Re: Properly configuring SMTP Service
- From: "Sanford Whiteman" <swhitemanlistens-software@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 07 Jun 2007 16:14:07 -0400
Okay, that is kind of what I thought. So what are the rules for
which destination addresses that are allowed and which are not? It
seems (through my limited experimentation) that the only allowed
destinations are those that happen to be being hosted by my local
server. That is, I can only send to someone who has an account on my
server (family members), but no one else. Is that right?
Yes, your POP3 domains are hooked as local domains by the SMTP
service, and as long as a given session does not have any elevated
authorization (through SMTP AUTH credentials or being on a list of
source IP addresses), it can only send mail to those local domains.
I do not allow (wide open) relaying. I only allow relaying for one
(local) computer which sends mail nightly using a command line email
program (blat.exe). I have enabled the option, "Allow all computers
which successfully authenticate to relay, regardless of the list
above". I believe this is the correct configuration for safety's
sake (to prevent spammers from using my server).
Yes, that is correct.
Apparently, the 'relay' settings prevent that, even if they can
authenticate. So they can spam me (and anyone with an account on my
server), but cannot use my server to do mass mailing (via relay). Is
that correct?
Yes; see my earlier message. It's a misnomer to refer (not blaming
you) to "anonymous" as an SMTP authentication method, since the
(E)SMTP protocol is very specific about where and what authentication
methods may be used, and "no authentication" is not an authentication
method!
So it would seem that I already have my server (mostly) configured
correctly.
Yes.
The only remaining problem is allowing me to send mail through my
server when I am away from home (when I have Internet access from a
hotel, for instance), or to allow my grandfather to send mail, both
of which presumably require relaying. I *thought* that using
"Integrated Windows Authentication" and creating a user account on
the server (which is then specified somewhere in the mail client)
would give me that ability, but that does not appear to be the case,
or else I am missing some other crucial piece of information.
No, you are on the right trail. That's SMTP AUTH. The settings *other
than* 'Anonymous Access' under `Access Control - Authentication` are
the SMTP AUTH mechanisms that your server will support.
'Basic Auth' is the AUTH LOGIN mechanism, which should be supported by
all mail clients; it's not encrypted, which means your credentials can
be sniffed, but it is by far the more portable of the auth mechanisms
supported by IIS SMTP. Set the mail client to use your Windows
username + password to log in to the SMTP server, and make sure that
you *are* logging in -- some mail clients assume you don't need to log
to send mail.
'Integrated Windows Auth' is the secure auth mechanism AUTH GSSAPI
NTLM, but it isn't even supported by all *Microsoft*-brand mail
clients, so I'd leave it alone for your purposes.
--Sandy
.
- Follow-Ups:
- Re: Properly configuring SMTP Service
- From: Dennis Jones
- Re: Properly configuring SMTP Service
- References:
- Properly configuring SMTP Service
- From: Dennis Jones
- Re: Properly configuring SMTP Service
- From: Sanford Whiteman
- Re: Properly configuring SMTP Service
- From: Dennis Jones
- Properly configuring SMTP Service
- Prev by Date: Re: Properly configuring SMTP Service
- Next by Date: Re: IIS 5's SMTP and Stopping NDR's ?
- Previous by thread: Re: Properly configuring SMTP Service
- Next by thread: Re: Properly configuring SMTP Service
- Index(es):
Relevant Pages
|
