Difference between revisions of "Email authsmtp"

From Cncz
Jump to: navigation, search
 
Line 113: Line 113:
 
* Ga na naar het tabblad '''Geavanceerd''' en pas aan:<br /><br />
 
* Ga na naar het tabblad '''Geavanceerd''' en pas aan:<br /><br />
 
** Uitgaande e-mail (SMTP): '''25''' of '''587''' (Zie [|Algemene instellingen] voor meer informatie.)
 
** Uitgaande e-mail (SMTP): '''25''' of '''587''' (Zie [|Algemene instellingen] voor meer informatie.)
** '''Vink aan:''' Voor deze server is een gecodeerde verbinding vereist (SSL). <br /><br />[[Image:Outlook-NL-tls.jpg|Tabblad Geavanceerd]]<br /><br />
+
** Kies TLS als encryptiemethode voor de uitgaande mail (let op: sommige versies van Outlook noemen die SSL!). <br /><br />[[Image:Outlook-NL-tls.jpg|Tabblad Geavanceerd]]<br /><br />
  
 
[/nl] [en]
 
[/nl] [en]
Line 131: Line 131:
 
* Now go to the tab '''Advanced''' and adjust:<br /><br />
 
* Now go to the tab '''Advanced''' and adjust:<br /><br />
 
** Outgoing server (SMTP): '''25''' of '''587''' (See [|General settings] for more information.)
 
** Outgoing server (SMTP): '''25''' of '''587''' (See [|General settings] for more information.)
** '''Check the box''': This server requires a secure connection (SSL). <br /><br />[[Image:Outlook-EN-tls.jpg|Tab Advanced]]<br /><br />
+
** Choose TLS for the encryption method (Note: some versions of Outlook refer to this as SSL!) <br /><br />[[Image:Outlook-EN-tls.jpg|Tab Advanced]]<br /><br />
  
 
[/en]
 
[/en]

Revision as of 14:42, 23 January 2008

Authenticated SMTP

SMTP (Simple Mail Transfer Protocol) is the protocol with which email is transferred to another computer on the internet. Your email program uses it to give outgoing mail to your outgoing SMTP-server. When you want to send mail with your favourite email program, normally you have to use the SMTP-server of the internet-provider that you use at that moment. If you want to send email while travelling or if you have a laptop that you use on campus and at home, this would mean that you would have to change the outgoing SMTP-server all the time.

Why would you need a different SMTP-server? If you use your 'old' SMTP-server while connected through a different internet-provider, the SMTP-server sees an incoming connection from a 'strange' network. It will normally only accept mail from this 'strange' network for his 'own' users, but not for recipients all over the internet. If it would accept mail from anywhere and delivers that all over the internet, it can be misused to relay spam, after which the server will appear on blacklists and mail from this server will not be accepted by many other servers.

The alternative. If you authenticate yourself with your username and password to the SMTP-server, then the administrators of the SMTP-server can accept mail with recipients all over the internet. If misused, the administrators know which of their customers to contact.

Security. Because of the fact that you connect through a 'strange' network and that you have to supply username and password, the connection is encypted with SSL to prevent eavesdropping. All modern email programs support this.


Configuration of authenticated SMTP

General settings

  • Choose as SMTP-server smtp.science.ru.nl.
  • The default tcp port 25 can be used, but the submission port 587 also is supported. Smtps (port 465) is not supported.
    Some providers block outgoing traffic to port 25. Futhermore, Norton firewall and anti-virus refuse encrypted outgoing traffic to port 25 and it is not always clear how to fix that without disabling Norton firewall entirely. In this case using the submission port 587 offers a solution.
    Other firewalls such as the firewall of McAfee by default seem to block outgoing traffic to port 587, but allow it to the smtp port 25.
  • If one uses port 587, authentication is mandatory.
  • If one uses port 587, outgoing mail is not checked for spam content or virusses. This gives a way to send exe-files, which is otherwise not allowed.
  • Authentication is possible with the PLAIN and LOGIN authentication methods. In particular NTLM (a Microsoft protocol) and CRAM-MD5 are not supported.
    As account name one always has to use the login name (i.e. without "." and "@").
  • Authentication is only allowed if TLS is used. Sometimes this is called STARTTLS (Eudora) or SSL (Outlook, Pine).

Configuration of Thunderbird

  • Choose Tools → Account Settings.... For some versions Account Settings... is under the menu Edit.
  • Click on Outgoing Server (SMTP) in the left column and fill in or check:

    • Server Name: smtp.science.ru.nl
    • Port: 25 or 587 (See [|General settings] for more information.)
    • Check the box: Use name and password
    • User Name: your login name
    • Use secure connection: TLS, if available
      Outgoing Server (SMTP) Settings

Configuration of Outlook

  • Choose Tools → E-mail Accounts...
  • Check View or change existing e-mail accounts and click on Next.
  • Select the account and click on Change...:

    E-mail Accounts

  • On the next form, fill in:

    • Your E-mail Address.
    • Outgoing mailserver (SMTP): smtp.science.ru.nl
    • User Name: your login name
    • Do not check: Log on using Secure Password Authentication (SPA).

      Settings

      Now click on More Settings...
  • Go to the tab Outgoing Server and:

    • Check the box My outgoing server (SMTP) requires authentication.
    • Do not check: Log on using Secure Password Authentication (SPA).
    • It seems that Outlook XP won't use authentication unless you check Log on using and Remember password. Outlook 2003 doesn't have this bug.

      Tab Outgoing Server

  • Now go to the tab Advanced and adjust:

    • Outgoing server (SMTP): 25 of 587 (See [|General settings] for more information.)
    • Choose TLS for the encryption method (Note: some versions of Outlook refer to this as SSL!)

      Tab Advanced

Configuration of Outlook Express

  • Choose Tools → Accounts...
  • Go to the Mail tab, select the account and click on Properties:

    Internet Accounts

  • In the next window go to the tab Servers and adjust:

    • Outgoing server (SMTP): smtp.science.ru.nl
    • Account name: your login name
    • Do not check: Log on using Secure Password Authentication (SPA).
    • Check the box: My server requires authentication.
    • Optionally click on Settings... to change the Logon Information.

      Tab Servers Logon Information

  • Now go to the tab Advanced and adjust:

    • Outgoing server (SMTP): 25 or 587 (See [|General settings] for more information.)
    • Check: This server requires a secure connection (SSL).

      Tab Advanced

Configuration of Eudora

Please us a recent version of Eudora, at least version 6 or higher. The older the version of Eudora, the more trouble you will have with certificates.

  • Choose Tools → Options... and click on Sending Mail from the left colomn.
  • Fill in or check:

    • Your Email address.
    • SMTP server: smtp.science.ru.nl
    • Check the box: Allow authentication
    • If it exists, you might want to check the box: Use submission port (587)
      See [|General setting] for more information on the submission port.
    • Choose If Available, STARTTLS from the menu at the bottom of the window.

      Sending Mail Options

  • Now click on the New Message icon or use ctrl-N and try to send an email message to yourself. Eudora will probably complain about certificates:

    Server SSL Certificate Rejected

    Click on Yes. From now on Eudora should not complain any more about certificates when sending email.
  • Older versions of Eudora will give other error messages about certificates and will refuse to send messages. If this is the case, you have to do the following:

    • Go the right most tab in the left column of Eudora. This tab is called Personalities. Click with the right mouse button on the Dominant personality and choose Properties:

      Last SSL Info

    • Click on the button Last SSL Info.
    • In the next window, click on Certificate Information Manager.
    • In het volgende venster, selekteer het certificaat dat Eudora nog niet vertrouwt en klik op Add To Trusted:

      Certificate Information Manager

  • In even older versions of Eudora it can be necessary to import the Microsoft (DER) version of the C&CZ root certificate and add it to the trusted Eudora certificates. But it is better to switch to a more recent version of Eudora.

Configuration of Pine

Use S for SETUP and then C for Config and fill in:

smtp-server = smtp.science.ru.nl/user=loginname
If pine is used on a computer which is not a Sun administered by C&CZ, possibly the CA certificate will not be found. In that case the easiest way is to add the option /novalidate-cert, i.e.:

smtp-server = smtp.science.ru.nl/novalidate-cert/user=loginname

Configuration of KMail

  • In KMail choose Settings → Configure KMail..., select Accounts and go to the tab Sending and then click on Modify....
  • On the tab General fill in or check:

    SMTP General

  • On the tab Security check:

    SMTP Security

Configuration of Mac OS X Mail

  • Pull down the Mail menu, then select Preferences...
  • Click on Accounts (not for mail v1.0).
  • Select your existing e-mail account in the Accounts list on the left side of the window, then click on the Server Settings... button:

    Mac OS X Accounts

  • Adjust the following settings:

    • Outgoing Mail Server: smtp.science.ru.nl
    • Server port: 25 or 587 (See [|General settings] for more information.)
    • Check the box: Use Secure Sockets Layer (SSL)
    • Authentication: Password
    • Fill in your login name and password.

      Mac OS X SMTP Options