May 01, 2023
Simon Smith
wrote
So I have had to change from 123-reg to one.com as my email service provider as 123-reg have removed their 'catch-all' forwarding option.
Moving to One.com was easy and quick to do. BUT I am having issues sending emails through their SMTP server.
The error message I get is
User [simon@dancingbear.me.uk] not authorized to send on behalf of
I am connecting using STARTTLS and as I said POP collection is not a problem. Does anyone have any ideas?
The diag output is:
1/5/2023 7:25:49.185 - >>Connected to send.one.com
1/5/2023 7:25:49.232 - STARTTLS
1/5/2023 7:25:49.263 - 220 2.0.0 Ready to start TLS
1/5/2023 7:25:49.357 - Entered STARTTLS mode - TLSv1.3 - TLS_AES_256_GCM_SHA384; TLSv1.3; Kx=any; Au=any; Enc=AESGCM(256); Mac=AEAD
1/5/2023 7:25:49.388 - AUTH PLAIN AHNpbW9uQGRhbmNpbmdiZWFyLm1lLnVrAERhbmNpbmdiZWFyMTk2NSU=
1/5/2023 7:25:49.482 - MAIL FROM:
1/5/2023 7:25:49.513 - 550 5.7.1 [M12] User [simon@dancingbear.me.uk] not authorized to send on behalf of (62dfe6cf-e7f1-11ed-a7d5-13111ccb208d)
1/5/2023 7:25:50.075 - RSET
1/5/2023 7:25:50.107 - 250 2.0.0 Ok
1/5/2023 7:25:50.107 - >>Disconnected from send.one.com
and also
29/4/2023 18:34:23.635 - 00000001EHLO dancingbear.me.uk
29/4/2023 18:34:23.666 - 00000001
Moving to One.com was easy and quick to do. BUT I am having issues sending emails through their SMTP server.
The error message I get is
User [simon@dancingbear.me.uk] not authorized to send on behalf of
I am connecting using STARTTLS and as I said POP collection is not a problem. Does anyone have any ideas?
The diag output is:
1/5/2023 7:25:49.185 - >>Connected to send.one.com
1/5/2023 7:25:49.232 - STARTTLS
1/5/2023 7:25:49.263 - 220 2.0.0 Ready to start TLS
1/5/2023 7:25:49.357 - Entered STARTTLS mode - TLSv1.3 - TLS_AES_256_GCM_SHA384; TLSv1.3; Kx=any; Au=any; Enc=AESGCM(256); Mac=AEAD
1/5/2023 7:25:49.388 - AUTH PLAIN AHNpbW9uQGRhbmNpbmdiZWFyLm1lLnVrAERhbmNpbmdiZWFyMTk2NSU=
1/5/2023 7:25:49.482 - MAIL FROM:
1/5/2023 7:25:49.513 - 550 5.7.1 [M12] User [simon@dancingbear.me.uk] not authorized to send on behalf of (62dfe6cf-e7f1-11ed-a7d5-13111ccb208d)
1/5/2023 7:25:50.075 - RSET
1/5/2023 7:25:50.107 - 250 2.0.0 Ok
1/5/2023 7:25:50.107 - >>Disconnected from send.one.com
and also
29/4/2023 18:34:23.635 - 00000001EHLO dancingbear.me.uk
29/4/2023 18:34:23.666 - 00000001
3 Answers
May 02, 2023
Paul Smith
agent
wrote
Hi Simon,
> So I have had to change from 123-reg to one.com as my email service provider as 123-reg have removed their 'catch-all' forwarding option.
> Moving to One.com was easy and quick to do. BUT I am having issues sending emails through their SMTP server.
> The error message I get is
>
> User [simon@dancingbear.me.uk] not authorized to send on behalf of
>
> I am connecting using STARTTLS and as I said POP collection is not a problem. Does anyone have any ideas?
That looks as if the ISP is restricting who can send from a particular login, and it does not understand the 'BATV' (Bounce Address Tag Validation) system, so you can only send messages from your exact email address.
Try turning off BATV support in VPOP3 (Settings -> Message Authentication -> BATV) and see if that helps
BATV prevents spurious bounce-back messages if *someone else* sends messages while forging your email address as the sender, so it's a very useful thing to have, but some ISPs over-restrict who can send messages, and don't understand things like BATV, so you're prevented from using it.
For more information on BATV, Wikipedia is a place to start - https://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation
Regards
Paul
> So I have had to change from 123-reg to one.com as my email service provider as 123-reg have removed their 'catch-all' forwarding option.
> Moving to One.com was easy and quick to do. BUT I am having issues sending emails through their SMTP server.
> The error message I get is
>
> User [simon@dancingbear.me.uk] not authorized to send on behalf of
>
> I am connecting using STARTTLS and as I said POP collection is not a problem. Does anyone have any ideas?
That looks as if the ISP is restricting who can send from a particular login, and it does not understand the 'BATV' (Bounce Address Tag Validation) system, so you can only send messages from your exact email address.
Try turning off BATV support in VPOP3 (Settings -> Message Authentication -> BATV) and see if that helps
BATV prevents spurious bounce-back messages if *someone else* sends messages while forging your email address as the sender, so it's a very useful thing to have, but some ISPs over-restrict who can send messages, and don't understand things like BATV, so you're prevented from using it.
For more information on BATV, Wikipedia is a place to start - https://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation
Regards
Paul
May 02, 2023
Simon Smith
wrote
As always Paul you come up with the solution. I can now send emails. It is strange as the sending address should be the same as the address setup on the One.com site.
Anyway I have let One.com know and hopefully they can resolve the issue at their end.
Thanks again
Simon
Anyway I have let One.com know and hopefully they can resolve the issue at their end.
Thanks again
Simon
May 02, 2023
Paul Smith
agent
wrote
Hi Simon,
> As always Paul you come up with the solution. I can now send emails. It is strange as the sending address should be the same as the address setup on the One.com site.
BATV changes the sending address (in the SMTP envelope, not the message itself) so that it is unique and cryptographically generated. Then, if you receive bounce messages to an address which is not a valid BATV-generated address, it knows that the bounce message was caused by a message that you did not actually send, so the bounce message will be silently discarded as it is backscatter caused by address forgery.
What could happen is that spammers send out thousands of emails and forge your email address as the sender (which is trivial to do). Then, when a large portion of those spam messages bounce, *you* would receive thousands of bounce messages for messages you never sent. BATV prevents that happening, but because your ISP only allows your exact email address as the envelope sender, you cannot use BATV, so you run the risk of this "backscatter" causing problems.
Regards
Paul
> As always Paul you come up with the solution. I can now send emails. It is strange as the sending address should be the same as the address setup on the One.com site.
BATV changes the sending address (in the SMTP envelope, not the message itself) so that it is unique and cryptographically generated. Then, if you receive bounce messages to an address which is not a valid BATV-generated address, it knows that the bounce message was caused by a message that you did not actually send, so the bounce message will be silently discarded as it is backscatter caused by address forgery.
What could happen is that spammers send out thousands of emails and forge your email address as the sender (which is trivial to do). Then, when a large portion of those spam messages bounce, *you* would receive thousands of bounce messages for messages you never sent. BATV prevents that happening, but because your ISP only allows your exact email address as the envelope sender, you cannot use BATV, so you run the risk of this "backscatter" causing problems.
Regards
Paul