 pm

Ok being dumb ir somethig, but all you are doing is a dst-nat + src-nat??? Correct... Then just setup auth on the smtp server for the src ip of the mt interface.. That way you just give your customer the details for login..

ParisDragon · Wed Jul 19, 2006 4:49 pm

Ok being dumb ir somethig, but all you are doing is a dst-nat + src-nat??? Correct... Then just setup auth on the smtp server for the src ip of the mt interface.. That way you just give your customer the details for login..

Real world IPs are valuable, I would need to waste 1 extra IP per box or ALLOW all clients behind NAT to them be able to relay. That isnt a problem until they get infected or spyware on their system, relay then through the server as they would be an allowed IP address, which then gets our mail servers on spam lists, no thanks.

Right now my solution is an extra IP per box so that the NAT (clients) send from a different IP and MUST use SMTP authentication, the mikrotik itself now sends from a different IP and is allowed. This however is wasting 1 Real World IP per Mikrotik just for the ability to send email, where if Mikrotik would add SMTP authentication support I could save those IPs, not to mention some of them are wasting more because I use small 4 IP subnets (2 usable IPs), but with 2 IPs needed per mikrotik, plus the link IP, I end up wasting a 6 IP subnet (4 usable).

I made this post as a request to save the IPs/hassle of customizing a mail server for a feature availiable in every email client (including linux) in the past 5 years.

ParisDragon · Wed Jul 19, 2006 4:50 pm

I had an idea to see if a script could telnet into something and issue commands based on text returned so I could customer right my SMTP authentication routing, with little luck so far. I dont see the ability to telnet in scripting.

snark · Fri Oct 19, 2007 8:12 pm

SMTP Authentication will be great!

+1
agree

diaan1 · Fri Oct 19, 2007 9:47 pm

So do I!

Please Add SMTP Authentication and Custom Port Support

Please Add SMTP Authentication and Custom Port Support

Easyier answer,,

Re: Easyier answer,,

Re:

Re: Please Add SMTP Authentication and Custom Port Support

Who is online