[SOLVED] UPOPMAIL AND Windows Auth.

Author: manfred.laterner@11er.at (mlaterner)

Hello everyone,  we use UPOPMAIL to send Mails out of Uniface.  The Problem is that our SMTP Server sends mails without authentication, we need to change that. And heres my Problem with NTLM and kerberos With the NTLM authentication it works - but not right...   NTLM in my ASN   [USER_3GL] usysbin:uauthntlm(UAuthNTLMSMTP)   in Form/Service: variables   ..........*other variables*   String vSecurityProperties   String vSecurityParameters   handle vUPopMail endvariables *a few other rows* vSecurityProperties = "SMTP=UAuthNTLMSMTP" vSecurityParameters = "DOMAIN=%%$domain$%%%·;USER=%%$user$%%%·;PASSWORD=%%$password$%%%" vUPopMail->setSecurity(vSecurityProperties, vSecurityParameters) *Login > send > logoff* This works but we have to hard set a User/Password, who can write mails from all mailboxes like an exchange admin. because the mail-receiver should get the user mailadress as sender. And the SMTP dont accept for example   User: Uniface.Mail   From: mlaterner@Company.com because the user "Uniface.mail"  can´t send mails for the user "mlaterner" So we can´t do this with NTLM .   Kerberos Example ASN addet row: usysbin:uauthsspi(UAuthSSPISMTP)   in Form: *same Variables* vSecurityProperties = "SMTP=UAuthSSPISMTP" vSecurityParameters = "SSP=Kerberos·;SPN_SERVER=SmtpSvc/MAILSERVER.company.com" *Login ....... send* on the set security i get a "0" Status back   but after Login -> here i get a   "$status -8 "

 
Uniface Help:
Security context could not be established.
Either the DriverParameters argument of the SetSecurity operation contained
invalid keywords or data, or some protocol error occurred with the SMTP server.
 
 

Where is my problem? in my CMD  when i type : setspn -l MAILSERVER i get a few rows and 2 of them are with SMTPSCV like in the uniface description: SmtpSvc/MAILSERVER SmtpSvc/MAILSERVER.company.at   from my point of view it should work with there parameters but it don´t....  or is there a simple/other way to use the Windows Login information (User/password/domain) without typing them to logon SMTP?   Kind regards mlaterner

3 Comments

  1. Hello mlaterner, Did you also try the SSPI ("Windows integrated”) security driver (uauthsspi) with NTLM (SSP=NTLM)? I've found the following info in an internal document:

    "PLEASE NOTE - This driver allows you to use the credentials of the user that is already logged in, so that no username or password need be supplied. For NTLM, this always works. However for Kerberos, only the most recently acquired Kerberos tickets could be used successfully, in our enviroment. Microsoft provides a number of utilities that can be downloaded free of charge that allow you to see which Kerberos tickets you have cached or to create SPN names, e.g. KERBTRAY.EXE and SETSPN.EXE. A ticket refresh can be achieved for example by locking your work station and then unlocking it. The alternative is to provide user credentials to the driver." And according to the doc the SPN_SERVER parameter expects the SMTP server name in the following format:

    SMTPSVC/Host.Qualified.Name@KERB.REALM.NAME In your case the Kerberos realm name seems to be missing. I hope this helps. Kind regards, Daniel Iseli Uniface Technical Support


    Author: diseli (daniel.iseli@uniface.com)
  2. diseli said Hello mlaterner, Did you also try the SSPI ("Windows integrated”) security driver (uauthsspi) with NTLM (SSP=NTLM)?

      THIS !! solved my/our Problem.Laugh Thx for the fast help


    Author: mlaterner (manfred.laterner@11er.at)
  3. mlaterner said THIS !! solved my/our Problem.Laugh Thx for the fast help  

    You are welcome! Glad I could help. Laugh


    Author: diseli (daniel.iseli@uniface.com)