Canon Color Universal Send Kit-Q1 Service Manual

Contents

Canon Color Universal Send Kit-Q1 Service Manual Manual pdf 21 page image

Chapter 22-12.1 Basic Function2.1.1 Authentication at TX 0020-7895When the mail server is set on the internet, you need to prevent from Third Party Mail Relay that the third party uses the false name. Third Party Mail Relay meansthat the third party sends large amount of spam mails using the mail server which other people are operating. If you do not take any measures for this, resourceslike server and network lines are exhausted and at the same time, you will get the claim from the user who received the spam mail. As a measure, the authenticationoperation when SMTP transmission is prepared.In case of the inner network (LAN), you can prevent from Third Party Mail Relay by restricting the IP address and the domain name. In order to send from theoutside domain using the mail address or securely use the mail server set on the internet which the provider prepares, the authentication is indispensable at thetransmission. This machine uses two authentication methods, POP Before SMTP and SMTP AUTH and they enable to send i-FAX and e-mail to SMTP serverwhich requests the sender's authentication.POP before SMTPWith this method, before SMTP transmission is performed, the POP server is logged into. SMTP transmission can only be continued once the POP server hasconfirmed the IP address of the connected client as authorized within a specific period of time. After user authentication is carried out at the POP server, the au-thenticated client IP address is relayed to the SMTP server, where it is processed. The process requires a certain amount of time. Taking this processing time intoconsideration, there is an idle period of 300msec, from POP authentication to the start of SMTP transmission. If a POP before SMTP transmission is generatedduring POP reception, POP authentication is made to wait until the reception is finished and then POP authentication and SMTP transmission are performed. Errorsoccurring while the POP server is connected are treated as transmission errors.With regard to the actual programming, all that is necessary is for System Settings > Network Settings > E-Mail/ I-Fax > Authent./ Encryption > POP Authen-tication bofore Sending to be set to ON.Related new user error codes are #810 and #813. For details, refer to Troubleshooting.SMTP AUTHIn SMTP AUTH, user authentication is performed when the SMTP server is connected, so that mail can only be received from registered users. This method wasstandardized in March, 1999, as RFC2554. SMTP AUTH uses ESMTP protocol, which is an extension of SMTP, and uses the SASL (Simple Authentication andSecurity Layer) authentication mechanism, standardized as RFC2222, to authenticate the user by sending the user name and password information in response tothe server challenge data.The SMTP server can have multiple authentication mechanisms and the most suitable authentication mechanism is programmed in accordance with the securitypolicy decided by the SMTP server administrator. The client E-Mail client application selects the authentication algorithm from among the available authenticationmechanisms and performs authentication upon transmission.This model supports the following five types of authentication mechanism.CRAM-MD5Challenge-Response Authentication Mechanism, computed by using the key-protected MD5 algorithm by HMAC-MD5 (RFC2104)NTLMWindows NT authentication methodUser name must be set in the form 'username@NTdomainname'E.g.:Windows2000 or earlier: username\\CANON (domain name may be omitted, depending on the environment)Windows2000: username@canon.co.jp (domain name may be omitted, depending on the environment)GSSAPIAuthentication system using Kerberos Version 5 (RFC1510)User name must be set in the form 'username@realmname'.username@CANON.CO.JP(In Exchange2000, realm name = domain name)PLAINAssumes that user name and password are sent as plain text (BASE64 encoded) and the communication packet is encoded. (RFC2595) Allows secure authentica-tion when used in combination with the encoded transmission described later.LOGINSends the user name and password as plain text (BASE64 encoded). Actual transaction is the same as with PLAIN. Similarly, allows secure authentication whenused in combination with encoded transmission.Even if the unit is programmed for transmission with SMTP AUTH, if the mail server does not support SMTP AUTH and the encoding system supported by theserver does not match that supported by this model, SMTP AUTH transmission will not be possible. In that case, even if SMTP AUTH is programmed, transmissionwill be by normal SMTP and there will be no transmission error generated. If an unauthenticated mail transmission is attempted to a server that will not allow suchtransmission, subsequent SMTP protocols will generate an error in the mail server. Unauthenticated mail can be transmitted to a server that will accept such trans-mission. These security policies are determined by the server so, even if SMTP AUTH is not programmed, it is impossible to tell whether transmission is possiblewithout checking with the customer's server administrator.Examples of transmission protocol using SMTP AUTH are given below.The EHLO response from the client tells whether SMTP AUTH is supported by the server and the authentication algorithm being used at that time is described. Inthe event that there are multiple authentication algorithms, multiple algorithm names are described. The client selects one of the relayed authentication algorithmsand then relays it on to the server. Server challenge data come from the server and coded data made up from the server challenge data, user name and password arereturned in response for authentication. In general, the authentication algorithm to be used can be selected on the server side and PLAIN and LOGIN authenticationand others which are undesirable from the perspective of security can be blocked by the server setting. (Security policy is determined by the server.)Server:220 smtp.example.com ESMTP server readyClient(iR):EHLO ifax.example.comS: 250-smtp.example.comS: 250-DSNS: 250-EXPNS: 250 AUTH CRAM-MD5 DIGEST-MD5 : <- server declares authentication algorithmC: AUTH CRAM-MD5 : <- client selects CRAM-MD5S: 334 : <- server response (subsequently, authentication begins with CRAM-MD5.)S: PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm9zb2Z0LmNvbT4=C: ZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRhMGMyYjNiYmFlNzg2ZQ==S: 235 Authentication successful.