Hi everybody, i have CO6 Pro, Zarafa Community, SMTP authentication enabled, trusted network, lan, WAn IP and internet domain name.
I need to use the email at SmartPhones Android, i can receive but cant send.
Any idea, how to use email like this,
I need to use the email at SmartPhones Android, i can receive but cant send.
Any idea, how to use email like this,
In Mail
Location [ View Larger Map ]
Share this post:
Responses (10)
-
Accepted Answer
Provided your using authentication it should work unless these ports are blocked on public wifi. If they are blocked on public wifi perhaps you can use z-push instead? z-push uses port 443 which every public wifi hot spot should let you connect to. It doesn't require SMTP port to send from your mobile. To use z-push you need to create an activesync account or exchange account if your on iphone.
z-push supports: Android, iPhone, BlackBerry. Windows phone is also supported but they don't take non trusted SSL certs so you might have to e-mail yourself clearos' certs to get it to work. -
Accepted Answer
To authenticate clients connecting from public WiFi you have a few choices.
1 - You could use something like OpenVPN to connect to your network then authenticate as you would on your LAN by adding the OpenVPN IP range to your trusted network. It is a bit more complicated for the user as they have to connect to OpenVPM first but possible.
2 - Use some form of user/pass authentication and perhaps certificates as well. For any of these to work, in your Webconfig, each user needs to have the App Policy for the SMTP Server User enabled then:
2a - You can open port 25 and enable authentication. I don't like this as it is too open to brute forcing.
2b - Do not enable authentication, but just open port 465 and use SMTPS (aka SMTP/SSL). Authentication is enabled in the background anyway irrespective of the authentication setting in the webconfig. I prefer this as I see far fewer (almost none) hostile connections here, but still set up fail2ban to block repeated login failures.
2c - Similar to 2b, do not enable authentication but open port 587 and use STARTTLS with user/pass authentication. To do this you'll also need to add a line to /etc/postfix/master.cf:
Reload the postfix configuration with a "service postfix reload". You could also add "permit_mynetworks" before "permit_sasl_authenticated". Again, use fail2bansubmission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
2d - As 2c but use certificates instead or as well as user/pass. I've seen and tries a set up for this but failed because the Android client I am using (K9 Mail) does not support certificates. Certificates would be the optimal solution as they largely make user/pass redundant and are not subject to brute forcing. fail2ban would be unnecessary as you do not need user/pass authentication. You can use user/pass but without the certificate brute forcing would fail anyway.
For myself I use 2c but I'd love to use 2d but have not found an Android client (free) which supports certificates. I still have port 25 open, without authentication, as I use my own SMTP server to receive mails directly rather than fetchmail or pop/imap but I do not do any relaying through the WAN port 25. -
Accepted Answer
Email server is running fine into office.
im using port 465 and is working fine, firewall incoming port open, and email working fine
my problem is how to authenticate outside clients, when they are a public wifi, when at server we can not add all public wifi s at trusted networks at smtp server -
Accepted Answer
The first thing to check is if your ISP blocks port 25. From the internet see if you get any response from telnetting to port 25. Also check you've opened the firewall to port 25 (which I don't like as there is too much brute forcing of passwords there). If port 25 is open and you still can't contact ClearOS with telnet then your ISP is blocking it. If that is the case then due to a misleading ClearOS configuration, try using port 465 with SMTPS. ClearOS is already set up to use it. All you have to do is open the port. Really this is a better option than using port 25 as there is much less hacking.
I find it odd that ClearOS is set up to use port 465 by default which uses an obsolete standard and not to use STARTTLS on port 587 which was the standard which was ratified in place of SMTPS.
If you do end up using port 25 please make sure you have strong passwords and also run something like fail2ban to try to block brute forcing.
[edit]
And in your client, use your public FQDN as the server IP then in the ClearOS hosts file add your WAN FQDN pointing to your ClearOS LAN IP.
[/edit] -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »