XEROX Machines Unable to Connect - Build 7348

Problem reported by Tyler Raley - 2/19/2020 at 11:17 AM

Resolved

Currently on Build 7348 (Feb 13, 2020). We have several users unable to connect their XEROX Machines through SMTP. We were also unsuccessful. Password checked several times over. Server logs below.

[2020.02.19] 12:33:40.677 [XX.XXX.XXX.XXX][43390198] rsp: 220 mail.firehousesolutions.com Wed, 19 Feb 2020 17:33:40 +0000 UTC - SmarterMail Enterprise
[2020.02.19] 12:33:40.677 XX.XXX.XXX.XXX][43390198] connected at 2/19/2020 12:33:40 PM
[2020.02.19] 12:33:40.677 [XX.XXX.XXX.XXX][43390198] Country code: US
[2020.02.19] 12:33:40.677 [XX.XXX.XXX.XXX][43390198] IP in whitelist
[2020.02.19] 12:33:40.677 [XX.XXX.XXX.XXX][43390198] IP in authentication bypass
[2020.02.19] 12:33:40.677 [XX.XXX.XXX.XXX][43390198] disconnected at 2/19/2020 12:33:40 PM
[2020.02.19] 12:33:41.006 [XX.XXX.XXX.XXX][27299892] rsp: 220 mail.firehousesolutions.com Wed, 19 Feb 2020 17:33:41 +0000 UTC - SmarterMail Enterprise
[2020.02.19] 12:33:41.006 [XX.XXX.XXX.XXX][27299892] connected at 2/19/2020 12:33:41 PM
[2020.02.19] 12:33:41.006 [XX.XXX.XXX.XXX][27299892] Country code: US
[2020.02.19] 12:33:41.006 [XX.XXX.XXX.XXX][27299892] IP in whitelist
[2020.02.19] 12:33:41.006 [XX.XXX.XXX.XXX][27299892] IP in authentication bypass
[2020.02.19] 12:33:41.021 [XX.XXX.XXX.XXX][27299892] cmd: EHLO XRX9C934E8EEDA9.MVFD.local
[2020.02.19] 12:33:41.037 [XX.XXX.XXX.XXX][27299892] rsp: 250-mail.firehousesolutions.com Hello [XX.XXX.XXX.XXX]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5 NTLM250-STARTTLS250-8BITMIME250-DSN250 OK
[2020.02.19] 12:33:41.055 [XX.XXX.XXX.XXX][27299892] cmd: AUTH NTLM
[2020.02.19] 12:33:41.055 [XX.XXX.XXX.XXX][27299892] Authentication failed - ntlm start
[2020.02.19] 12:33:41.055 [XX.XXX.XXX.XXX][27299892] rsp: 535 Authentication failed
[2020.02.19] 12:33:41.068 [XX.XXX.XXX.XXX][27299892] disconnected at 2/19/2020 12:33:41 PM

13 Replies

Reply to Thread

Jason Adams Replied

2/19/2020 at 11:20 AM

I am having the same issue, lately it seems that they deserve a name change #NotSoSmarterTools.

Come on folks, get it together!

Larry Duran Replied

2/20/2020 at 7:58 AM

Employee Post

Hey Tyler, it looks like it's trying to use NTLM to authenticate but it's never sending the initial NTLM data in the request. This is how NTLM normally works,

Clients sends: AUTH NTLM [base64 encoded initial message]

Server sends: [base64 encoded challenge response]

Client sends: AUTH NTLM [base64 encoded authenticate message that's validated by the server]

So the client, the Xerox machine, isn't sending that first message in the auth, which is why the login fails. I did find a Microsoft documentation that shows SMTP can actually send the AUTH NTLM command without including the initial message. I'll add this to our bugs list for us to fix. I don't have a Xerox machine to test against though but I can supply you with a custom build if you wouldn't mind testing it out.

Larry Duran Software Developer SmarterTools Inc. www.smartertools.com

Tyler Raley Replied

2/22/2020 at 10:50 AM

Upgraded to Build 7355 (Feb 20, 2020) and continue to experience issues connecting a XEROX. Password checked several times over. Server logs below. Thank you!

---------------------------

[2020.02.22] 12:35:20.411 [XX.XXX.XXX.XXX][13076009] rsp: 220 mail.firehousesolutions.com Sat, 22 Feb 2020 17:35:20 +0000 UTC - SmarterMail Enterprise
[2020.02.22] 12:35:20.411 [XX.XXX.XXX.XXX[13076009] connected at 2/22/2020 12:35:20 PM
[2020.02.22] 12:35:20.426 [XX.XXX.XXX.XXX][13076009] Country code: US
[2020.02.22] 12:35:20.426 XX.XXX.XXX.XXX][13076009] IP in whitelist
[2020.02.22] 12:35:20.426 [XX.XXX.XXX.XXX][13076009] IP in authentication bypass
[2020.02.22] 12:35:20.489 [XX.XXX.XXX.XXX][13076009] cmd: EHLO XRX9C934E8EEDA9.MVFD.local
[2020.02.22] 12:35:20.489 [XX.XXX.XXX.XXX][13076009] rsp: 250-mail.firehousesolutions.com Hello [24.245.101.238]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5 NTLM250-8BITMIME250-DSN250 OK
[2020.02.22] 12:35:20.520 [XX.XXX.XXX.XXX][13076009] cmd: AUTH NTLM
[2020.02.22] 12:35:20.520 [XX.XXX.XXX.XXX][13076009] Authentication failed - ntlm start
[2020.02.22] 12:35:20.520 [XX.XXX.XXX.XXX][13076009] rsp: 535 Authentication failed
[2020.02.22] 12:35:20.536 [XX.XXX.XXX.XXX][13076009] disconnected at 2/22/2020 12:35:20 PM

Sébastien Riccio Replied

2/22/2020 at 6:54 PM

I would say NTLM on SmarterMail is half broken.

At least my attempts to use NTLM as auth with the "Swiss Army Knife for SMTP" (swaks) result in failure:

madjik@prism:~ 10 $ swaks --to sriccio@xxx.com --from "madjik@xxx.com" --header "Subject: Test mail" --body "This is a test mail" --server mail03.xxx.com --port 587 --timeout 40s --auth NTLM --auth-user "madjik@xxx.com" --auth-password <redacted> -tls 
=== Trying mail03.xxx.com:587...
=== Connected to mail03.xxx.com.
<-  220 mail03.xxx.com xxx Mail Server; Sun, 23 Feb 2020 02:46:05 +01:00; Your IP: 94.103.97.100
 -> EHLO prism
<-  250-mail03.xxx.com Hello [94.x.x.x]
<-  250-SIZE 52428800
<-  250-AUTH LOGIN CRAM-MD5 NTLM
<-  250-STARTTLS
<-  250-8BITMIME
<-  250-DSN
<-  250 OK
 -> STARTTLS
<-  220 Start TLS negotiation
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/OU=Domain Control Validated/OU=GoGetSSL Wildcard SSL/CN=*.xxx.com"
 ~> EHLO prism
<~  250-mail03.xxx.com Hello [94.x.x.x]
<~  250-SIZE 52428800
<~  250-AUTH LOGIN CRAM-MD5 NTLM
<~  250-8BITMIME
<~  250-DSN
<~  250 OK
 ~> AUTH NTLM
<~* 535 Authentication failed
*** No authentication type succeeded
 ~> QUIT
<~  221 Service closing transmission channel
=== Connection closed with remote host.

The same attempt with LOGIN is ok:

=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/OU=Domain Control Validated/OU=GoGetSSL Wildcard SSL/CN=*.xxx.com"
 ~> EHLO prism
<~  250-mail03.xxx.com Hello [x.x.x.x]
<~  250-SIZE 52428800
<~  250-AUTH LOGIN CRAM-MD5 NTLM
<~  250-8BITMIME
<~  250-DSN
<~  250 OK
 ~> AUTH LOGIN
<~  334 VXNlcm5hbWU6
 ~> bWFkamlrQGFyZWExMy5jb20=
<~  334 UGFzc3dvcmQ6
 ~> QW5nZWwxOTk4ISE=
<~  235 Authentication successful
 ~> MAIL FROM:<madjik@xxx.com>
<~  250 OK <madjik@xxx.com> Sender ok
 ~> RCPT TO:<sriccio@xxx.com>
<~  250 OK <sriccio@xxx.com> Recipient ok
 ~> DATA
<~  354 Start mail input; end with <CRLF>.<CRLF>
 ~> Date: Sun, 23 Feb 2020 02:52:43 +0100
 ~> To: sriccio@xxx.com
 ~> From: madjik@xxx.com
 ~> Subject: Test mail
 ~> Message-Id: <20200223025243.029859@prism>
 ~> X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/
 ~> 
 ~> This is a test mail
 ~> 
 ~> 
 ~> .
<~  250 OK
 ~> QUIT
<~  221 Service closing transmission channel
=== Connection closed with remote host.

On another hand I wasn't able to test swaks with NTLM on another server as I can't find any SMTP server allowing NTLM (even our local "real" exchange server or the outlook.com server smtp.office365.com)

I wonder why this has been added to SmarterMail, was it a requirement for something ?

IMHO it would be better to add the basic and widely used auth PLAIN...

Sébastien Riccio System & Network Admin https://swisscenter.com

Sébastien Riccio Replied

2/23/2020 at 12:46 AM

Hi,

I did an additionnal test with a basic telnet command flow test:

sriccio@prism:~ 28 $ telnet mail03.xxx.com 587
Trying 94.103.96.141...
Connected to mail03.xxx.com.
Escape character is '^]'.
220 mail03.xxx.com xxxMail Server; Sun, 23 Feb 2020 08:39:08 +01:00; Your IP: 94.103.97.100
EHLO prism
250-mail03.xxx.com Hello [94.103.x.x]
250-SIZE 52428800
250-AUTH LOGIN CRAM-MD5 NTLM
250-STARTTLS
250-8BITMIME
250-DSN
250 OK
AUTH NTLM
535 Authentication failed

Here we can see SmarterMail rejects directly the authentication process when we send "AUTH NTLM"

If I understand correctly, after AUTH NTLM is sent by the client, the server should respond with a "334 ntlm supported", but in my test it just reply that auth is failed.

Source:

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smtpntlm/a048c79f-7597-401b-bcb4-521d682de765

Here is the server-side log:

[2020.02.23] 08:39:08.284 [94.103.x.x][4394992] Country code: CH
[2020.02.23] 08:39:08.284 [94.103.x.x][4394992] IP in whitelist
[2020.02.23] 08:39:12.987 [94.103.x.x][4394992] cmd: EHLO prism
[2020.02.23] 08:39:12.987 [94.103.x.x][4394992] rsp: 250-mail03.xxx.com Hello [94.103.x.x]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5 NTLM250-STARTTLS250-8BITMIME250-DSN250 OK
[2020.02.23] 08:39:18.643 [94.103.x.x][4394992] cmd: AUTH NTLM
[2020.02.23] 08:39:18.643 [94.103.x.x][4394992] Authentication failed - ntlm start
[2020.02.23] 08:39:18.643 [94.103.x.x][4394992] rsp: 535 Authentication failed
[2020.02.23] 08:44:23.284 [94.103.x.x][4394992] rsp: 421 Command timeout, closing transmission channel
[2020.02.23] 08:44:23.284 [94.103.x.x][4394992] disconnected at 23.02.2020 08:44:23

Tested against latest (7355) build.

I guess the problem is not only with Xerox devices, but all devices/softwares supporting NTLM auth that first send "AUTH NTLM".

Sébastien Riccio System & Network Admin https://swisscenter.com

Sébastien Riccio Replied

2/23/2020 at 12:37 PM

Well actually I think they did not remove anything, only added NTLM auth method and your xerox device detects it and tries to use it. But it seems the NTLM implemenation in SM is not working in all cases.
I can't speak for ST team so let's wait for a feedback from the team.

Sébastien Riccio System & Network Admin https://swisscenter.com

Larry Duran Replied

2/24/2020 at 7:45 AM

Employee Post

Just to clarify some things here. Web Team and Tyler Raley are the only ones who have a custom build with this potential fix in it. Sebastien, your tests would result in failures as the fix is not in the public release. Also, our NTLM for SMTP does respond with a "334 ntlm supported" when the client issues an "auth ntlm" command. I was only able to test this using telnet commands as we don't have a Xerox machine that we could test against, which is why a custom build was produced instead of adding this into the public build.

This is what I get when I telnet the same commands to my local development server:

220 DEV.local

ehlo

250-DEV.local Hello [127.0.0.1]

250-SIZE 250-AUTH LOGIN CRAM-MD5 NTLM

250-8BITMIME

250-DSN

250 OK

auth ntlm

334 ntlm supported

The only way this would fail with "Authentication failed - ntlm start" is if there were some characters after "auth ntlm". I'll send Ronald and Tyler another build to test against as it almost seems like the fix did not make it into the custom build.

Also, Sebastien you are correct that we recently added NTLM support as an additional authentication method. I also would not say NTLM is not working in all cases. We've recently patched some fixes for NTLM and IMAP, but we're not aware of any other NTLM issues.

Larry Duran Software Developer SmarterTools Inc. www.smartertools.com

Sébastien Riccio Replied

2/24/2020 at 12:15 PM

ok thanks larry. If there is no issue I won't spend more time trying to help

still:

auth ntlm

535 Authentication failed.

on latest public beta -> "production ready" <- build....

telnet mail.smartertools.com 587
Trying 66.172.30.61...
Connected to mail.smartertools.com.
Escape character is '^]'.
220 mail.smartertools.com
ehlo
250-mail.smartertools.com Hello [94.103.x.x]
250-SIZE
250-AUTH LOGIN CRAM-MD5 NTLM
250-STARTTLS
250-8BITMIME
250-DSN
250 OK
auth ntlm
535 Authentication failed

Sébastien Riccio System & Network Admin https://swisscenter.com

Larry Duran Replied

2/24/2020 at 2:37 PM

Employee Post

Hey Sebastien, that is a correct response on the latest public release. We haven't merged the fix for this issue into the public build as of yet until we verify the fix. If the fix gets verified then I'll merge it and it should show up in the next public release. At that point if you test it you will see the correct responses.

Larry Duran Software Developer SmarterTools Inc. www.smartertools.com

echoDreamz Replied

2/24/2020 at 4:49 PM

We had this issue to with many printers/scanners. Thankfully we were able to have the customers change the auth method to PLAIN instead of AUTO and that fixed the issue. Though, did result in a few really angry IT guys.

Larry Duran Replied

2/25/2020 at 6:54 AM

Employee Post

Awesome Ronald, thanks for confirming the fix. I'll get this merged into our next public release.

Larry Duran Software Developer SmarterTools Inc. www.smartertools.com

Webio Replied

4/8/2020 at 2:23 AM

Hello,

I'm on build 7398 and my customers are also experiencing this issue:

2020.04.08 08:27:39.133 [CLIENTREMOTEIP][39266409] rsp: 220 SM_HOST
2020.04.08 08:27:39.133 [CLIENTREMOTEIP][39266409] connected at 2020-04-08 08:27:39
2020.04.08 08:27:39.133 [CLIENTREMOTEIP][39266409] Country code: PL
2020.04.08 08:27:39.148 [CLIENTREMOTEIP][39266409] cmd: EHLO CLIENT_NAME
2020.04.08 08:27:39.148 [CLIENTREMOTEIP][39266409] rsp: 250-SM_HOST Hello [CLIENTREMOTEIP]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5 NTLM250-STARTTLS250-8BITMIME250-DSN250 OK
2020.04.08 08:27:39.148 [CLIENTREMOTEIP][39266409] cmd: STARTTLS
2020.04.08 08:27:39.148 [CLIENTREMOTEIP][39266409] rsp: 220 Start TLS negotiation
2020.04.08 08:27:39.367 [CLIENTREMOTEIP][39266409] cmd: EHLO CLIENT_NAME
2020.04.08 08:27:39.367 [CLIENTREMOTEIP][39266409] rsp: 250-SM_HOST Hello [CLIENTREMOTEIP]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5 NTLM250-8BITMIME250-DSN250 OK
2020.04.08 08:27:39.383 [CLIENTREMOTEIP][39266409] cmd: AUTH NTLM TlRMTVNTUAABAAAABQQAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
2020.04.08 08:27:39.383 [CLIENTREMOTEIP][39266409] Authentication failed - ntlm start
2020.04.08 08:27:39.383 [CLIENTREMOTEIP][39266409] rsp: 535 Authentication failed
2020.04.08 08:27:39.398 [CLIENTREMOTEIP][39266409] disconnected at 2020-04-08 08:27:39

Larry Duran Replied

4/8/2020 at 6:55 AM

Employee Post

Hey Webio, thanks for letting us know. We think we found the issue and we'll get the fix into our next release.

Larry Duran Software Developer SmarterTools Inc. www.smartertools.com

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text

13 Replies

Reply to Thread

Tags

Related Knowledge Base Articles