| Groups | Blog | Home |
iis smtp nntp : Authentication Problems
Ok, I finally got everything set up just how I want it...
except the authentication. It is requiring me to authenticate before sending mail both outside of my network and inside of my network. I don't want to require authentication inside my network though. How can I fix this? I have only 'Integrated Windows Authentication' checked for the acceptable authentication types. I also have 'Only the list below' selected for Relay Restritions, and I have granted 192.168.0.0/255.255.255.0, 10.10.0.0/255.255.255.128, and just in case 127.0.0.1. Also, I have the option checked to allow computers that successfully authenticate to send. What am I doing wrong?
the IP addresses of my internal networks are 192.168.0.0
and 10.10.0.0. I tried with and without the anonymous auth. With it enabled sending and receiving all worked fine, but it made the server not require authorization to send from both inside the network and outside the network, which means I get a lot of spam mail sent through my server. With it disabled everything works correctly (sending/receiving) except it required authorization to send, but both outside AND inside the network. That stopped the spam, but I want it to not require the authorization for inside the network. Thanks again. [quoted text, click to view] >-----Original Message-----
>a) You need to enable anonymous auth (otherwise no one is going to be able >to send you mail from outside) > >b) The next question is - what are the IP addresses of your internal >networks? > >Cheers >Ken > >"Evan" <grime@forbiddenninja.com> wrote in message >news:998701c48636$afb04fa0$a601280a@phx.gbl... >> Ok, I finally got everything set up just how I want it... >> except the authentication. It is requiring me to >> authenticate before sending mail both outside of my >> network and inside of my network. I don't want to require >> authentication inside my network though. How can I fix >> this? I have only 'Integrated Windows Authentication' >> checked for the acceptable authentication types. I also >> have 'Only the list below' selected for Relay Restritions, >> and I have granted 192.168.0.0/255.255.255.0, >> 10.10.0.0/255.255.255.128, and just in case 127.0.0.1. >> Also, I have the option checked to allow computers that >> successfully authenticate to send. What am I doing wrong? >> Thanks for your help. > > >.
What I mean by spam is people outside my network are using
my server as a relay for spam if I leave the anonymous auth enabled. I want my users to be able to send mail through this server when they are outside of the network (at home or wherever), but I want it to require authentication for that so only people with a username and password can. However if someone is trying to send mail from inside the network I want them to be able to do it without having to give a username and password. Is this not possible? With the anonymous auth disabled I can still send mail from outside the network using my server. All I have to do is set the option in my email client that says 'Outgoing Server Requires Authentication'. That is exactly how I want it to work outside the network. But it does the same thing inside the network, and I don't want users to have to set that option on their email clients inside the network. However, if I enable the anonymous auth it takes away the need for clients outside the network to set that 'Outgoing Server Requires Authentication' option, and thus anyone can use my server to send mail (including spammers). And, with anonymous auth enabled it does the same thing inside the network as it does outside the network (not ask for authentication), which I DO want. Am I making any sense? :P [quoted text, click to view] >-----Original Message-----
>Hi, > >What do you mean "spam sent through your network"? Do you mean people where >delivering spam to your users? If so, then simply edit the connection >properties of the SMTP server so that only users in your IP addresses can >connect to the server at all. This will stop anyone out on the internet from >being able to connect to your SMTP server. Users on your internal network >can connect, and send mail out without authenticating. > >However, if you want to receive mail from outside, you will need to have >anonymous authentication enabled, otherwise how is anyone supposed to send >your email? :-) > >Cheers >Ken > >"Evan" <grime@forbiddenninja.com> wrote in message >news:991001c4866d$582abe50$a401280a@phx.gbl... >> the IP addresses of my internal networks are 192.168.0.0 >> and 10.10.0.0. I tried with and without the anonymous >> auth. With it enabled sending and receiving all worked >> fine, but it made the server not require authorization to >> send from both inside the network and outside the network, >> which means I get a lot of spam mail sent through my >> server. With it disabled everything works correctly >> (sending/receiving) except it required authorization to >> send, but both outside AND inside the network. That >> stopped the spam, but I want it to not require the >> authorization for inside the network. Thanks again. >> >> >>>-----Original Message----- >>>a) You need to enable anonymous auth (otherwise no one is >> going to be able >>>to send you mail from outside) >>> >>>b) The next question is - what are the IP addresses of >> your internal >>>networks? >>> >>>Cheers >>>Ken >>> >>>"Evan" <grime@forbiddenninja.com> wrote in message >>>news:998701c48636$afb04fa0$a601280a@phx.gbl... >>>> Ok, I finally got everything set up just how I want >> it... >>>> except the authentication. It is requiring me to >>>> authenticate before sending mail both outside of my >>>> network and inside of my network. I don't want to >> require >>>> authentication inside my network though. How can I fix >>>> this? I have only 'Integrated Windows Authentication' >>>> checked for the acceptable authentication types. I also >>>> have 'Only the list below' selected for Relay >> Restritions, >>>> and I have granted 192.168.0.0/255.255.255.0, >>>> 10.10.0.0/255.255.255.128, and just in case 127.0.0.1. >>>> Also, I have the option checked to allow computers that >>>> successfully authenticate to send. What am I doing >> wrong? >>>> Thanks for your help. >>> >>> >>>. >>> > > >.
