Changed mail server requirements with SwyxWare/Netphone 12.41

Enreach Info
Enreach Info
  • Updated

Information:

With release of SwyxWare/Netphone 12.41 also changes to the SMTP module became necessary to implement the current security requirements.

Therefore the module now reacts differently with regard to previously working configurations in connection with the email server used.

 

Support of extended authentication mechanisms:

If the mail server supports special authentication mechanisms, such as

  • GSSAPI
  • NTLM
  • XOAUTH2
  • OAUTHBEARER
  • ...

it can happen that the authentication basically works, but the TLS connection is directly terminated by the mail server. Here, different implementations of the various mechanisms and the expected responses, do not seem to match.

-> If you are experiencing such problems, please contact support via your reseller or distributor.

 

Support of "unauthenticated connections

If you have not authenticated via username/password in the mail server, but SMTP authentication has been activated in SwyxWare/Netphone (username and password are empty), no login to the mail server is possible.

So here is either:

  • Deactivate SMTP authentication

mceclip1.png

 

  • You enter a username and password if SMTP authentication is desired

 

Certificate problems during the establishment of an encrypted connection


The SMPT module now checks the validity of the server certificate in relation to the configured server name or FQDN by default. If a self-signed certificate is used for the specified mail server or the mail provider uses a certificate whose root certificate is not available in the Windows certificate store, the encrypted connection cannot be established.

Note: Firefox and other browsers use their own CA store and therefore have a different selection of root certificates than Windows. Therefore, testing the mail provider by accessing it via the browser can be misleading!

The SMTP module only accesses the Windows certificate store. In such a case, you must manually load the respective root certificate into the Windows store.

 

If this is not possible, it is possible to deactivate this certificate handling or the certificate chain check in the expert settings in the SCC (SwyxControlCenter):

 

SecurIty level 0 can be set here. Thereby the certificate handling will be ignored. A restart of the services after changing this value is recommended:

ATTENTION: SECURITY LEVEL 0 COMPLETELY DEACTIVATES CERTIFICATE VERIFICATION: SUBSEQUENTLY, THE ENCRYPTED CONNECTION IS NO LONGER CONSIDERED SECURE AND THIS SOLUTION OPTION IS THEREFORE NOT RECOMMENDED!

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.