Transcription
Configuring GW MFPs for SMTP Authentication02/03/2011Technical Information:Configuring GW MFPs for SMTPAuthenticationWhite PaperDocument Version 1.0Copyright 2011 RICOH Americas Corporation.All rights reserved.Visit our Knowledgebase at: http://tsrc.ricoh-usa.com/ref/faq.aspPage 1 of 19
Configuring GW MFPs for SMTP AuthenticationNotice:THIS DOCUMENT MAY NOT BE REPRODUCED OR DISTRIBUTED IN WHOLE OR IN PART, FORANY PURPOSE OR IN ANY FASHION WITHOUT THE PRIOR WRITTEN CONSENT OF RICOHCOMPANY LIMITED. RICOH COMPANY LIMITED RETAINS THE SOLE DISCRETION TO GRANTOR DENY CONSENT TO ANY PERSON OR PARTY.Copyright 2009 by Ricoh Company Ltd.All product names, domain names or product illustrations, including desktop images, used in thisdocument are trademarks, registered trademarks or the property of their respective companies. Theyare used throughout this book in an informational or editorial fashion only. Ricoh Company, Ltd. does notgrant or intend to grant hereby any right to such trademarks or property to any third parties. The use ofany trade name or web site is not intended to convey endorsement or any other affiliation with Ricohproducts.The content of this document, and the appearance, features and specifications of Ricoh products aresubject to change from time to time without notice. While care has been taken to ensure the accuracy ofthis information, Ricoh makes no representation or warranties about the accuracy, completeness oradequacy of the information contained herein, and shall not be liable for any errors or omissions in thesematerials. The only warranties for Ricoh products and services are as set forth in the express warrantystatements accompanying them. Nothing herein shall be construed as constituting an additional warranty.Ricoh does not provide legal, accounting or auditing advice, or represent or warrant that our products orservices will ensure that you are in compliance with any law. Customer is responsible for making the finalselection of solution and technical architectures, and for ensuring its own compliance with various lawssuch as the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act and the Health Insurance Portability andAccountability Act (HIPAA).Version history:Version1.0Issue DateRevised itemSept. 26, 2007Initial releaseNOTE:Throughout this document you may see references such as 04A (2004 Autumn) or 05S (2005 Spring).You will only see an A (Autumn) or S (Spring) attached to the last two digits of a year.These two seasons reflect the time period the machines were manufactured.Page 2 of 19
Configuring GW MFPs for SMTP AuthenticationINDEX1. Introduction. 42. Target Readers . 43. Target Models . 44. SMTP servers and their authentication processes . 84-1Background . 84-2Sendmail and MS Exchange . 84-3SMTP Negotiation Process . 95. GW MFP SMTP Specification. 105-1Identification of the User. 115-2User's SMTP Authentication Settings (Address Book) . 115-2-1Selection of an Account. 115-2-2User SMTP Account and Email Address . 115-3Do not Specify and SP 5-860-022 . 125-4Device SMTP Account and Email Addresses (Device Settings Email) . 136. Limitation . 147. Configuration Check List . 167-1Situation1: User authentication disabled and the device SMTP account is used . 167-2Situation2: User Authentication Enabled but the Device SMTP Account is used. 167-3Situation3: User Authentication Enabled and Individual User Accounts are used . 178. Error Messages . 189. Appendix: SMTP Authentication in Pre-Fall of 2004 Models . 19Page 3 of 19
Configuring GW MFPs for SMTP Authentication1.IntroductionConfiguring GW MFPs for use of Scan to Email with SMTP authentication is not entirely intuitive. Thesettings do not always produce the results that customers might expect. Customers that use MicrosoftExchange will have to configure the MFP with extra caution in order to avoid problems.The purpose of this document is to provide a configuration guide for Scan to Email with SMTPauthentication, and to explain why each configuration is necessary. This document contains:2. A short overview of the SMTP authentication process. A review of the actions taken by the GW MFP during SMTP authentication. A summary of the settings affecting Scan to Email with SMTP authentication. A review of the error messages that might be encountered using Scan to Email.Target ReadersThis document is intended for the support staff of Ricoh family group companies and their subsidiaries.3.Target ModelsThis document applies to Fall of 2004 or later models.NOTE:Some pre-Fall of 2004 models had limited support for SMTP authentication. This will be described inthe Appendix of this document.PRODUCT ficio 10602560B0657502LD075Aficio 10752575B140DSm660LD160Aficio 20604060B141DSm675LD175Aficio 20754075B142DSm660 SPLD160 SPAficio 2060 SP4060 SPB143DSm675 SPLD175 SPAficio 2075 SP4075 SPB163DSm651LD151Aficio 20514051B228DSm651 SPLD151 SPAficio 2051 SP4051 SPB234DSm790LD190Aficio MP90008090B235DSm7110LD1110Aficio MP11108110B236DSm7135LD1135Aficio MP13508135D101Pro 906EXPro 906EXAficio Pro 906EXPro 906EXD102Pro 1106EXPro 1106EXAficio Pro 1106EXPro 1106EXD103Pro 1356EXPro 1356EXAficio Pro 1356EXPro 1356EXB246Dsm755LD255Aficio MP 55008055B248Dsm765LD265Aficio MP 65008065B249Dsm775LD275Aficio 75008075B250Dsm755 SPLD255 SPAficio MP 5500SP8055 SPPage 4 of 19
Configuring GW MFPs for SMTP AuthenticationPRODUCT CODECOMPANYGESTETNERLANIERRICOHSAVINB252Dsm765 SPLD265 SPAficio MP 6500SP8065 SPB253Dsm775 SPLD275 SPAficio MP 7500SP8075 SPD052MP 6000/SPLD260/SPAficio MP 6000/SP8060/SPD053MP 7000/SPLD270/SPAficio MP 7000/SP8070/SPD054MP 8000/SPLD280/SPAficio MP 8000/SP8080/SPB0709002LD090Aficio 20904090B07110512LD0105Aficio 210540105B0793532LD035Aficio 20354035B0824532LD045Aficio 20454045B089DSm622LD122Aficio 20224022B093DSm627LD127Aficio 20274027B0985502LD055Aficio 10552555B121DSm615LD115Aficio 20154015B122DSm618LD118Aficio 20184018B123DSm618dLD118dAficio 2018d4018dB259DSm616LD116Aficio 20168016B260DSm620LD120Aficio 20208020B261DSm620dLD120dAficio 2020D8020dB129DSm415LD015Aficio 15153515B130DSm415pfLD015spfAficio 1515MF3515MFB135/B182*DSm635LD135Aficio 2035e4035eB138/B183*DSm645LD145Aficio 2045e4045eB205DSm725LD225Aficio 30258025B209DSm730LD230Aficio 30308030D007DSm725eLD325Aficio MP 25108025eD008DSm730eLD330Aficio MP 30108030eB264DSm735LD 235Aficio 30358035B265DSm745LD 245Aficio 30458045B276DSm716LD316Aficio MP 16009016B277DSm721dLD320dAficio MP 20009021dB276DSm716sLD316LAficio MP 1600L9016sB277DSm721dsLD320dLAficio MP 2000L9021dsB288DSm416pfLD016SPFAficio MP 161SPF816mfB292DSm416LD016Aficio MP 161816B291DSm735eg-----Aficio MP 3500g8035egB295DSm745eg-----Aficio MP 4500g8045egD009MP 4000BLD040BAficio MP 4000B9040bD010DSm625LD125Aficio MP 25007025Page 5 of 19
Configuring GW MFPs for SMTP AuthenticationPRODUCT CODECOMPANYGESTETNERLANIERRICOHSAVIND011MP 4000LD040Aficio MP 40009040D012MP 5000BLD050BAficio MP 5000B9050bD013MP 5000LD050Aficio MP 50009050D014N/ALD260cAficio MP C6000C6055D015N/ALD275cAficio MP C7500C7570D017MP 2550BLD425BAficio MP2550B9025BD018MP 2550SPLD425SPAficio MP2550SP9025SPD019MP 3350BLD433BAficio MP 3350B9033BD020MP 3350SPLD433SPAficio MP 3350SP9033bSPD084MP 2851SPLD528SPAfficio MP2851SP9228SD085MP 3351SPLD533SPAfficio MP3351SP9233SPD059Pro 907EXPro 907EXPro 907EXPro 907EXD060Pro 1107EXPro 1107EXPro 1107EXPro 1107EXD061D069Pro 1357EXMP 6001/MP6001 SPMP 7001/MP 7001SPMP 8001/MP 8001SPMP 9001/MP 9001SPMP 171SPFPro /LD390spLD 117SPFPro 1357EXAficio MP 6001/MP 6001 SPAficio MP 7001/MP 7001 SPAficio MP 8001/MP 8001 SPAficio MP 9001/MP 9001 SPAficio MP 171SPFPro 917SPFD072MP 171LD 117Aficio MP 171917B051DSc224LD024cAficio 1224CC2408B052DSc232LD032cAficio 1232CC3210B132DSc460LD160cAficio 3260CC6045B200CS555LC155Aficio Color 5560SDC555B147DSc332LD232cAficio 2232CC3224B149DSc338LD238cAficio 2238CC3828B190DSc328LD228cAficio 2228CC2820B156DSc424LD124cAficio 3224CC2410B202DSc428LD328cAficio 3228CC2824B178DSc435LD335cAficio 3235CC3528B180DSc445LD345cAficio 3245CC4535B222DSc535LD435cAficio MP C3500C3535B224DSc545LD445cAficio MP C4500C4540B229GS 106LD215cAficio 615CSGC 1506B230DSc525LD425cAficio MP C2500C2525B237DSc530LD430cAficio MP C3000C3030D062D063D065D066Page 6 of 19
Configuring GW MFPs for SMTP AuthenticationPRODUCT 0cAficio MP C2000C2020D023MP C2800LD528CAficio MP C2800C2828D025MP C3300LD533CAficio MP C3300C3333D027MP C4000LD540CAficio MP C4000C4040D029MP C5000LD550CAficio MP C5000C5050D038MP C2050LD520CAficio MP C2050C9020D041MP C2550LD525CAficio MP C2550C9025* Machines pre-configured with the Printer/Scanner option (B654) will use the B182/B183 product codes.Page 7 of 19
Configuring GW MFPs for SMTP Authentication4.SMTP servers and their authentication processes4-1 BackgroundScan to Email authentication-related fields: SMTP username: The name used to login to the SMTP server during the authenticationprocess. GW MFPs have their own SMTP account settings. Users can also have their ownaccounts. This can be a Windows username or email address depending on the SMTP server. SMTP "From" field: The "MAIL FROM" field submitted to the SMTP server by the MFP beforedata is sent. Email header "From" field: The "From" field in the email header.Depending on the MFPs configuration, the above fields are populated by various combinations of thefollowing SMTP accounts and email addresses: Device SMTP account: The SMTP username and password configured in Device Settings Email SMTP (Web Image Monitor), or System Settings File Transfer SMTP Authentication(operation panel). User SMTP account: The SMTP username and password configured in the address book forthe currently logged-in user. Device SMTP email address: The email address configured in Device Settings Email SMTP (WIM), or System Settings File Transfer SMTP Authentication (operation panel). Administrator email address: The email address configured in Device Settings Email (WIM),or System Settings File Transfer (operation panel). User email address: The email address configured in the address book for the currentlylogged-in user.This document will describe which MFP settings will cause which email address to be assigned to whichfield, and which SMTP account to be used to login to the server. It will also describe the effects that canbe expected using different SMTP servers.4-2 Sendmail and MS ExchangeWe will discuss two types of SMTP server in this document.Sendmail (http://www.sendmail.org/)Sendmail authenticates users via username and password. These are sent to the server by the MFP inthe SMTP session negotiation process.Microsoft Exchange (http://www.microsoft.com/exchange/)MS Exchange authenticates users via username and password. For security reasons, MS Exchangealso tries to verify that the sender is who they say they are. This is done by comparing the SMTP Fromfield as well as the Email From field with the SMTP username. All 3 must match.Page 8 of 19
Configuring GW MFPs for SMTP Authentication4-3 SMTP Negotiation ProcessMFP blueSMTP server greenEHLO Adonis-C4-no1.gts.com250 server.gts.com Hello [192.168.0.1]AUTH LOGIN.235 2.7.0 Authentication successfulMAIL FROM:admin@gts.com(1) SMTP username and password(2) SMTP "From"250 2.1.0 admin@gts.com.Sender OKRCPT TO: receiver@gts.com 250 2.1.5 receiver@gts.comDATA354 Start mail input; end with CRLF . CRLF The email message has now been sent. It will include a header:From: admin@gts.com(3) Email header "From"Subject: testTo: receiver@gts.comDate:.(1) SMTP username and password:These are usually encrypted when transmitted.If the account can be authenticated, the SMTP server returns the “Authentication successful”message. If not, the server returns:535 5.7.3 Authentication unsuccessful.After this, the SMTP server terminates the session.(2) SMTP "From" field:This is also known as the “Envelope Sender” or “MIME Sender” and is submitted by SMTP protocol.(3) Email header "From" field:This is a part of the email message header.If an MS-Exchange server is being used, (1),(2) and (3) will be compared. If all 3 do not match, theExchange server will return:505 5.7.3 Client does not have permission to Send As this senderAfter this, MS Exchange terminates the session and disposes of the email message without sending it.Page 9 of 19
Configuring GW MFPs for SMTP Authentication5.GW MFP SMTP SpecificationAuthentication Information Flow Chart in a GW MFPBelow is a logic model showing how the MFP decides what actions to take based on its configuration:Execute a Scan to EmailHas the user beenidentified to the MFP?No(Anonymous)Section 5-1Yes(User logged in or specifiedthe sender manually)Use theusers SMTP account?Section 5-2-1No"Do not Specify"Yes"Specify Other Auth. Info""Use Auth. Info at Login"MFP transmits:(1)User SMTP account(2)User email address(3)User email addressSection 5-2-2(1) SMTP username and password(2) SMTP "From"(3) Email header "From"SP 5-860-022Enabled?Section 5-3NoYesMFP(1)(2)(3)transmits:Device SMTP accountemail addressAdministrator email addressSection 5-4MFP transmits:(1)Device SMTP account(2)Device SMTP email address(3)User email addressPage 10 of 19
Configuring GW MFPs for SMTP Authentication5-1 Identification of the UserIf a Scan to Email user identifies themselves to the GW MFP (via login or specifying the sender name),the MFP uses the user's SMTP authentication settings. 5-2-1If the user has not identified themselves to the MFP, the MFP uses the default device SMTP usernameand password. 5-45-2 User's SMTP Authentication Settings (Address Book)5-2-1 Selection of an AccountFirst, the user's selection of an SMTP account is referred to. Each user has one of the following settings: Specify Other Auth. Info: Use the user’s individual SMTP account and email address asconfigured in the address book. 5-2-2 Do not Specify: Use the device default SMTP account and email addresses. 5-3 Use Auth. Info at Login: Use the account that was used to login to the MFP and the emailaddress configured in the address book. Note that this option only appears if Basic, LDAP,Windows, or Integration Server authentication is enabled. 5-2-2The SMTP settings depend on the type of authentication that is enabled:UserCode (This setting is also displayed if authentication is disabled):Device SMTP accountBasic, Windows, LDAP or Integration Server authentication:Device SMTP account5-2-2 User SMTP Account and Email AddressIf Specify Other Auth. Info or Use Auth. Info at Login is configured for the user, the device uses the user’saccount and email address for all fields.Here is an example:Username:usr01Password:usr01passSMTP “From”:usr01@gts.comEmail header “From”:usr01@gts.comPage 11 of 19
Configuring GW MFPs for SMTP Authentication*There is an exception. Please see Section 6 of this document.5-3 Do not Specify and SP 5-860-022If Do not Specify is selected for a user, a problem might occur when the user tries to Scan to Email.Point 1:SP 5-860-022 must be enabled if the user authentication is enabled and "Do notSpecify" is selected for the user. (MS Exchange only)If Do not Specify is selected for a user and SP 5-860-022 is disabled (default), the device will login to theSMTP server using the device account. The device SMTP email address will be used in the SMTP "MailFrom" field. However, the user's email address will be used in the email header "From" field (this isbecause the user was identified by the MFP when they logged in). Due to the mismatch between theaccount and the email address, MS Exchange will not send the message.Here is an unsuccessful (in MS Exchange) example:Username:adminPassword:adminpassSMTP “From”:admin@gts.com (Device SMTP email address)Email header “From”:usr01@gts.comDoesn't match the accountSP 5-860-022 is intended specifically to solve this issue. Once SP 5-860-022 is enabled, theadministrator email address will be used in the email header "From" field, instead of the user's emailaddress. The user email address is moved to the reply-to field, which is not checked by MS Exchange.Here is a successful example with SP 5-860-022:Username:adminPassword:adminpassSMTP “From”:admin@gts.com (Device SMTP email address)Email header “Reply-to”: usr01@gts.com(Administrator email address)Email header “From”:admin@gts.coPage 12 of 19
