Я запускаю программное обеспечение на сервере Windows, которое отправляет уведомления по электронной почте через удаленный SMTP-сервер. Он имеет очень мало параметров конфигурации и поддерживает только базовую аутентификацию SMTP без SSL / TLS. У меня exim4 работает на сервере Debian, который будет SMTP-сервером для этой программы Windows. Он настроен с конфигурацией по умолчанию, а также разрешает незашифрованные соединения AUTH PLAIN и AUTH LOGIN. Я успешно отправил электронное письмо по telnet:
Однако программе, которую я хочу подключить к этому серверу, не удается подключиться. Чтобы понять почему, я запустил анализатор пакетов во время соединения и увидел следующую сессию:
Я недостаточно знаком с протоколом SMTP, чтобы понять, что здесь происходит. Что мне нужно изменить на моем SMTP-сервере exim4, чтобы можно было установить это соединение?
1 ответ
503 AUTH command used when not advertised , по сути, объясняется тем, что он не предлагал клиенту использовать команду AUTH . Скорее всего, это связано с тем, что клиент использовал HELO , а не EHLO (что, как я заметил, вы использовали, когда проводили тест telnet).
SMTP-аутентификация является частью расширенного SMTP, который запускается командой EHLO ; «старый» SMTP не поддерживает аутентификацию, поэтому технически это недопустимая команда, хотя некоторые SMTP-серверы все еще могут ее разрешать.
Лучшее возможное решение — указать вашей программе использовать расширенный SMTP ( EHLO ), если это возможно, в противном случае может быть команда exim для принудительного включения AUTH для соединений типа HELO .
Согласно этому сообщению здесь: Ссылка
EHLO (not HELO) must be given by client before AUTH.
That is, AUTH command could not be used unless advertised (through EHLO, according to auth_advertise, etc). This behavior was hardened in Exim 4.20 and is not an option.
Похоже, вам нужен другой MTA, если вы не можете заставить ваше приложение выполнить EHLO . Или требуется проверка подлинности, можете ли вы сделать то же самое с помощью списков ACL на основе IP-адресов?
ЗАКЛЮЧИТЕЛЬНОЕ РЕШЕНИЕ
В exim есть обходной путь, используя allow_auth_unadvertised , как описано здесь , вы можете сделать что-то вроде этого:
I have a client that uses a Unifier from Cornerstone Communications (fax server) that communicates with their AS/400 (iseries, i) allowing them to fax or email spool files. They are not on a support contract because the cost is too high and they will not do an hourly support either.
Anyway a few days ago it stopped sending emails. When I look at the log the error it shows «SendMail failed: AUTH LOGIN failed. Response : 503 auth command used when not advertised»
This is running under Window XP Pro. There is a place in the software to enter the SMTP server, the user & password for SMTP authentication and the sending port. I have tried 3 different email accounts that are from different domains and I am still getting this. Plus theses are email accounts are being used from Outlook with no problems.
What I am trying to find out is:
1. What is this error caused from?
2. Is the problem more likely to be the computer and not the email accounts.
Premium Content Premium Content
- https://www.experts-exchange.com/questions/27343598/503-auth-command-used-when-not-advertised.html copy
Looks like whatever program or utility is handling the outbound mail tried to send the SMTP «AUTH» command to a mail server that doesn’t support that command.
The question is, what changed a few days ago? Did they move to a new ISP, perhaps?
I’m not familiar with this particular product, but sometimes after changing something like an email address, you need to stop and restart the application, or perhaps a mail service of some sort.
Is the email originating from the AS/400, or from a Windows server? Is there any other information in the log — for example, can you verify that when you make a change to the SMTP server, user and password it is actually being used? Does it log the IP addresses involved: that way you can verify that you are actually talking to the mail server that you think you are talking to.
One other possibility: perhaps there is a proxying firewall or something in the middle that is causing problems.
Remember, too, that some ISP’s block (or maybe even redirect?) outbound access to port 25, forcing you to use their mail server. I wouldn’t expect to see a 503 with a blocked port, but maybe they are forwarding all port 25 traffic to their mail server?
Set up one of the mail accounts, recreate the error, and then contact the mail service provider and ask them if they can see the rejected attempt.
Who specifically is the ISP and mail provider,a nd what region of the country is the client site located in? We might be able to find known limitations.
I was send through prot 587 with the account we have used without problems for the last 3 years. One of the accounts I tried used port 25.
They are originating from the Windows computer. I was rebooting the computer after I changed accounts.
ISP is AT&T business with a static ip. Indianapolis, IN
One other thing I forgot to mention. Monday I sent an email from the same account from the same location this computer is at and was notified by Barracuta that the email was rejected because the IP address is originated from had a poor reputation poor.
I believe that someone hacked into a web server over the weekend and may have been spamming from it. It has since been turned off.
I’m not sure if i even have an email account with them to send out email. I guess I can check and try that account. Just don’t like calling AT&T customer «NO» service.
Ah. You’ll probably need to work this out with the ISP and/or mail provider. It is a little surprising to me that switching to a different mail provider didn’t fix it, but you may have not had your authentication parameters set up correctly. Every provider is different.
There are a few different common authentication methods in use:
SMTP AUTH (unencrypted)
SMTP AUTH (encrypted)
POP before SMTP
In your mail setup for the Unifier product, you need to make sure that the authentication mechanism for your mail provider matches the type that they expect. There should be some options in the product for configuring authentication. Also, if your mail providers support a SMTP on a port other than port 25, you’ll also want to try that, since port 25 is so commonly blocked. AT&T definitely blocks port 25 in some markets, or at least did in the past.
Sometimes it is easy as calling them and asking to have port 25 unblocked.
Regardless, you’ll still need to get your ports, account, password, and authentication type right for whatever provider you are trying to use, and if you have trouble and if the mail provider supplies an alternate port, you should try it.
demonberkyt
Это была попытка настроить почту, для отправки письма с восстановлением пароля. Скрипт взял с форума (ссыль)
Сделал всё по инструкции, то есть:
Добавил код в class_config, теперь он выглядит так: (важные данные удалил перед отправкой)
Problems with SMTP conversation.
Code 503.
Message AUTH command used when not advertised
Источник: