1

Topic: i can not do SMTP Authentication Query on SMG

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: ubuntu-14.04.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): ldap
- Web server (Apache or Nginx):apache
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====
I have a symantec messaging gateway infront of the iredmail.
I configured directory integration on the SMG. i can manage user validation query on smg.
But i can not do smtp authentication, I enabled debug on the openldap.
when i try to authenticate for a test user, i get an message;



Aug 24 23:21:01 mail slapd[12718]: conn=1043 fd=39 ACCEPT from IP=10.21.200.230:59633 (IP=0.0.0.0:389)
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=0 BIND dn="cn=vmailadmin,dc=ihlas,dc=local" method=128
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=0 BIND dn="cn=vmailadmin,dc=ihlas,dc=local" mech=SIMPLE ssf=0
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=0 RESULT tag=97 err=0 text=
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=1 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=1 SRCH attr=objectclass
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=2 SRCH base="dc=ihlas,dc=local" scope=2 deref=3 filter="(|(mail=yavuz.maslak@test.ipa.com.tr)(?mailAlternateAddress=yavuz.maslak@test.ipa.com.tr))"
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=2 SRCH attr=1.1 SSHA objectClass mail objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
Aug 24 23:21:01 mail slapd[12718]: conn=1043 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 24 23:21:01 mail slapd[12718]: conn=1044 fd=40 ACCEPT from IP=10.21.200.230:55222 (IP=0.0.0.0:389)
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=0 BIND dn="mail=yavuz.maslak@test.ipa.com.tr,ou=users,domainName=test.ipa.com.tr,o=domains,dc=ihlas,dc=local" method=128
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=0 BIND dn="mail=yavuz.maslak@test.ipa.com.tr,ou=Users,domainName=test.ipa.com.tr,o=domains,dc=ihlas,dc=local" mech=SIMPLE ssf=0
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=0 RESULT tag=97 err=0 text=
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=1 BIND anonymous mech=implicit ssf=0
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=1 BIND dn="" method=128
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=1 RESULT tag=97 err=0 text=
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=2 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=2 SRCH attr=objectclass
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Aug 24 23:21:01 mail slapd[12718]: conn=1044 op=3 UNBIND
Aug 24 23:21:01 mail slapd[12718]: conn=1044 fd=40 closed

For SMTP Authentication Query, on the SMG
As default, BaseDN is  dc=ihlas,dc=local
Query Filter is  (|(uid=%u)(mail=%s)(mailAlternateAddress=%s))
Primary email attribute (optional): is  mail
Authentication Method  is Simple Bind

when i try to authenticate with a user
i also  get as below;
- 800400 com.symantec.sms.dds.api.exception.DataAccessConnectionFailureException: Failure connecting to data source: Openldap Reason: Could not create a validated object at com.symantec.sms.dds.dao.SpringLDAP.ExceptionInspector.translateException(Exc

How can i manage to do authenticate successfully  on symantec messaging gateway?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: i can not do SMTP Authentication Query on SMG

Looks like your Symantec is weak (in sending email) and you may need this tutorial:
http://www.iredmail.org/docs/allow.user … ation.html

3

Re: i can not do SMTP Authentication Query on SMG

Unfortunately, although i configured it without authentication, it fails on the Smg.

I get an error
Failed to connect to LDAP server. Check the Control Center and DDS logs for details. DDS error code: 800400 Additional information returned by LDAP server: Failure connecting to data source: Openldap Reason: Could not create a validated object

whereas i can do Recipient Validation Query.

i think, slapd.conf or symantec messaging gateway causes this. But if i use microsoft active directory for the same job,no problem.

ZhangHuangbin wrote:

Looks like your Symantec is weak (in sending email) and you may need this tutorial:
http://www.iredmail.org/docs/allow.user … ation.html

4

Re: i can not do SMTP Authentication Query on SMG

iRedMail doesn't allow access to OpenLDAP service from external network, did you forget to update iptables firewall to allow port 389 (or 636)?

5

Re: i can not do SMTP Authentication Query on SMG

I had allowed access port 389. Already i can do user validation via ldapv3.

ZhangHuangbin wrote:

iRedMail doesn't allow access to OpenLDAP service from external network, did you forget to update iptables firewall to allow port 389 (or 636)?

6

Re: i can not do SMTP Authentication Query on SMG

No idea. Maybe you should ask support from SMG?