Configuring GW MFPs for SMTP Authentication5-4 Device SMTP Account and Email Addresses (Device Settings Email)(In the operation panel, System Settings File Transfer)If the user is anonymous or Do not Specify is configured for the user, the device uses the device accountto log into the SMTP server, it then uses both the device SMTP address and administrator address tosend the message: Device SMTP email address: This will be used as the SMTP "From" field. Administrator email address: This will be used as the Email header "From" field.If MS-Exchange is the SMTP server, Scan-to-email will be rejected if the Administrator address is not thesame as the device's SMTP email address. This is another important point to consider duringconfiguration:Point 2:The Device SMTP email address and the Administrator email address must besynchronized if using the device SMTP account. (in MS Exchange)Here is a successful example:Username:Password:SMTP “From”:Email header “From”:adminadminpassadmin@gts.com (Device SMTP email address)admin@gts.com (Administrator email address)Administrator email addressDevice SMTP email addressPage 13 of 19
Configuring GW MFPs for SMTP Authentication6.LimitationPoint 3: "Specify Other Auth. Info" is not available as a setting under the following conditions: The User Administrator is enabled in the MFP. User authentication is either "user code" or disabled.This applies to all SMTP server types.User Administrators can overwrite SMTP authentication settings for all users.The Address book as seen on the operation panel when the User Administrator is disabled:The Address book as seen on the operation panel when the User Administrator is enabled:Page 14 of 19
Configuring GW MFPs for SMTP AuthenticationThe information on the Auth. Info tab is hidden even to the user. Only the User Administrator canview/change this information. If there are settings configured in the address book when the User Adminis enabled, the following will happen: User Code Hidden but not overwritten. This value can still be used. SMTP authentication settings Overwritten. Changed to "Do not specify". Only the deviceSMTP account can be used.There is no way to retain the user SMTP accounts in this case. If any of the other user authenticationtypes (Basic, Windows, LDAP, Integration server, etc) is used, the User Admin does not overwrite theSMTP settings, and user SMTP accounts can be used.NOTE:The reason for the difference between User Code authentication and other authentication types issecurity of the address book. User Code authentication is the only type that does not require usersto login in order to access System Settings on the operation panel. To prevent users from accessingother users' information, only the User Administrator has access to authentication tabs in theaddress book.Page 15 of 19
Configuring GW MFPs for SMTP Authentication7.Configuration Check ListThis section outlines some typical situations that might be encountered in a customer environment.7-1 Situation1: User authentication disabled and the device SMTP account is used1) Configure the MFP's device SMTP email address and Administrator's email address. If MS-Exchangeis the SMTP server, these two settings should match.2) Select "Do not specify" for each user's SMTP authentication setting.3) Enable SP 5-860-022 if the SMTP server is MS Exchange. This is necessary in cases where a Scan toEmail user manually inputs the sender name.4) Current MFPs prohibit the sending of anonymous Scan to Email messages. The "Auto specify sendername" option must be enabled.Examples:- If the user is anonymous:Username:Password:SMTP “From”:Email header om(Device address)(Administrator address)If the user has input a "sender name" and SP 5-860-022 is enabled:Username:adminPassword:adminpass(Device address)SMTP “From”:admin@gts.comEmail header “Reply-to”: usr01@gts.com(Administrator address)Email header “From”:admin@gts.com7-2 Situation2: User Authentication Enabled but the Device SMTP Account is used1) Configure the MFP's device address and administrator address. If MS-Exchange is the SMTP server,these two settings should match.2) Select "Do not specify" for each user's SMTP authentication setting.3) Enable SP 5-860-022 if the SMTP server is MS Exchange.Example:Username:Password:SMTP “From”:Email header “Reply-to”:Email header “From”:adminadminpassadmin@gts.com (Device address)usr01@gts.com(Administrator address)admin@gts.comPage 16 of 19
