When trying to setup an email service from an external source/provider (eg: Gmail, Sendmail, Mailchimp, Postfix, etc.) in Kerio Connect and the provider is set up to dual delivery mode, Kerio Connect experiences SMTP authentication problems. During SMTP communication, the following error is seen in Debug logs:
SMTP: Message from IP address vvv.xxx.yyy.zzz was rejected because of missing authentication
for local domain sender <username@kerio_domain.com>
Command DATA failed: Authentication required for local domain sender <username@kerio_domain.com>
Forwarding of mails to internal Kerio Connect accounts via an external provider is not acceptable by default due to SMTP authentication failing for the external provider's servers. Kerio Connect by default only relays emails for IP addresses that you have defined.
Contact the external provider to get the complete list of their server IP addresses (from where the mails would be sent to Kerio Connect email address/es) so that these IP addresses can be included in the trusted SMTP sender relay list in Kerio Connect.
Administrator access to the Kerio Connect server is required to perform the below steps:
- Add all the IP addresses provided by the external provider in one new group in Kerio Connect. Note: There isn't a way in Kerio Connect to add the external provider's information here using their DNS name.
- Go to Configuration > Security > Sender Policy tab.
- Enable the
Never reject messages from this IP address grouppolicy.
- From the dropdown menu, select the group that was created in the first step.
If the external provider's IP addresses are being updated from time to time, then you would need to ask their support team to provide you the list of IP addresses each time they have an update to this IP address list.