Community discussions

MikroTik App
 
ParisDragon
newbie
Topic Author
Posts: 32
Joined: Wed May 24, 2006 9:52 pm
Location: NorthEast Texas, USA
Contact:

Please Add SMTP Authentication and Custom Port Support

Wed May 24, 2006 11:06 pm

Unless I am missing something you can not use SMTP authentication or alternate port numbers to send to mail servers. We enforce SMTP authentication to prevent spammers from using our mail servers without an account, even though we have relay disabled. The reason is most spyware doesnt utilize SMTP authentication, YET and so it is stopped. Also using an alternate port would allow special servers to hide on those ports for sending email. Now I could just make the from address something else, however our mail server does a reverse look up to verify the sender is a legit account and if it is a local account it isnt allowed without SMTP auth. The other issue if I make it originate from say a hotmail account it would then ask hotmail's DNS if the SPF allowed hotmail emails to come from that IP, which it most certainly would not and then be blocked.

If I allow a bypass for the Mikrotiks IP then every NAT customer behind it could then freely send email through our servers, meaning their spyware would then freeflow the outbound stuff.
 
changeip
Forum Guru
Forum Guru
Posts: 3823
Joined: Fri May 28, 2004 5:22 pm

Thu May 25, 2006 12:39 am

I second that.

Have you tried using SRC-NAT to change from port 25 to the alternate port? Never tried but that should also work for changing the outbound port at least. SMTP AUTH would be very nice addition though.

Sam
 
ParisDragon
newbie
Topic Author
Posts: 32
Joined: Wed May 24, 2006 9:52 pm
Location: NorthEast Texas, USA
Contact:

Thu May 25, 2006 1:09 am

Yes I had, but once again all email coming from NATed customers inside use that address going outbound and they get converted, so the solution doesnt work for what I need.
 
changeip
Forum Guru
Forum Guru
Posts: 3823
Joined: Fri May 28, 2004 5:22 pm

Thu May 25, 2006 1:26 am

Can you src-nat on the outbound chain - that would just grab anything generated on the local MT not the forward traffic... just a thought- without looking at it directly I cant remember if thats doable.

Sam
 
pike
just joined
Posts: 20
Joined: Mon Jun 07, 2004 11:02 pm
Location: Poland

Fri Jun 23, 2006 11:11 am

SMTP Authentication will be great! :-)
 
jarosoup
Long time Member
Long time Member
Posts: 600
Joined: Sun Aug 22, 2004 9:02 am

Sat Jun 24, 2006 3:59 am

We have been needing this feature for a few years now. Come on Mikrotik, can't you put your Dude developers on this for just a week? :lol:
 
leequince
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat May 27, 2006 1:10 pm

Easyier answer,,

Sun Jun 25, 2006 12:00 am

Just port a drop rule in the forward table for the customer IP range to the IP of the server!!! Etc.. for Port 25 Traffic

Lee
 
lrhea
just joined
Posts: 2
Joined: Sun May 21, 2006 7:43 am
Location: Paris Texas
Contact:

Re: Easyier answer,,

Tue Jul 18, 2006 7:45 pm

Just port a drop rule in the forward table for the customer IP range to the IP of the server!!! Etc.. for Port 25 Traffic

Lee
That would mean any spyware infected user could relay through our server, no thank you, been there, done that, got the sleepness night to prove it.
 
lquince
just joined
Posts: 16
Joined: Tue Jun 01, 2004 2:01 am
Location: London
Contact:

Wed Jul 19, 2006 3:25 pm

Ok being dumb ir somethig, but all you are doing is a dst-nat + src-nat??? Correct... Then just setup auth on the smtp server for the src ip of the mt interface.. That way you just give your customer the details for login..
 
ParisDragon
newbie
Topic Author
Posts: 32
Joined: Wed May 24, 2006 9:52 pm
Location: NorthEast Texas, USA
Contact:

Wed Jul 19, 2006 4:49 pm

Ok being dumb ir somethig, but all you are doing is a dst-nat + src-nat??? Correct... Then just setup auth on the smtp server for the src ip of the mt interface.. That way you just give your customer the details for login..
Real world IPs are valuable, I would need to waste 1 extra IP per box or ALLOW all clients behind NAT to them be able to relay. That isnt a problem until they get infected or spyware on their system, relay then through the server as they would be an allowed IP address, which then gets our mail servers on spam lists, no thanks.

Right now my solution is an extra IP per box so that the NAT (clients) send from a different IP and MUST use SMTP authentication, the mikrotik itself now sends from a different IP and is allowed. This however is wasting 1 Real World IP per Mikrotik just for the ability to send email, where if Mikrotik would add SMTP authentication support I could save those IPs, not to mention some of them are wasting more because I use small 4 IP subnets (2 usable IPs), but with 2 IPs needed per mikrotik, plus the link IP, I end up wasting a 6 IP subnet (4 usable).

I made this post as a request to save the IPs/hassle of customizing a mail server for a feature availiable in every email client (including linux) in the past 5 years.
 
ParisDragon
newbie
Topic Author
Posts: 32
Joined: Wed May 24, 2006 9:52 pm
Location: NorthEast Texas, USA
Contact:

Wed Jul 19, 2006 4:50 pm

I had an idea to see if a script could telnet into something and issue commands based on text returned so I could customer right my SMTP authentication routing, with little luck so far. I dont see the ability to telnet in scripting.
 
snark
newbie
Posts: 25
Joined: Fri Oct 19, 2007 3:47 pm

Re:

Fri Oct 19, 2007 8:12 pm

SMTP Authentication will be great! :-)
+1
agree
 
diaan1
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Tue Jun 12, 2007 7:31 pm

Re: Please Add SMTP Authentication and Custom Port Support

Fri Oct 19, 2007 9:47 pm

So do I!

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], Google [Bot], noemia, rodyeo and 79 guests