Configuring GW MFPs for SMTP Authentication7-3 Situation3: User Authentication Enabled and Individual User Accounts are usedLimitation: As described in section 6, if the User Administrator is enabled, User Code authenticationcannot be used in this situation.1) Select "Specify Other Auth. Info" or "Use Auth. Info at Login" for each user's SMTP authenticationsetting.2) SP 5-860-022 is not necessary. (If enabled, it adds the mail header "Reply-to" with the user address)Example:Username:Password:SMTP “From”:Email header mPage 17 of 19
Configuring GW MFPs for SMTP Authentication8.Error MessagesError messages displayed on the operation panel can provide some clues to the cause of a problem.Message: "Authentication with the destination has failed."Meaning: SMTP account is invalid.Message: "Transmission has failed"Meaning: Some or all of the data was not sent or not received by the MFP or SMTP server. This can becaused by any number of network problems. One cause of this message was described previously. If the"From" and "Mail From" values do not match, MS Exchange will terminate the session and this messagewill be displayed on the operation panel.Message: "Sender name is not selected"Meaning: The auto-specify sender name feature is disabled.Page 18 of 19
Configuring GW MFPs for SMTP Authentication9.Appendix: SMTP Authentication in Pre-Fall of 2004 ModelsThis appendix describes how to configure pre-Fall of 2004 models for SMTP authentication. The maindifference between pre-Fall of 2004 and Fall of 2004 models is that individual user accounts could not beused to login to the SMTP server with a pre-Fall of 2004 device. Instead the default device account wasalways used to login into the SMTP server.ModelsPre-Fall of 2004 models with the Scan to Email function/SMTP Authentication function.Pre-Fall of 2004 specificationOnly the device SMTP account can be used to login to the SMTP server. Users can have their own emailaddress, but not their own SMTP login account. The device SMTP account is defined by the setting "Keyoperator's email address". Typically, this is used for both the MAIL FROM and From fields.Pre-Fall of 2004 models only had 1 type of authentication; User Code authentication. If this was enabled,User email addresses that were registered in the address book could be used as the SMTP sender. Insuch cases, Pre-Fall of 2004 models were susceptible to the same kind of problem of Fall of 2004 orlater devices (The "From" field and "SMTP Mail from" were mismatched). SP 5-860-022 had to beenabled to overcome this problem.Configuring pre-Fall of 2004 modelsIf the user was anonymous (no authentication was used):Username:adminPassword:adminpassSMTP “MAIL FROM”:admin@gts.comEmail header “From”:admin@gts.com(Key Operator's email address)(Key Operator's email address)If the SMTP server was MS Exchange and User Code authentication was used, SP 5-860-022 musthave been enabled:Username:adminPassword:adminpass(Key Operator's email address)SMTP “MAIL FROM”:admin@gts.comEmail header “Reply-to”: usr01@gts.com(Key Operator's email address)Email header “From”:admin@gts.comPre-Fall of 2004 Error messagesMessage: "Sending the data has failed. To confirm the result, check [Scanned File Status]"Meaning: 1) SMTP account is invalid. 2) SMTP authentication is disabled. 3) The address fields did notmatch (SP 5-860-022 was disabled).Message: "Sending the data has failed. The data will be resent later."Meaning: The SMTP server could not be reached.Page 19 of 19
Configuring GW MFPs for SMTP Authentication Page 8 of 19 4. SMTP servers and their authentication processes 4-1 Background Scan to Email authentication-related fields: SMTP username: The name used to login to the SMTP server during the authentication process. GW MFPs have their own SMTP account settings. Users can also have their own accounts.
