|
Home > Archive > IIS and SMTP > March 2004 > Windows 2003 SMTP/POP3 & Outlook XP/2k3
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Windows 2003 SMTP/POP3 & Outlook XP/2k3
|
|
| XP User 2004-03-09, 4:35 pm |
| Hi,
I've been reading alot on the two subjects above and seem to have a
problem I'm trying to solve.
I run a server that has Windows 2003 w/IIS (SMTP) and we're using the
POP3 as well with the Outlook client. The problem is that we're
tagged as an open relay on this one specific Email server and
obviously we want to make sure no-one is using it as such.
I have gone in and checked Authentication in SMTP is set to Anonymous
and Integrated as well as set it that ONLY the list below can relay
messages (and checked off that if they auth first...) making sure
there's no entries in who is allowed to relay.
Now the problem seems to be with Outlook that if you have it using the
same User ID and password to do outbound SMTP authentication it always
asks you for username and password. The problem there is that there
is no way to check ANY box (there isn't one there) to allow it to save
it. It's quite annoying but I'm looking for anyone with similar
solutions and how they handle this without 3rd party tools.
-MJ
| |
| m.marien 2004-03-09, 5:35 pm |
|
"XP User" <user1@senojfilms.com> wrote in message
news:b1e05ee5.0403091237.6eaf0499@posting.google.com...
> Hi,
>
> I've been reading alot on the two subjects above and seem to have a
> problem I'm trying to solve.
>
> I run a server that has Windows 2003 w/IIS (SMTP) and we're using the
> POP3 as well with the Outlook client. The problem is that we're
> tagged as an open relay on this one specific Email server and
> obviously we want to make sure no-one is using it as such.
>
> I have gone in and checked Authentication in SMTP is set to Anonymous
> and Integrated as well as set it that ONLY the list below can relay
> messages (and checked off that if they auth first...) making sure
> there's no entries in who is allowed to relay.
>
> Now the problem seems to be with Outlook that if you have it using the
> same User ID and password to do outbound SMTP authentication it always
> asks you for username and password. The problem there is that there
> is no way to check ANY box (there isn't one there) to allow it to save
> it. It's quite annoying but I'm looking for anyone with similar
> solutions and how they handle this without 3rd party tools.
>
> -MJ
If you can limit the list to IP address, then you don't need authentication.
Unclick the "Allow all computers ..". In my mind, it not a reliable method
when you set it to anonymous anyhow, as everybody can authenticate (no
username or password required). I think where this would be useful is if you
didn't know the IP address of your clients, then you could use
authentication but limit it to basic or integrated, and not anonymous.
I think MS SMTP servers appear to be an open relay on some tests even when
set up properly. The last time I checked mine, it was still failing.
| |
| Kristofer Gafvert 2004-03-09, 5:35 pm |
| Authenticate means that it requires a valid username and password. Anonymous
Access is required to be enabled if you want your SMTP Server to be able to
accept emails from other SMTP Servers (as those other servers will most
likely not have a valid username and password).
Relay and Access is NOT the same thing.
--
Regards,
Kristofer Gafvert - IIS MVP
Reply to newsgroup only. Remove NEWS if you must reply by email, but please
do not.
www.ilopia.com - FAQ and Tutorials for Windows Server 2003
"m.marien" <mm AT RiverCityCanada DOT com> wrote in message
news:104sgiog7s2ted@corp.supernews.com...
>
> "XP User" <user1@senojfilms.com> wrote in message
> news:b1e05ee5.0403091237.6eaf0499@posting.google.com...
>
> If you can limit the list to IP address, then you don't need
authentication.
> Unclick the "Allow all computers ..". In my mind, it not a reliable method
> when you set it to anonymous anyhow, as everybody can authenticate (no
> username or password required). I think where this would be useful is if
you
> didn't know the IP address of your clients, then you could use
> authentication but limit it to basic or integrated, and not anonymous.
>
> I think MS SMTP servers appear to be an open relay on some tests even when
> set up properly. The last time I checked mine, it was still failing.
>
>
>
| |
| m.marien 2004-03-09, 8:35 pm |
|
"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
news:u$spPWiBEHA.2796@TK2MSFTNGP09.phx.gbl...
> Authenticate means that it requires a valid username and password.
Anonymous
> Access is required to be enabled if you want your SMTP Server to be able
to
> accept emails from other SMTP Servers (as those other servers will most
> likely not have a valid username and password).
