| Groups | Blog | Home |
iis smtp nntp : More Authorization Questions
to set my smtp service up so that it requires authentication, and yet still be able to receive emails from the outside world? If it's not possible that really makes for a hard decision. Do I want to leave my email server open for anonymous relay and have spammers use my server freely, or do I want to enforce authentication and not be able to receive any email from the outside world because the other email servers don't have authorization? I tried adding IP ranges to the Relay Restrictions list, but that didn't do any good. It's as if the SMTP service is ignoring that list when it decides whether or not to
It must be possible - I've had 4 Exchange 2000 servers set
up this way for years. I seem to remember the problem you are having. I believe those IP addresses that you are allowing will only take effect after a reboot. If that doesn't work for you, email me and I will connect to my server and poke around. [quoted text, click to view] >-----Original Message-----
>This doesn't make much sense to me.... Is it not possible >to set my smtp service up so that it requires >authentication, and yet still be able to receive emails >from the outside world? If it's not possible that really >makes for a hard decision. Do I want to leave my email >server open for anonymous relay and have spammers use my >server freely, or do I want to enforce authentication and >not be able to receive any email from the outside world >because the other email servers don't have authorization? >I tried adding IP ranges to the Relay Restrictions list, >but that didn't do any good. It's as if the SMTP service >is ignoring that list when it decides whether or not to >accept an email. What am I missing here? >.
Authentication: I have all three methods of
authentication turned on. Connection: All except list below - nothing in list Relay Restrictions: Only the list below - which has the IPs; allow all computers which succesfully authenticate to relay is Checked. Now I remember the problems I ran into: All smtp traffic (port 25) was blocked between the allowed IP's and the email server (someone installed a firewall and blocked port 25 in order to combat worms and zombies). This doesn't sound related to your problem - although you might want to make sure you can telnet to port 25 on your mail server from inside your network. The large IP ranges didn't seem to work - although I can't recall confirming the problem. I replaced the large ranges with a bunch of small blocks: x.x.x.1 (255.255.255.0) Then I rebooted and then everything worked properly. Hope this helps. Joe btw- exchange's Queue management might be worth the switch, but I'm sure you'll need to solve this problem first. [quoted text, click to view] >Sent: Friday, August 20, 2004 12:51 PM >Subject: SMTP Auth Help [quoted text, click to view] >I tried rebooting the server, and that didn't seem to fix
>it. The server is running windows server 2003 enterprise >edition. It is also behind the firewall. Do I need to put >it in the DMZ for this to work properly? If I do, I'm >just going to go ahead and get another computer and put >Exchange on it. Thanks for the help. >-----Original Message----- >It must be possible - I've had 4 Exchange 2000 servers set >up this way for years. > >I seem to remember the problem you are having. I believe >those IP addresses that you are allowing will only take >effect after a reboot. If that doesn't work for you, >email me and I will connect to my server and poke around. > > >>-----Original Message----- >>This doesn't make much sense to me.... Is it not possible >>to set my smtp service up so that it requires >>authentication, and yet still be able to receive emails >>from the outside world? If it's not possible that really >>makes for a hard decision. Do I want to leave my email >>server open for anonymous relay and have spammers use my >>server freely, or do I want to enforce authentication and >>not be able to receive any email from the outside world >>because the other email servers don't have authorization? >>I tried adding IP ranges to the Relay Restrictions list, >>but that didn't do any good. It's as if the SMTP service >>is ignoring that list when it decides whether or not to >>accept an email. What am I missing here? >>. >> >.
I am using SMTP Virutal Server for IIS in Windows Server
2003. Something else I should mention is the server is not in the DMZ. All of the correct ports are forwarded though (25 and 110). I went to 'Properties' on the Virtual Server and clicked the 'Access' tab. Then I added the IP ranges 192.168.0.0/255.255.255.0, 10.10.0.0/255.255.255.128, and 127.0.0.1 under the Relay Restrictions option. I've rebooted the server several times and it has not fixed the problem :( [quoted text, click to view] >-----Original Message-----
>On Fri, 20 Aug 2004 06:59:00 -0700, "Evan" <grime@forbiddenninja.com> >wrote: > >>This doesn't make much sense to me.... Is it not possible >>to set my smtp service up so that it requires >>authentication, and yet still be able to receive emails >>from the outside world? > >No. If you want systems to authenticate, then you can't accept mail >from systems that don't authenticate. > >>If it's not possible that really >>makes for a hard decision. Do I want to leave my email >>server open for anonymous relay and have spammers use my >>server freely, or do I want to enforce authentication and >>not be able to receive any email from the outside world >>because the other email servers don't have authorization? > >You're confusing relaying with authenticating. They're not the same >thing. > >>I tried adding IP ranges to the Relay Restrictions list, >>but that didn't do any good. It's as if the SMTP service >>is ignoring that list when it decides whether or not to >>accept an email. What am I missing here? > >What OS and version of SMTP? I think you may be missing where to set >relay restrictions, but it may be a case of not stopping and >restarting the SMTP services. > >Jeff >.
On Fri, 20 Aug 2004 06:59:00 -0700, "Evan" <grime@forbiddenninja.com>
[quoted text, click to view] wrote: >This doesn't make much sense to me.... Is it not possible >to set my smtp service up so that it requires >authentication, and yet still be able to receive emails >from the outside world? No. If you want systems to authenticate, then you can't accept mail from systems that don't authenticate. [quoted text, click to view] >If it's not possible that really >makes for a hard decision. Do I want to leave my email >server open for anonymous relay and have spammers use my >server freely, or do I want to enforce authentication and >not be able to receive any email from the outside world >because the other email servers don't have authorization? You're confusing relaying with authenticating. They're not the same thing. [quoted text, click to view] >I tried adding IP ranges to the Relay Restrictions list, >but that didn't do any good. It's as if the SMTP service >is ignoring that list when it decides whether or not to >accept an email. What am I missing here? What OS and version of SMTP? I think you may be missing where to set relay restrictions, but it may be a case of not stopping and restarting the SMTP services.
