Why can't my remote users authenticate using ESMTP AUTH?

  1. Home
  2. Knowledge Base
  3. GMS
  4. Why can't my remote users authenticate using ESMTP AUTH?


The ESMTP AUTH command allows remote users to authenticate and (on successful authentication) gives them access to the email services. Typically this is used by ISPs and companies to let employees or customers access to their email systems.

Email systems may be behind a fire wall. In this case, all ESMTP traffic is filtered by the fire wall before being delivered to the mail server.

This FAQ entry relates to GMS users who have enabled ESMTP AUTH but find it does not work through their Watchguard Firebox Firewall.


The Watchguard Firebox’s SMTP proxy does not support the use of the AUTH command. In fact, it appears not to support the use of any ESMTP command. In general, the removal of ESMTP capability will have a dramatic effect on the efficiency of sending and receiving email messages.

In this case, the removal of the ESMTP AUTH command prevents the remote client authenticating.

The solution is to switch the Watchguard Firebox from using the SMTP service to the Filtered-SMTP service (found in the Packet Filters folder in the Add Services area of Policy Manager). When you do this, then mail connections will be allowed without the SMTP proxy being invoked, and all ESMTP headers will be allowed to pass through correctly.

If you require further information on the differences between these two services please contact Watchguard directly. http://www.watchguard.com.

Keywords:authenticate, authentication, auth, wathchguard firebox, esmtp, firewall

Was this article helpful?

Related Articles