>
> Relay and Access is NOT the same thing.
>
So if I unselect the "Allow all computers ..." on the Relay button of the
Access tab, then other SMTP servers will *not* be able to access my SMTP
server to send it messages ?
> --
> Regards,
> Kristofer Gafvert - IIS MVP
> Reply to newsgroup only. Remove NEWS if you must reply by email, but
please
> do not.
> www.ilopia.com - FAQ and Tutorials for Windows Server 2003
>
>
> "m.marien" <mm AT RiverCityCanada DOT com> wrote in message
> news:104sgiog7s2ted@corp.supernews.com...
> authentication.
method[color=darkred]
> you
when[color=darkred]
>
>
| |
| Kristofer Gafvert 2004-03-10, 4:34 am |
| Hello,
Other SMTP Servers are not relaying thru you. They send emails to you. So,
it doesn't matter what the settings for relaying is, but you need to have
Anonymous Access enabled. If not, other SMTP servers will not be able to
establish a connection to your server, and deliver the emails to your users.
--
Regards,
Kristofer Gafvert - IIS MVP
Reply to newsgroup only. Remove NEWS if you must reply by email, but please
do not.
www.ilopia.com - FAQ and Tutorials for Windows Server 2003
"m.marien" <mm AT RiverCityCanada DOT com> wrote in message
news:104sqcmosc8kec0@corp.supernews.com...
>
> "Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
> news:u$spPWiBEHA.2796@TK2MSFTNGP09.phx.gbl...
> Anonymous
> to
>
> So if I unselect the "Allow all computers ..." on the Relay button of the
> Access tab, then other SMTP servers will *not* be able to access my SMTP
> server to send it messages ?
>
> please
the[color=darkred]
Anonymous[color=darkred]
the[color=darkred]
always[color=darkred]
save[color=darkred]
> method
if[color=darkred]
> when
>
>
| |
| XP User 2004-03-10, 10:36 am |
| Thanks for the responses...
I guess the question of the day becomes if I am using the "free" SMTP
and POP3 that comes with Server 2k3 - what are my options to get the
Open Relay piece under control and still be able to have users send
Email from their @domain.com that I'm hosting there?
I don't want users having to put passwords in every time they want to
send messages (would rather have that UID & PWD saved in the Outlook
client).
-MJ
"m.marien" <mm AT RiverCityCanada DOT com> wrote in message news:<104sqcmosc8kec0@corp.supernews.com>...[color=darkred]
> "Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message
> news:u$spPWiBEHA.2796@TK2MSFTNGP09.phx.gbl...
> Anonymous
> to
>
> So if I unselect the "Allow all computers ..." on the Relay button of the
> Access tab, then other SMTP servers will *not* be able to access my SMTP
> server to send it messages ?
>
> please
> authentication.
> method
> you
> when
| |
| Jeff Cochran 2004-03-10, 10:36 am |
| On 9 Mar 2004 12:37:50 -0800, user1@senojfilms.com (XP User) wrote:
>I've been reading alot on the two subjects above and seem to have a
>problem I'm trying to solve.
>
>I run a server that has Windows 2003 w/IIS (SMTP) and we're using the
>POP3 as well with the Outlook client. The problem is that we're
>tagged as an open relay on this one specific Email server and
>obviously we want to make sure no-one is using it as such.
>
>I have gone in and checked Authentication in SMTP is set to Anonymous
>and Integrated...
Anonymous means *anyone* can authenticate... 
>as well as set it that ONLY the list below can relay
>messages (and checked off that if they auth first...) making sure
>there's no entries in who is allowed to relay.
>
>Now the problem seems to be with Outlook that if you have it using the
>same User ID and password to do outbound SMTP authentication it always
>asks you for username and password. The problem there is that there
>is no way to check ANY box (there isn't one there) to allow it to save
>it. It's quite annoying but I'm looking for anyone with similar
>solutions and how they handle this without 3rd party tools.
You could check in an Outlook/Outlook Express group for details, but
you should be able to force authentication and use the Windows
authentication without having to provide credentials.
Jeff
| |
| XP User 2004-03-10, 5:35 pm |
| "Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message news:<eyb9$GoBEHA.3024@tk2msftngp13.phx.gbl>...