You need to understand the difference between Authentication, and Relaying.
So if you use Anonymous Access and Windows Authentication, you make it possible for other servers to connect to your server, and it is possible for users to authenticate using a username and password. If you for relaying set "Allow all computers which successfully...", and "Only the list below" and leaves the list empty, all users which successfully authenticate (using a username and password) will be able to relay (send emails), and no others can send emails using your email server. -- Regards, Kristofer Gafvert http://www.ilopia.com [quoted text, click to view] "Evan" <grime@forbiddenninja.com> wrote in message news:9b6601c486bd$d850a040$a501280a@phx.gbl... > This doesn't make much sense to me.... Is it not possible > to set my smtp service up so that it requires > authentication, and yet still be able to receive emails > from the outside world? If it's not possible that really > makes for a hard decision. Do I want to leave my email > server open for anonymous relay and have spammers use my > server freely, or do I want to enforce authentication and > not be able to receive any email from the outside world > because the other email servers don't have authorization? > I tried adding IP ranges to the Relay Restrictions list, > but that didn't do any good. It's as if the SMTP service > is ignoring that list when it decides whether or not to > accept an email. What am I missing here?
The next thing I would try is removing all those IP's and
adding single IP address. Reboot. Then try telneting to port 25 from that IP address: From the command prompt: Telnet x.x.x.x 25 EHLO QUIT If that works, try sending a message without the authentication. If that works, it is the way you are entering the IP addresses. Also, I'm not sure why you need the localhost (127.0.0.1) in there. [quoted text, click to view] >-----Original Message-----
>I am using SMTP Virutal Server for IIS in Windows Server >2003. Something else I should mention is the server is not >in the DMZ. All of the correct ports are forwarded though >(25 and 110). I went to 'Properties' on the Virtual Server >and clicked the 'Access' tab. Then I added the IP ranges >192.168.0.0/255.255.255.0, 10.10.0.0/255.255.255.128, and >127.0.0.1 under the Relay Restrictions option. I've >rebooted the server several times and it has not fixed the >problem :( > > >>-----Original Message----- >>On Fri, 20 Aug 2004 06:59:00 -0700, "Evan" ><grime@forbiddenninja.com> >>wrote: >> >>>This doesn't make much sense to me.... Is it not >possible >>>to set my smtp service up so that it requires >>>authentication, and yet still be able to receive emails >>>from the outside world? >> >>No. If you want systems to authenticate, then you can't >accept mail >>from systems that don't authenticate. >> >>>If it's not possible that really >>>makes for a hard decision. Do I want to leave my email >>>server open for anonymous relay and have spammers use my >>>server freely, or do I want to enforce authentication >and >>>not be able to receive any email from the outside world >>>because the other email servers don't have authorization? >> >>You're confusing relaying with authenticating. They're >not the same >>thing. >> >>>I tried adding IP ranges to the Relay Restrictions list, >>>but that didn't do any good. It's as if the SMTP service >>>is ignoring that list when it decides whether or not to >>>accept an email. What am I missing here? >> >>What OS and version of SMTP? I think you may be missing >where to set >>relay restrictions, but it may be a case of not stopping >and >>restarting the SMTP services. >> >>Jeff >>. >> >.
Evan,
We've been over this in your previous thread. Unless there is something about your setup that you're not telling us, the configurations posted previously will work. Otherwise, can you tell us how you know that spammers are using your mail server as an open relay? Thanks Cheers Ken [quoted text, click to view] "Evan" <grime@forbiddenninja.com> wrote in message news:30a001c48710$e8a59a10$a301280a@phx.gbl... >I am using SMTP Virutal Server for IIS in Windows Server > 2003. Something else I should mention is the server is not > in the DMZ. All of the correct ports are forwarded though > (25 and 110). I went to 'Properties' on the Virtual Server > and clicked the 'Access' tab. Then I added the IP ranges > 192.168.0.0/255.255.255.0, 10.10.0.0/255.255.255.128, and > 127.0.0.1 under the Relay Restrictions option. I've > rebooted the server several times and it has not fixed the > problem :( > > >>-----Original Message----- >>On Fri, 20 Aug 2004 06:59:00 -0700, "Evan" > <grime@forbiddenninja.com> >>wrote: >> >>>This doesn't make much sense to me.... Is it not > possible >>>to set my smtp service up so that it requires >>>authentication, and yet still be able to receive emails >>>from the outside world? >> >>No. If you want systems to authenticate, then you can't > accept mail >>from systems that don't authenticate. >> >>>If it's not possible that really >>>makes for a hard decision. Do I want to leave my email >>>server open for anonymous relay and have spammers use my >>>server freely, or do I want to enforce authentication > and >>>not be able to receive any email from the outside world >>>because the other email servers don't have authorization? >> >>You're confusing relaying with authenticating. They're > not the same >>thing. >> >>>I tried adding IP ranges to the Relay Restrictions list, >>>but that didn't do any good. It's as if the SMTP service >>>is ignoring that list when it decides whether or not to >>>accept an email. What am I missing here? >> >>What OS and version of SMTP? I think you may be missing > where to set >>relay restrictions, but it may be a case of not stopping > and >>restarting the SMTP services. >> >>Jeff >>. >>
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |