 |
|
 |
|
|
 |
Setting up SMTP for outbound mail only |
 |
 |
|
|
12-02-07 12:21 AM
We have installed a TFS server for development which requires a
non-authenticated SMTP server for event notification. We have an external
mail server that requires authentication, so we cannot use that for this
purpose. So I am wondering if the smtp service can be configure do do this
without becoming vulnerable to external attack (I was warned that if it is
used as a relay server our IP addresses could be blacklisted).
Basically, all I want is, for example, new Work Item assignments to be
emailed to the effected developer, etc... they will NOT be receiving mail
from this service but, instead, use our standard mail service for this. It
will only be used to send mail to them.
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 12:21 AM
> So I am wondering if the smtp service can be configure do do this
> without becoming vulnerable to external attack
Of course.
There are two ways to restrict relaying for unknown remote domains: by
requiring SMTP AUTH credentials or by requiring that sessions come
from a known IP.
In Access-Relay Restrictions-Relay, you select `Only the list below`
and list the allowed IPs. For example, if the SMTP service is running
in the server as your app, just allow relay from 127.0.0.1. Better
yet, only allow _connections_ from 127.0.0.1 as well
(Access-Connection control-Connection).
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 12:21 AM
Thanks. This is helpful.
I forgot to ask. would it be advisable to block inbound traffic on port 25
at the firewall if I am only going to be sending email from this server?
"Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote
in message news:op.t2ogcl146c17zw@gw02.broadleaf.local...
>
> Of course.
>
> There are two ways to restrict relaying for unknown remote domains: by
> requiring SMTP AUTH credentials or by requiring that sessions come
> from a known IP.
>
> In Access-Relay Restrictions-Relay, you select `Only the list below`
> and list the allowed IPs. For example, if the SMTP service is running
> in the server as your app, just allow relay from 127.0.0.1. Better
> yet, only allow _connections_ from 127.0.0.1 as well
> (Access-Connection control-Connection).
>
> --Sandy
>
>
>
> ------------------------------------
> Sanford Whiteman, Chief Technologist
> Broadleaf Systems, a division of
> Cypress Integrated Systems, Inc.
> ------------------------------------
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 12:21 AM
> I forgot to ask. would it be advisable to block inbound traffic on port
> 25 at the firewall if I am only going to be sending email from this
> server?
Of course.
An outbound gateway is under no obligation to accept inbound connections.
It is obliged to pass the PTR-HELO-A roundtrip configuration test, of
course.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 12:21 AM
"Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote
in message news:op.t2ojehsb6c17zw@gw02.broadleaf.local...
>
> Of course.
>
> An outbound gateway is under no obligation to accept inbound connections.
>
> It is obliged to pass the PTR-HELO-A roundtrip configuration test, of
> course.
>
> --Sandy
Sorry, You're over my head with this one (I have never configured SMTP
services before). Is there something I need to do to assure PTR-HELO-A is
being passed?
I am also seeing the following smptsvc error events which I haven't got a
clue abou (and wondering if this may be related to why none of my email is
being delivered)t:
Event Type: Warning
Event Source: smtpsvc
Event Category: None
Event ID: 4000
Date: 12/1/2007
Time: 1:34:30 PM
User: N/A
Computer: ATHENA
Description:
Message delivery to the remote domain 'live.com' failed for the following
reason: Unable to bind to the destination server in DNS.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 02 04 c0 Õ..À
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 12:21 AM
> Is there something I need to do assure PTR-HELO-A is being passed?
Several things. Please search the archives of this list and read my
past posts on this topic.
> I am also seeing the following smptsvc error events...
Is this server's DNS resolver capable of resolving remote domains?
What happens when, from the mailserver, you run
nslookup -q=3Dmx live.com
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 06:35 AM
Lines: 26
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
NNTP-Posting-Host: adsl-216-101-221-60.dsl.lsan03.pacbell.net 216.101.221.60
Xref: leafnode.mcse.ms microsoft.public.inetserver.iis.smtp_nntp:934
>Is this server's DNS resolver capable of resolving remote domains?
>What happens when, from the mailserver, you run
>
> nslookup -q=mx live.com
C:\Documents and Settings\Bill>nslookup -q=mx live.com
*** Can't find server name for address 172.30.10.1: Non-existent domain
Server: UnKnown
Address: 172.30.10.1
Non-authoritative answer:
live.com MX preference = 5, mail exchanger = mx1.hotmail.com
live.com MX preference = 5, mail exchanger = mx2.hotmail.com
live.com MX preference = 5, mail exchanger = mx3.hotmail.com
live.com MX preference = 5, mail exchanger = mx4.hotmail.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 06:28 PM
Lines: 45
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
NNTP-Posting-Host: adsl-216-101-221-60.dsl.lsan03.pacbell.net 216.101.221.60
Xref: leafnode.mcse.ms microsoft.public.inetserver.iis.smtp_nntp:935
>Is this server's DNS resolver capable of resolving remote domains?
>What happens when, from the mailserver, you run
>
> nslookup -q=mx live.com
Interesting. I added another DNS server that is in a different domain and
ran the above command twice, with two different results:
C:\Documents and Settings\Bill>nslookup -q=mx live.com
Server: hermes.exch.local
Address: 192.168.254.242
Non-authoritative answer:
live.com MX preference = 5, mail exchanger = mx1.hotmail.com
live.com MX preference = 5, mail exchanger = mx2.hotmail.com
live.com MX preference = 5, mail exchanger = mx3.hotmail.com
live.com MX preference = 5, mail exchanger = mx4.hotmail.com
C:\Documents and Settings\Bill>nslookup -q=mx live.com
Server: hermes.exch.local
Address: 192.168.254.242
Non-authoritative answer:
live.com MX preference = 5, mail exchanger = mx1.hotmail.com
live.com MX preference = 5, mail exchanger = mx2.hotmail.com
live.com MX preference = 5, mail exchanger = mx3.hotmail.com
live.com MX preference = 5, mail exchanger = mx4.hotmail.com
mx1.hotmail.com internet address = 65.54.245.8
mx1.hotmail.com internet address = 65.54.244.8
mx1.hotmail.com internet address = 65.54.244.136
mx2.hotmail.com internet address = 65.54.245.40
mx2.hotmail.com internet address = 65.54.244.40
mx2.hotmail.com internet address = 65.54.244.168
mx3.hotmail.com internet address = 65.54.244.200
mx3.hotmail.com internet address = 65.54.245.72
mx3.hotmail.com internet address = 65.54.244.72
mx4.hotmail.com internet address = 65.54.244.232
mx4.hotmail.com internet address = 65.54.245.104
mx4.hotmail.com internet address = 65.54.244.104
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 06:28 PM
Lines: 26
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
NNTP-Posting-Host: adsl-216-101-221-60.dsl.lsan03.pacbell.net 216.101.221.60
Xref: leafnode.mcse.ms microsoft.public.inetserver.iis.smtp_nntp:936
Ok... I tried it again, this time getting rid of the alternate DNS that is
not part of this development domain. I got the following, however it doesn't
seem to know the DC server name for some reason. Is that a problem?:
C:\Documents and Settings\Bill>nslookup -q=mx live.com
*** Can't find server name for address 172.30.10.1: Non-existent domain
Server: UnKnown
Address: 172.30.10.1
Non-authoritative answer:
live.com MX preference = 5, mail exchanger = mx3.hotmail.com
live.com MX preference = 5, mail exchanger = mx4.hotmail.com
live.com MX preference = 5, mail exchanger = mx1.hotmail.com
live.com MX preference = 5, mail exchanger = mx2.hotmail.com
mx3.hotmail.com internet address = 65.54.244.200
mx3.hotmail.com internet address = 65.54.245.72
mx3.hotmail.com internet address = 65.54.244.72
mx1.hotmail.com internet address = 65.54.244.136
mx1.hotmail.com internet address = 65.54.245.8
mx1.hotmail.com internet address = 65.54.244.8
mx2.hotmail.com internet address = 65.54.245.40
mx2.hotmail.com internet address = 65.54.244.40
mx2.hotmail.com internet address = 65.54.244.168
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Setting up SMTP for outbound mail only |
|
|
|
|
12-02-07 06:28 PM
> I got the following, however it doesn't seem to know the DC server
> name for some reason. Is that a problem?:
It's a problem for nslookup itself, but should not otherwise cause
direct problems with DNS resolution. However, it usually points to
other flaws in your DNS configuration. Why is 172.30.10.1 unable to
resolve reverse DNS (PTR) records for its IP?
Anyway, from your previous results, it appears that both of your DNS
servers are having sporadic errors. Does your firewall allow both TCP
and UDP 53 communications? Do you have EDNS0 turned off on your DNS
server?
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 06:37 PM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