> Hello,
>
> Other SMTP Servers are not relaying thru you. They send emails to you. So,
> it doesn't matter what the settings for relaying is, but you need to have
> Anonymous Access enabled. If not, other SMTP servers will not be able to
> establish a connection to your server, and deliver the emails to your users.
>
> --
> Regards,
> Kristofer Gafvert - IIS MVP
> Reply to newsgroup only. Remove NEWS if you must reply by email, but please
> do not.
> www.ilopia.com - FAQ and Tutorials for Windows Server 2003
>
Not to say I told you so but according to the logs, there are 2
different groups sending emails THROUGH us as an open relay. The logs
prove it, the bounced emails from the spammer prove it and the error
messages prove it. Also none of the messages being sent were destined
for domains on our own server.
Someone has setup their email program to use the server that was setup
I can assure you it was one heck of a setup as they sent the same
message with a source of about 50-60 different sources (the email body
was the same which is what gave it away). The other piece to this is
that it's not a virus either so it's the weirdest thing I've seen in a
while.
I've since placed an SMTP Proxy server (there's a few to pick from -
charge and free ones) in between our IIS SMTP one and the INternet and
it's worked WONDERS with things. Our IIS SMTP is setup on another
port and the proxy runs on port 25 weeding out any Open relay
conditions by only accepting Email that's destined for the domains
that are hosted there. I also setup the clients for our domains to
now point to the IIS SMTP server to send mail which no longer runs on
port 25 and now is no longer as easily suseptible for being a relay.
Best solution I could come up with short-term to stop somewhere around
100-200k of emails from going through as they have the last 2-3 days.
[color=darkred]
>
> "m.marien" <mm AT RiverCityCanada DOT com> wrote in message
> news:104sqcmosc8kec0@corp.supernews.com...
> Anonymous
> to
> please
> the
> Anonymous
> the
> always
> save
> authentication.
> method
> if
> you
> when
| |
| Jeff Cochran 2004-03-10, 5:35 pm |
| On 10 Mar 2004 07:18:48 -0800, user1@senojfilms.com (XP User) wrote:
>I guess the question of the day becomes if I am using the "free" SMTP
>and POP3 that comes with Server 2k3 - what are my options to get the
>Open Relay piece under control and still be able to have users send
>Email from their @domain.com that I'm hosting there?
Try here:
http://support.microsoft.com/defaul...duct=sbserv2003
Yeah, it says Exchange and Small Business Server, but the SMTP part is
the same.
Jeff
[color=darkred]
>I don't want users having to put passwords in every time they want to
>send messages (would rather have that UID & PWD saved in the Outlook
>client).
>
>-MJ
>
>"m.marien" <mm AT RiverCityCanada DOT com> wrote in message news:<104sqcmosc8kec0@corp.supernews.com>...
| |
| Jeff Cochran 2004-03-11, 11:37 am |
| On 10 Mar 2004 13:54:17 -0800, user1@senojfilms.com (XP User) wrote:
>"Kristofer Gafvert" <kgafvert@NEWSilopia.com> wrote in message news:<eyb9$GoBEHA.3024@tk2msftngp13.phx.gbl>...
>
>Not to say I told you so but according to the logs, there are 2
>different groups sending emails THROUGH us as an open relay. The logs
>prove it, the bounced emails from the spammer prove it and the error
>messages prove it. Also none of the messages being sent were destined
>for domains on our own server.
How about posting the log file snippets?
Jeff
[color=darkred]
>Someone has setup their email program to use the server that was setup
>I can assure you it was one heck of a setup as they sent the same
>message with a source of about 50-60 different sources (the email body
>was the same which is what gave it away). The other piece to this is
>that it's not a virus either so it's the weirdest thing I've seen in a
>while.
>
>I've since placed an SMTP Proxy server (there's a few to pick from -
>charge and free ones) in between our IIS SMTP one and the INternet and
>it's worked WONDERS with things. Our IIS SMTP is setup on another
>port and the proxy runs on port 25 weeding out any Open relay
>conditions by only accepting Email that's destined for the domains
>that are hosted there. I also setup the clients for our domains to
>now point to the IIS SMTP server to send mail which no longer runs on
>port 25 and now is no longer as easily suseptible for being a relay.
>
>Best solution I could come up with short-term to stop somewhere around
>100-200k of emails from going through as they have the last 2-3 days.
>
|
|
|
|
|