I think that is exactly how I had it. Here are some images
that might simplify things: http://home.centurytel.net/grime/auth.jpg http://home.centurytel.net/grime/relay.jpg With those settings I am able to send and receive mail both inside and outside the network, but it doesn't require authentication for any sending (inside or outside). Now if I remove the check from the anonymous auth, it makes me authenticate both inside AND outside the network. Seems to me that it's not processing my relay restrictions list, or I have something typed in there incorrectly. Could it be handling all external mail like internal mail because all external mail is being routed through my gateway (192.168.0.1), which is included in the access granted list? If so, how can I remove my gateway from that list and still keep the network range? [quoted text, click to view] >-----Original Message-----
>OK, > >This is what you should do: > >a) Enable Anonymous + <some other authentication> >b) Allow relay only to your internal network IP addresses >c) Allow computers who authenticate to relay >d) Make sure you do not have any weak or blank passwords >e) Make sure Windows accounts like "Guest" are not enabled > >If you have set this up then: >a) users inside your network will be able to relay without needing to >authenticate >b) users outside your network will need to authenticate to relay >c) anyone outside your network can send mail to users insider your network > >Just be aware that some spammers look for servers that have weak passwords >for known accounts (eg Administrator, Guest etc). If they can guess the >password for one of these accounts, they will be able to send spam through >your server because they can authenticate just like anyone else. > >*If* you are still being used as a spam relay in this case, then you have >something else setup incorrectly. > >Cheers >Ken > > >"Evan" <grime@forbiddenninja.com> wrote in message >news:973401c48675$02f1e780$a501280a@phx.gbl... >> What I mean by spam is people outside my network are using >> my server as a relay for spam if I leave the anonymous >> auth enabled. I want my users to be able to send mail >> through this server when they are outside of the network >> (at home or wherever), but I want it to require >> authentication for that so only people with a username and >> password can. However if someone is trying to send mail >> from inside the network I want them to be able to do it >> without having to give a username and password. Is this >> not possible? >> With the anonymous auth disabled I can still send mail >> from outside the network using my server. All I have to do >> is set the option in my email client that says 'Outgoing >> Server Requires Authentication'. That is exactly how I >> want it to work outside the network. But it does the same >> thing inside the network, and I don't want users to have >> to set that option on their email clients inside the >> network. >> However, if I enable the anonymous auth it takes away the >> need for clients outside the network to set that 'Outgoing >> Server Requires Authentication' option, and thus anyone >> can use my server to send mail (including spammers). And, >> with anonymous auth enabled it does the same thing inside >> the network as it does outside the network (not ask for >> authentication), which I DO want. Am I making any sense? :P >> >>>-----Original Message----- >>>Hi, >>> >>>What do you mean "spam sent through your network"? Do you >> mean people where >>>delivering spam to your users? If so, then simply edit >> the connection >>>properties of the SMTP server so that only users in your >> IP addresses can >>>connect to the server at all. This will stop anyone out >> on the internet from >>>being able to connect to your SMTP server. Users on your >> internal network >>>can connect, and send mail out without authenticating. >>> >>>However, if you want to receive mail from outside, you >> will need to have >>>anonymous authentication enabled, otherwise how is anyone >> supposed to send >>>your email? :-) >>> >>>Cheers >>>Ken >>> >>>"Evan" <grime@forbiddenninja.com> wrote in message >>>news:991001c4866d$582abe50$a401280a@phx.gbl... >>>> the IP addresses of my internal networks are 192.168.0.0 >>>> and 10.10.0.0. I tried with and without the anonymous >>>> auth. With it enabled sending and receiving all worked >>>> fine, but it made the server not require authorization >> to >>>> send from both inside the network and outside the >> network, >>>> which means I get a lot of spam mail sent through my >>>> server. With it disabled everything works correctly >>>> (sending/receiving) except it required authorization to >>>> send, but both outside AND inside the network. That >>>> stopped the spam, but I want it to not require the >>>> authorization for inside the network. Thanks again. >>>> >>>> >>>>>-----Original Message----- >>>>>a) You need to enable anonymous auth (otherwise no one >> is >>>> going to be able >>>>>to send you mail from outside) >>>>> >>>>>b) The next question is - what are the IP addresses of >>>> your internal >>>>>networks? >>>>> >>>>>Cheers >>>>>Ken >>>>> >>>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>>news:998701c48636$afb04fa0$a601280a@phx.gbl... >>>>>> Ok, I finally got everything set up just how I want >>>> it... >>>>>> except the authentication. It is requiring me to >>>>>> authenticate before sending mail both outside of my >>>>>> network and inside of my network. I don't want to >>>> require >>>>>> authentication inside my network though. How can I fix >>>>>> this? I have only 'Integrated Windows Authentication' >>>>>> checked for the acceptable authentication types. I >> also >>>>>> have 'Only the list below' selected for Relay >>>> Restritions, >>>>>> and I have granted 192.168.0.0/255.255.255.0, >>>>>> 10.10.0.0/255.255.255.128, and just in case 127.0.0.1. >>>>>> Also, I have the option checked to allow computers >> that >>>>>> successfully authenticate to send. What am I doing >>>> wrong? >>>>>> Thanks for your help. >>>>> >>>>> >>>>>. >>>>> >>> >>> >>>. >>> > > >.
No, it's not an SMTP gateway. It's just a
gateway/firewall. It runs a version of FreeBSD called m0n0wall. Will this not work unless my email server is in the dmz? [quoted text, click to view] >-----Original Message-----
>That setup should be correct if this machine is exposed directly to the >internet. > >When you say "gateway" are you talking about an SMTP gateway? If so, I think >that is where you should be preventing 3rd party relay, not on the internal >machine. > >Otherwise, you can manually add the other addresses in the 192.168.0.0 >subnet, excluding 192.168.0.1 (but that's a hassle) > >Cheers >Ken > > ><anonymous@discussions.microsoft.com> wrote in message >news:282201c4867e$3c87a3a0$a301280a@phx.gbl... >>I think that is exactly how I had it. Here are some images >> that might simplify things: >> http://home.centurytel.net/grime/auth.jpg >> http://home.centurytel.net/grime/relay.jpg >> >> With those settings I am able to send and receive mail >> both inside and outside the network, but it doesn't >> require authentication for any sending (inside or >> outside). Now if I remove the check from the anonymous >> auth, it makes me authenticate both inside AND outside the >> network. Seems to me that it's not processing my relay >> restrictions list, or I have something typed in there >> incorrectly. Could it be handling all external mail like >> internal mail because all external mail is being routed >> through my gateway (192.168.0.1), which is included in the >> access granted list? If so, how can I remove my gateway >> from that list and still keep the network range? >> >>>-----Original Message----- >>>OK, >>> >>>This is what you should do: >>> >>>a) Enable Anonymous + <some other authentication> >>>b) Allow relay only to your internal network IP addresses >>>c) Allow computers who authenticate to relay >>>d) Make sure you do not have any weak or blank passwords >>>e) Make sure Windows accounts like "Guest" are not enabled >>> >>>If you have set this up then: >>>a) users inside your network will be able to relay >> without needing to >>>authenticate >>>b) users outside your network will need to authenticate >> to relay >>>c) anyone outside your network can send mail to users >> insider your network >>> >>>Just be aware that some spammers look for servers that >> have weak passwords >>>for known accounts (eg Administrator, Guest etc). If they >> can guess the >>>password for one of these accounts, they will be able to >> send spam through >>>your server because they can authenticate just like >> anyone else. >>> >>>*If* you are still being used as a spam relay in this >> case, then you have >>>something else setup incorrectly. >>> >>>Cheers >>>Ken >>> >>> >>>"Evan" <grime@forbiddenninja.com> wrote in message >>>news:973401c48675$02f1e780$a501280a@phx.gbl... >>>> What I mean by spam is people outside my network are >> using >>>> my server as a relay for spam if I leave the anonymous >>>> auth enabled. I want my users to be able to send mail >>>> through this server when they are outside of the network >>>> (at home or wherever), but I want it to require >>>> authentication for that so only