Basic Function; Authentication At Tx - Canon DU7-1178-000 Service Manual

Chapter 2

2.1 Basic Function

2.1.1 Authentication at TX

0010-7592
When the mail server is set on the internet, you need to prevent from Third Party Mail Relay that the third
party uses the false name. Third Party Mail Relay means that the third party sends large amount of spam
mails using the mail server which other people are operating. If you do not take any measures for this, re-
sources like server and network lines are exhausted and at the same time, you will get the claim from the
user who received the spam mail. As a measure, the authentication operation when SMTP transmission is
prepared.
In case of the inner network (LAN), you can prevent from Third Party Mail Relay by restricting the IP
address and the domain name. In order to send from the outside domain using the mail address or securely
use the mail server set on the internet which the provider prepares, the authentication is indispensable at
the transmission. This machine uses two authentication methods, POP Before SMTP and SMTP AUTH
and they enable to send i-FAX and e-mail to SMTP server which requests the sender's authentication.
POP before SMTP
With this method, before SMTP transmission is performed, the POP server is logged into. SMTP trans-
mission can only be continued once the POP server has confirmed the IP address of the connected client
as authorized within a specific period of time. After user authentication is carried out at the POP server,
the authenticated client IP address is relayed to the SMTP server, where it is processed. The process re-
quires a certain amount of time. Taking this processing time into consideration, there is an idle period of
300msec, from POP authentication to the start of SMTP transmission. If a POP before SMTP transmission
is generated during POP reception, POP authentication is made to wait until the reception is finished and
then POP authentication and SMTP transmission are performed. Errors occurring while the POP server is
connected are treated as transmission errors.
With regard to the actual programming, all that is necessary is for System Settings > Network Settings
> E-Mail/ I-Fax > Authent./ Encryption > POP Authentication bofore Sending to be set to ON.
Related new user error codes are #810 and #813. For details, refer to Troubleshooting.
SMTP AUTH
In SMTP AUTH, user authentication is performed when the SMTP server is connected, so that mail can
only be received from registered users. This method was standardized in March, 1999, as RFC2554.
SMTP AUTH uses ESMTP protocol, which is an extension of SMTP, and uses the SASL (Simple Authen-
tication and Security Layer) authentication mechanism, standardized as RFC2222, to authenticate the user
by sending the user name and password information in response to the server challenge data.
<Authentication mechanisms>
The SMTP server can have multiple authentication mechanisms and the most suitable authentication
mechanism is programmed in accordance with the security policy decided by the SMTP server adminis-
trator. The client E-Mail client application selects the authentication algorithm from among the available
authentication mechanisms and performs authentication upon transmission.
This model supports the following five types of authentication mechanism.
CRAM-MD5
Challenge-Response Authentication Mechanism, computed by using the key-protected MD5 algorithm by
HMAC-MD5 (RFC2104)
NTLM
Windows NT authentication method
User name must be set in the form 'username@NTdomainname'
E.g.:
Windows2000 or earlier: username\\CANON (domain name may be omitted, depending on the environ-
ment)
Windows2000: username@canon.co.jp (domain name may be omitted, depending on the environment)
GSSAPI
Authentication system using Kerberos Version 5 (RFC1510)
User name must be set in the form 'username@realmname'.
username@CANON.CO.JP
2-1