|
Home > Archive > IIS and SMTP > February 2005 > Allow POP3 but block sending mail
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Allow POP3 but block sending mail
|
|
| Jim Carlson 2005-02-22, 5:52 pm |
| I want our users to send mail through an ISP rather than our server but be
able to collect mail from our server using POP3. How might I configure
SMTP/POP3 to accomplish this?
Jim Carlson
| |
| WingFan 2005-02-23, 6:00 pm |
| In your e-mail client configuration, simply put your server name/address for
the POP3 server and put your ISP's SMTP server name/address for the STMP
server. The only caveat is that your ISP may need to be configured to accept
relay requests from your users. Most SMTP servers are configured to restrict
relay access based on IP ADDRESS, EMAIL DOMAIN, or USER AUTHENTICATION (or a
combination). IP & DOMAIN are the most common methods used. If your email
domain is not authorized to relay thru their system, then the mail will get
rejected. If they host/manage your domain for you, then it shouldn't be a
problem. For the most part POP3 & SMTP are basically unrelated, beyond the
point that they are e-mail protocols. Often they are both on the same server
and use mutual authenticaton information, but they by no means have to or
neet to be.
Eric
"Jim Carlson" wrote:
> I want our users to send mail through an ISP rather than our server but be
> able to collect mail from our server using POP3. How might I configure
> SMTP/POP3 to accomplish this?
>
> Jim Carlson
>
>
>
| |
| Jim Carlson 2005-02-25, 5:55 pm |
| Thank you for your reply. But what if a user doesn't change the outgoing
smtp server name? How can I insure their outgoing mail will be rejected by
our server?
Thanks,
Jim Carlson
"WingFan" <WingFan@discussions.microsoft.com> wrote in message
news:64DFD0EF-BDB8-46FD-A40D-2AEED8429B36@microsoft.com...[vbcol=seagreen]
> In your e-mail client configuration, simply put your server name/address
> for
> the POP3 server and put your ISP's SMTP server name/address for the STMP
> server. The only caveat is that your ISP may need to be configured to
> accept
> relay requests from your users. Most SMTP servers are configured to
> restrict
> relay access based on IP ADDRESS, EMAIL DOMAIN, or USER AUTHENTICATION (or
> a
> combination). IP & DOMAIN are the most common methods used. If your email
> domain is not authorized to relay thru their system, then the mail will
> get
> rejected. If they host/manage your domain for you, then it shouldn't be a
> problem. For the most part POP3 & SMTP are basically unrelated, beyond
> the
> point that they are e-mail protocols. Often they are both on the same
> server
> and use mutual authenticaton information, but they by no means have to or
> neet to be.
>
> Eric
>
>
> "Jim Carlson" wrote:
>
| |
| WingFan 2005-02-25, 5:55 pm |
| Well, I'm not sure how your network is configured, but I'll assume you just
want to restrict your LAN users from using it. I would just configure
Connection Control on the Virtual Server to restrict your LAN IP subnet, or
at least the portion of it that your users are on. It can be confiigured to
restrict by individual IP address(es), by IP subnet(s), or by DNS domain
name. You can find these setting on the Access tab of the SMTP Virtual
Server Properties page. Just be sure to select the "All except the list
below" option (the list being your users' IP addresses), or you'll restrict
inbound connections that are trying to deliver mail to your server. Then set
the Relay Restrictions to only allow your mail server and any specific
machines that you do want to use it for sending. The relay restriction isn't
so much to prevent your users from sending thru it (if they can't connect,
then they obviously can't relay), but is more to avoid becoming a spam relay.
Hope that helps. Let me know if you have questions configuring either of
these.
Eric
"Jim Carlson" wrote:
> Thank you for your reply. But what if a user doesn't change the outgoing
> smtp server name? How can I insure their outgoing mail will be rejected by
> our server?
>
> Thanks,
>
> Jim Carlson
>
> "WingFan" <WingFan@discussions.microsoft.com> wrote in message
> news:64DFD0EF-BDB8-46FD-A40D-2AEED8429B36@microsoft.com...
>
>
>
| |
| Jeff Cochran 2005-02-25, 5:55 pm |
| On Fri, 25 Feb 2005 15:17:56 -0500, "Jim Carlson" <jim@erwinroots.net>
wrote:
>Thank you for your reply. But what if a user doesn't change the outgoing
>smtp server name? How can I insure their outgoing mail will be rejected by
>our server?
Only relay for the server itself, forcing a login and authentication.
Then don't give them an account or password.
Jeff
>Jim Carlson
>
>"WingFan" <WingFan@discussions.microsoft.com> wrote in message
>news:64DFD0EF-BDB8-46FD-A40D-2AEED8429B36@microsoft.com...
>
| |
| WingFan 2005-02-25, 5:55 pm |
| That would work, too. I'm just not fond of using login authentication on
SMTP. It makes it a target for dictionary attacks. IP restrictions work
well for LAN's w/private IP scheme's since spoofing a private IP address
range from the WAN side won't get very far.
"Jeff Cochran" wrote:
> On Fri, 25 Feb 2005 15:17:56 -0500, "Jim Carlson" <jim@erwinroots.net>
> wrote:
>
>
> Only relay for the server itself, forcing a login and authentication.
> Then don't give them an account or password.
>
> Jeff
>
>
>
>
|
|
|
|
|