people with a username >> and >>>> password can. However if someone is trying to send >>>> from inside the network I want them to be able to do it >>>> without having to give a username and password. Is this >>>> not possible? >>>> With the anonymous auth disabled I can still send mail >>>> from outside the network using my server. All I have to >> do >>>> is set the option in my email client that says 'Outgoing >>>> Server Requires Authentication'. That is exactly how I >>>> want it to work outside the network. But it does the >> same >>>> thing inside the network, and I don't want users to have >>>> to set that option on their email clients inside the >>>> network. >>>> However, if I enable the anonymous auth it takes away >> the >>>> need for clients outside the network to set >> that 'Outgoing >>>> Server Requires Authentication' option, and thus anyone >>>> can use my server to send mail (including spammers). >> And, >>>> with anonymous auth enabled it does the same thing >> inside >>>> the network as it does outside the network (not ask for >>>> authentication), which I DO want. Am I making any >> sense? :P >>>> >>>>>-----Original Message----- >>>>>Hi, >>>>> >>>>>What do you mean "spam sent through your network"? Do >> you >>>> mean people where >>>>>delivering spam to your users? If so, then simply edit >>>> the connection >>>>>properties of the SMTP server so that only users in your >>>> IP addresses can >>>>>connect to the server at all. This will stop anyone out >>>> on the internet from >>>>>being able to connect to your SMTP server. Users on your >>>> internal network >>>>>can connect, and send mail out without authenticating. >>>>> >>>>>However, if you want to receive mail from outside, you >>>> will need to have >>>>>anonymous authentication enabled, otherwise how is >> anyone >>>> supposed to send >>>>>your email? :-) >>>>> >>>>>Cheers >>>>>Ken >>>>> >>>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>>news:991001c4866d$582abe50$a401280a@phx.gbl... >>>>>> the IP addresses of my internal networks are >> 192.168.0.0 >>>>>> and 10.10.0.0. I tried with and without the anonymous >>>>>> auth. With it enabled sending and receiving all worked >>>>>> fine, but it made the server not require authorization >>>> to >>>>>> send from both inside the network and outside the >>>> network, >>>>>> which means I get a lot of spam mail sent through my >>>>>> server. With it disabled everything works correctly >>>>>> (sending/receiving) except it required authorization >> to >>>>>> send, but both outside AND inside the network. That >>>>>> stopped the spam, but I want it to not require the >>>>>> authorization for inside the network. Thanks again. >>>>>> >>>>>> >>>>>>>-----Original Message----- >>>>>>>a) You need to enable anonymous auth (otherwise no one >>>> is >>>>>> going to be able >>>>>>>to send you mail from outside) >>>>>>> >>>>>>>b) The next question is - what are the IP addresses of >>>>>> your internal >>>>>>>networks? >>>>>>> >>>>>>>Cheers >>>>>>>Ken >>>>>>> >>>>>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>>>>news:998701c48636$afb04fa0$a601280a@phx.gbl... >>>>>>>> Ok, I finally got everything set up just how I want >>>>>> it... >>>>>>>> except the authentication. It is requiring me to >>>>>>>> authenticate before sending mail both outside of my >>>>>>>> network and inside of my network. I don't want to >>>>>> require >>>>>>>> authentication inside my network though. How can I >> fix >>>>>>>> this? I have only 'Integrated Windows >> Authentication' >>>>>>>> checked for the acceptable authentication types. I >>>> also
a) You need to enable anonymous auth (otherwise no one is going to be able
to send you mail from outside) b) The next question is - what are the IP addresses of your internal networks? Cheers Ken [quoted text, click to view] "Evan" <grime@forbiddenninja.com> wrote in message news:998701c48636$afb04fa0$a601280a@phx.gbl... > Ok, I finally got everything set up just how I want it... > except the authentication. It is requiring me to > authenticate before sending mail both outside of my > network and inside of my network. I don't want to require > authentication inside my network though. How can I fix > this? I have only 'Integrated Windows Authentication' > checked for the acceptable authentication types. I also > have 'Only the list below' selected for Relay Restritions, > and I have granted 192.168.0.0/255.255.255.0, > 10.10.0.0/255.255.255.128, and just in case 127.0.0.1. > Also, I have the option checked to allow computers that > successfully authenticate to send. What am I doing wrong? > Thanks for your help.
