smtp authentication - listener

ivana.bagaric1 · ‎09-24-2015

I would like to set up SMTP authentication with the LDAP server on ESA-C370 for our users , who are connected remotely. Currently, we allow SMTP relay (anonymous) for all users who are connected to our network.

We have defined two interfaces (on the same ethernet port Data 1 with the IP addresses on the same vlan) and two listeners - Incoming (Public – port 25) for incomming messages and outgoing (Private – port 25) for Outgoing messages. We need to set up SMTP authentication on the listener on the different port (probably 26). Could we configure SMTP authentication on existing listeners (which, incomming or outgoing?) or we need to define a separate interface and a separate listener?

Thanks

Hrvoje (Harry) Dogan · ‎09-29-2015

Hi Ivana,

You can define SMTP authentication on your existing Public listener (on port 25). Just edit the Default Policy Parameters of your Mail Flow Policies and enable it there. I would recommend to also configure TLS as preferred, and check the box "require TLS to offer authentication" (or something like that :)), since basic SMTP authentication is plain text.

Also, unless you have a valid reason, you may consider consolidating your setup to a single listener for both Incoming and Outgoing mail. The two-listener setup is typical for long-running ESA deployments (i.e. that's how we did it in the past :)), but for a while now we can use the same listener for both directions.

If you want to be fully RFC compliant, run a separate listener *only* for authenticated connections - have a simple HAT, accept all connections, but *require* TLS and authentication on it, and run it on port 587.

Hope that helps!