Hi,
What do you mean "spam sent through your network"? Do you mean people where delivering spam to your users? If so, then simply edit the connection properties of the SMTP server so that only users in your IP addresses can connect to the server at all. This will stop anyone out on the internet from being able to connect to your SMTP server. Users on your internal network can connect, and send mail out without authenticating. However, if you want to receive mail from outside, you will need to have anonymous authentication enabled, otherwise how is anyone supposed to send your email? :-) Cheers Ken [quoted text, click to view] "Evan" <grime@forbiddenninja.com> wrote in message news:991001c4866d$582abe50$a401280a@phx.gbl... > the IP addresses of my internal networks are 192.168.0.0 > and 10.10.0.0. I tried with and without the anonymous > auth. With it enabled sending and receiving all worked > fine, but it made the server not require authorization to > send from both inside the network and outside the network, > which means I get a lot of spam mail sent through my > server. With it disabled everything works correctly > (sending/receiving) except it required authorization to > send, but both outside AND inside the network. That > stopped the spam, but I want it to not require the > authorization for inside the network. Thanks again. > > >>-----Original Message----- >>a) You need to enable anonymous auth (otherwise no one is > going to be able >>to send you mail from outside) >> >>b) The next question is - what are the IP addresses of > your internal >>networks? >> >>Cheers >>Ken >> >>"Evan" <grime@forbiddenninja.com> wrote in message >>news:998701c48636$afb04fa0$a601280a@phx.gbl... >>> Ok, I finally got everything set up just how I want > it... >>> except the authentication. It is requiring me to >>> authenticate before sending mail both outside of my >>> network and inside of my network. I don't want to > require >>> authentication inside my network though. How can I fix >>> this? I have only 'Integrated Windows Authentication' >>> checked for the acceptable authentication types. I also >>> have 'Only the list below' selected for Relay > Restritions, >>> and I have granted 192.168.0.0/255.255.255.0, >>> 10.10.0.0/255.255.255.128, and just in case 127.0.0.1. >>> Also, I have the option checked to allow computers that >>> successfully authenticate to send. What am I doing > wrong? >>> Thanks for your help. >> >> >>. >>
OK,
This is what you should do: a) Enable Anonymous + <some other authentication> b) Allow relay only to your internal network IP addresses c) Allow computers who authenticate to relay d) Make sure you do not have any weak or blank passwords e) Make sure Windows accounts like "Guest" are not enabled If you have set this up then: a) users inside your network will be able to relay without needing to authenticate b) users outside your network will need to authenticate to relay c) anyone outside your network can send mail to users insider your network Just be aware that some spammers look for servers that have weak passwords for known accounts (eg Administrator, Guest etc). If they can guess the password for one of these accounts, they will be able to send spam through your server because they can authenticate just like anyone else. *If* you are still being used as a spam relay in this case, then you have something else setup incorrectly. Cheers Ken [quoted text, click to view] "Evan" <grime@forbiddenninja.com> wrote in message news:973401c48675$02f1e780$a501280a@phx.gbl... > What I mean by spam is people outside my network are using > my server as a relay for spam if I leave the anonymous > auth enabled. I want my users to be able to send mail > through this server when they are outside of the network > (at home or wherever), but I want it to require > authentication for that so only people with a username and > password can. However if someone is trying to send mail > from inside the network I want them to be able to do it > without having to give a username and password. Is this > not possible? > With the anonymous auth disabled I can still send mail > from outside the network using my server. All I have to do > is set the option in my email client that says 'Outgoing > Server Requires Authentication'. That is exactly how I > want it to work outside the network. But it does the same > thing inside the network, and I don't want users to have > to set that option on their email clients inside the > network. > However, if I enable the anonymous auth it takes away the > need for clients outside the network to set that 'Outgoing > Server Requires Authentication' option, and thus anyone > can use my server to send mail (including spammers). And, > with anonymous auth enabled it does the same thing inside > the network as it does outside the network (not ask for > authentication), which I DO want. Am I making any sense? :P > >>-----Original Message----- >>Hi, >> >>What do you mean "spam sent through your network"? Do you > mean people where >>delivering spam to your users? If so, then simply edit > the connection >>properties of the SMTP server so that only users in your > IP addresses can >>connect to the server at all. This will stop anyone out > on the internet from >>being able to connect to your SMTP server. Users on your > internal network >>can connect, and send mail out without authenticating. >> >>However, if you want to receive mail from outside, you > will need to have >>anonymous authentication enabled, otherwise how is anyone > supposed to send >>your email? :-) >> >>Cheers >>Ken >> >>"Evan" <grime@forbiddenninja.com> wrote in message >>news:991001c4866d$582abe50$a401280a@phx.gbl... >>> the IP addresses of my internal networks are 192.168.0.0 >>> and 10.10.0.0. I tried with and without the anonymous >>> auth. With it enabled sending and receiving all worked >>> fine, but it made the server not require authorization > to >>> send from both inside the network and outside the > network, >>> which means I get a lot of spam mail sent through my >>> server. With it disabled everything works correctly >>> (sending/receiving) except it required authorization to >>> send, but both outside AND inside the network. That >>> stopped the spam, but I want it to not require the >>> authorization for inside the network. Thanks again. >>> >>> >>>>-----Original Message----- >>>>a) You need to enable anonymous auth (otherwise no one > is >>> going to be able >>>>to send you mail from outside) >>>> >>>>b) The next question is - what are the IP addresses of >>> your internal >>>>networks? >>>> >>>>Cheers >>>>Ken >>>> >>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>news:998701c48636$afb04fa0$a601280a@phx.gbl... >>>>> Ok, I finally got everything set up just how I want >>> it... >>>>> except the authentication. It is requiring me to >>>>> authenticate before sending mail both outside of my >>>>> network and inside of my network. I don't want to >>> require >>>>> authentication inside my network though. How can I fix >>>>> this? I have only 'Integrated Windows Authentication' >>>>> checked for the acceptable authentication types. I > also >>>>> have 'Only the list below' selected for Relay >>> Restritions, >>>>> and I have granted 192.168.0.0/255.255.255.0, >>>>> 10.10.0.0/255.255.255.128, and just in case 127.0.0.1. >>>>> Also, I have the option checked to allow computers > that >>>>> successfully authenticate to send. What am I doing >>> wrong? >>>>> Thanks for your help. >>>> >>>> >>>>. >>>> >> >> >>. >>
That setup should be correct if this machine is exposed directly to the
internet. When you say "gateway" are you talking about an SMTP gateway? If so, I think that is where you should be preventing 3rd party relay, not on the internal machine. Otherwise, you can manually add the other addresses in the 192.168.0.0 subnet, excluding 192.168.0.1 (but that's a hassle) Cheers Ken [quoted text, click to view] <anonymous@discussions.microsoft.com> wrote in message news:282201c4867e$3c87a3a0$a301280a@phx.gbl... >I think that is exactly how I had it. Here are some images > that might simplify things: > http://home.centurytel.net/grime/auth.jpg > http://home.centurytel.net/grime/relay.jpg > > With those settings I am able to send and receive mail > both inside and outside the network, but it doesn't > require authentication for any sending (inside or > outside). Now if I remove the check from the anonymous > auth, it makes me authenticate both inside AND outside the > network. Seems to me that it's not processing my relay > restrictions list, or I have something typed in there > incorrectly. Could it be handling all external mail like > internal mail because all external mail is being routed > through my gateway (192.168.0.1), which is included in the > access granted list? If so, how can I remove my gateway > from that list and still keep the network range? > >>-----Original Message----- >>OK, >> >>This is what you should do: >> >>a) Enable Anonymous + <some other authentication> >>b) Allow relay only to your internal network IP addresses >>c) Allow computers who authenticate to relay >>d) Make sure you do not have any weak or blank passwords >>e) Make sure Windows accounts like "Guest" are not enabled >> >>If you have set this up then: >>a) users inside your network will be able to relay > without needing to >>authenticate >>b) users outside your network will need to authenticate > to relay >>c) anyone outside your network can send mail to users > insider your network >> >>Just be aware that some spammers look for servers that > have weak passwords >>for known accounts (eg Administrator, Guest etc). If they > can guess the >>password for one of these accounts, they will be able to > send spam through >>your server because they can authenticate just like > anyone else. >> >>*If* you are still being used as a spam relay in this > case, then you have >>something else setup incorrectly. >> >>Cheers >>Ken >> >> >>"Evan" <grime@forbiddenninja.com> wrote in message >>news:973401c48675$02f1e780$a501280a@phx.gbl... >>> What I mean by spam is people outside my network are > using >>> my server as a relay for spam if I leave the anonymous >>> auth enabled. I want my users to be able to send mail >>> through this server when they are outside of the network >>> (at home or wherever), but I want it to require >>> authentication for that so only people with a username > and >>> password can. However if someone is trying to send mail >>> from inside the network I want them to be able to do it >>> without having to give a username and password. Is this >>> not possible? >>> With the anonymous auth disabled I can still send mail >>> from outside the network using my server. All I have to > do >>> is set the option in my email client that says 'Outgoing >>> Server Requires Authentication'. That is exactly how I >>> want it to work outside the network. But it does the > same >>> thing inside the network, and I don't want users to have >>> to set that option on their email clients inside the >>> network. >>> However, if I enable the anonymous auth it takes away > the >>> need for clients outside the network to set > that 'Outgoing >>> Server Requires Authentication' option, and thus anyone >>> can use my server to send mail (including spammers). > And, >>> with anonymous auth enabled it does the same thing > inside >>> the network as it does outside the network (not ask for >>> authentication), which I DO want. Am I making any > sense? :P >>> >>>>-----Original Message----- >>>>Hi, >>>> >>>>What do you mean "spam sent through your network"? Do > you >>> mean people where >>>>delivering spam to your users? If so, then simply edit >>> the connection >>>>properties of the SMTP server so that only users in your >>> IP addresses can >>>>connect to the server at all. This will stop anyone out >>> on the internet from >>>>being able to connect to your SMTP server. Users on your >>> internal network >>>>can connect, and send mail out without authenticating. >>>> >>>>However, if you want to receive mail from outside, you >>> will need to have >>>>anonymous authentication enabled, otherwise how is > anyone >>> supposed to send >>>>your email? :-) >>>> >>>>Cheers >>>>Ken >>>> >>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>news:991001c4866d$582abe50$a401280a@phx.gbl... >>>>> the IP addresses of my internal networks are > 192.168.0.0 >>>>> and 10.10.0.0. I tried with and without the anonymous >>>>> auth. With it enabled sending and receiving all worked >>>>> fine, but it made the server not require authorization >>> to >>>>> send from both inside the network and outside the >>> network, >>>>> which means I get a lot of spam mail sent through my >>>>> server. With it disabled everything works correctly >>>>> (sending/receiving) except it required authorization > to >>>>> send, but both outside AND inside the network. That >>>>> stopped the spam, but I want it to not require the >>>>> authorization for inside the network. Thanks again. >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>a) You need to enable anonymous auth (otherwise no one >>> is >>>>> going to be able >>>>>>to send you mail from outside) >>>>>> >>>>>>b) The next question is - what are the IP addresses of >>>>> your internal >>>>>>networks? >>>>>> >>>>>>Cheers >>>>>>Ken >>>>>> >>>>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>>>news:998701c48636$afb04fa0$a601280a@phx.gbl... >>>>>>> Ok, I finally got everything set up just how I want >>>>> it... >>>>>>> except the authentication. It is requiring me to >>>>>>> authenticate before sending mail both outside of my >>>>>>> network and inside of my network. I don't want to >>>>> require >>>>>>> authentication inside my network though. How can I > fix >>>>>>> this? I have only 'Integrated Windows > Authentication' >>>>>>> checked for the acceptable authentication types. I >>> also >>>>>>> have 'Only the list below' selected for Relay >>>>> Restritions, >>>>>>> and I have granted 192.168.0.0/255.255.255.0, >>>>>>> 10.10.0.0/255.255.255.128, and just in case > 127.0.0.1. >>>>>>> Also, I have the option checked to allow computers >>> that >>>>>>> successfully authenticate to send. What am I doing >>>>> wrong? >>>>>>> Thanks for your help. >>>>>> >>>>>> >>>>>>. >>>>>> >>>> >>>> >>>>. >>>> >> >> >>. >>
If it's not proxying mail, then it should not matter. Check in your mail
server logs to see what IP address MS SMTP server thinks the mail is coming from. If your FreeBSD box is just a firewall, then it doesn't proxy SMTP messages (it operates at a lower layer in the TCP/IP model). MS SMTP server should see mail as coming from the original IP address (outside your network). Cheers Ken [quoted text, click to view] "Evan" <grime@forbiddenninja.com> wrote in message
news:a07701c486b2$34f10d50$a601280a@phx.gbl... > No, it's not an SMTP gateway. It's just a > gateway/firewall. It runs a version of FreeBSD called > m0n0wall. Will this not work unless my email server is in > the dmz? > >>-----Original Message----- >>That setup should be correct if this machine is exposed > directly to the >>internet. >> >>When you say "gateway" are you talking about an SMTP > gateway? If so, I think >>that is where you should be preventing 3rd party relay, > not on the internal >>machine. >> >>Otherwise, you can manually add the other addresses in > the 192.168.0.0 >>subnet, excluding 192.168.0.1 (but that's a hassle) >> >>Cheers >>Ken >> >> >><anonymous@discussions.microsoft.com> wrote in message >>news:282201c4867e$3c87a3a0$a301280a@phx.gbl... >>>I think that is exactly how I had it. Here are some > images >>> that might simplify things: >>> http://home.centurytel.net/grime/auth.jpg >>> http://home.centurytel.net/grime/relay.jpg >>> >>> With those settings I am able to send and receive mail >>> both inside and outside the network, but it doesn't >>> require authentication for any sending (inside or >>> outside). Now if I remove the check from the anonymous >>> auth, it makes me authenticate both inside AND outside > the >>> network. Seems to me that it's not processing my relay >>> restrictions list, or I have something typed in there >>> incorrectly. Could it be handling all external mail like >>> internal mail because all external mail is being routed >>> through my gateway (192.168.0.1), which is included in > the >>> access granted list? If so, how can I remove my gateway >>> from that list and still keep the network range? >>> >>>>-----Original Message----- >>>>OK, >>>> >>>>This is what you should do: >>>> >>>>a) Enable Anonymous + <some other authentication> >>>>b) Allow relay only to your internal network IP > addresses >>>>c) Allow computers who authenticate to relay >>>>d) Make sure you do not have any weak or blank passwords >>>>e) Make sure Windows accounts like "Guest" are not > enabled >>>> >>>>If you have set this up then: >>>>a) users inside your network will be able to relay >>> without needing to >>>>authenticate >>>>b) users outside your network will need to authenticate >>> to relay >>>>c) anyone outside your network can send mail to users >>> insider your network >>>> >>>>Just be aware that some spammers look for servers that >>> have weak passwords >>>>for known accounts (eg Administrator, Guest etc). If > they >>> can guess the >>>>password for one of these accounts, they will be able to >>> send spam through >>>>your server because they can authenticate just like >>> anyone else. >>>> >>>>*If* you are still being used as a spam relay in this >>> case, then you have >>>>something else setup incorrectly. >>>> >>>>Cheers >>>>Ken >>>> >>>> >>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>news:973401c48675$02f1e780$a501280a@phx.gbl... >>>>> What I mean by spam is people outside my network are >>> using >>>>> my server as a relay for spam if I leave the anonymous >>>>> auth enabled. I want my users to be able to send mail >>>>> through this server when they are outside of the > network >>>>> (at home or wherever), but I want it to require >>>>> authentication for that so only people with a username >>> and >>>>> password can. However if someone is trying to send >>>>> from inside the network I want them to be able to do > it >>>>> without having to give a username and password. Is > this >>>>> not possible? >>>>> With the anonymous auth disabled I can still send mail >>>>> from outside the network using my server. All I have > to >>> do >>>>> is set the option in my email client that > says 'Outgoing >>>>> Server Requires Authentication'. That is exactly how I >>>>> want it to work outside the network. But it does the >>> same >>>>> thing inside the network, and I don't want users to > have >>>>> to set that option on their email clients inside the >>>>> network. >>>>> However, if I enable the anonymous auth it takes away >>> the >>>>> need for clients outside the network to set >>> that 'Outgoing >>>>> Server Requires Authentication' option, and thus > anyone >>>>> can use my server to send mail (including spammers). >>> And, >>>>> with anonymous auth enabled it does the same thing >>> inside >>>>> the network as it does outside the network (not ask > for >>>>> authentication), which I DO want. Am I making any >>> sense? :P >>>>> >>>>>>-----Original Message----- >>>>>>Hi, >>>>>> >>>>>>What do you mean "spam sent through your network"? Do >>> you >>>>> mean people where >>>>>>delivering spam to your users? If so, then simply edit >>>>> the connection >>>>>>properties of the SMTP server so that only users in > your >>>>> IP addresses can >>>>>>connect to the server at all. This will stop anyone > out >>>>> on the internet from >>>>>>being able to connect to your SMTP server. Users on > your >>>>> internal network >>>>>>can connect, and send mail out without authenticating. >>>>>> >>>>>>However, if you want to receive mail from outside, you >>>>> will need to have >>>>>>anonymous authentication enabled, otherwise how is >>> anyone >>>>> supposed to send >>>>>>your email? :-) >>>>>> >>>>>>Cheers >>>>>>Ken >>>>>> >>>>>>"Evan" <grime@forbiddenninja.com> wrote in message >>>>>>news:991001c4866d$582abe50$a401280a@phx.gbl... >>>>>>> the IP addresses of my internal networks are >>> 192.168.0.0 >>>>>>> and 10.10.0.0. I tried with and without the > anonymous >>>>>>> auth. With it enabled sending and receiving all > worked >>>>>>> fine, but it made the server not require > authorization >>>>> to >>>>>>> send from both inside the network and outside the >>>>> network, >>>>>>> which means I get a lot of spam mail sent through my >>>>>>> server. With it disabled everything works correctly >>>>>>> (sending/receiving) except it required authorization >>> to >>>>>>> send, but both outside AND inside the network. That >>>>>>> stopped the spam, but I want it to not require the >>>>>>> authorization for inside the network. Thanks again. >>>>>>> >>>>>>> >>>>>>>>-----Original Message----- >>>>>>>>a) You need to enable anonymous auth (otherwise no > one >>>>> is >>>>>>> going to be able >>>>>>>>to send you mail from outside) >>>>>>>> >>>>>>>>b) The next question is - what are the IP addresses > of
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |