RE: smtp 127.0.0.1
- From: "Tony Su" <TonySu@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Dec 2005 13:18:02 -0800
Hello Dean,
"It just does."
And, there's nothing anyone can do about it.
Actually 127.0.0.1 might be useful at times because app codewriters often
just assume that address will work for sending mail (among other things), so
I'm guessing that the SBS team just enabled it to avoid service calls. You're
right though, that a default SBS installation doesn't need it and it probably
shouldn't be configured until and unless it's needed by a third party app.
While you're removing the loopback address, I also <highly> recommend you
remove the external IP address from the list of addresses permitted to send
through the SMTP relay (I won't explain why on a public list). Better yet, MS
Exchange "Best Practices" recommends if you're not running a third party app,
then it's best to leave the list completely empty and just permit Windows
Authenticated connections.
--
Tony Su
www.su-networking.com
ISA
SBS
Enterprise Mobile Solutions Architect
""Nathan Liu [MSFT]"" wrote:
> Hello Dean,
>
> Thank you for posting in the SBS newsgroup.
>
> According to your description, I understand that you would like to know
> that why the CEICW add the 127.0.0.1 back to the "Default SMTP Virtual
> Server/Relay Restrictions" list, when we run CEICW to configure Exchange
> component every time. If I have misunderstood the problem, please don't
> hesitate to let me know.
>
> 1. Please note that if you did not create a server publishing rule to
> publish the Exchange SMTP service, we can just go ahead to run CEICW which
> do all the things to secure Exchange and allow external SMTP connections.
> In this scenario, we do not need to remove the 127.0.0.1 IP.
>
> The SBS 2003 server is an integrated solution. We design the CEICW
> according to the following scenario:
>
> 1) SMTP service running on the SBS server
>
> 2) The SBS local SMTP service is responsible for e-mail delivery
>
> 3) The SMTP service is listening on all interfaces of the server.
>
> 4) The incoming SMTP requests are allowed by the packet filter.
>
> Based on the above criteria, the CEICW actually add the following addresses
> into the relay list:
>
> External IP address of the server
>
> Internal IP address of the server
>
> 127.0.0.1
>
> By default, when we run the CEICW to configure the ISA and Exchange
> components, the CEICW will automatically create a "IP Packet Filter" which
> names as "SBS SmtpPredefinedType" to enable SMTP incoming from the
> Internet. Therefore, we don't need to manually create a server publishing
> rule to publish the Exchange SMTP service on SBS 2003 Server.
>
> To check the "SBS SmtpPredefinedType" packet filter, please open the ISA
> Management Console, expand Servers and Arrays, expand Computer name, go to
> Access Policy -> IP Packet Filters, locate the "SBS SmtpPredefinedType" in
> the left box.
>
> 2. If you have manually created a server publishing rule to publish SMTP,
> we need follow this KB article 324958 to examine ISA Server configuration.
> However, since we have manually create a server publishing rule to publish
> SMTP Service for incoming SMTP service from the Internet, we can safely
> skip the Exchange Server component configuration part (When we are running
> the CEICW, in the "Internet E-mail" page, choose "Do not change Internet
> e-mail configuration" check box), when we are running the CEICW.
>
> More information:
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
> http://support.microsoft.com/?id=825763
>
> 324958 How to block open SMTP relaying and clean up Exchange Server SMTP
> queues
> http://support.microsoft.com/?id=324958
>
> 895853 How to troubleshoot mail relay issues in Exchange Server 2003 and in
> http://support.microsoft.com/?id=895853
>
> I appreciate your time and cooperation. If anything is unclear, please feel
> free to let me know. I am looking forward to hearing from you.
>
> Best regards,
>
> Nathan Liu (MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> --------------------
> >From: "Dean Collins" <collins_dean"spam-me-here"@hotmail.com>
> >Newsgroups: microsoft.public.windows.server.sbs
> >Subject: smtp 127.0.0.1
> >Lines: 24
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
> >X-RFC2646: Format=Flowed; Original
> >Message-ID: <PJqjf.20690$ek6.12739@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> >Date: Wed, 30 Nov 2005 23:38:23 GMT
> >NNTP-Posting-Host: 72.225.232.127
> >X-Complaints-To: abuse@xxxxxx
> >X-Trace: news-wrt-01.rdc-nyc.rr.com 1133393903 72.225.232.127 (Wed, 30 Nov
> 2005 18:38:23 EST)
> >NNTP-Posting-Date: Wed, 30 Nov 2005 18:38:23 EST
> >Organization: Road Runner High Speed Online http://www.rr.com
> >Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
> ne.de!newshub.sdsu.edu!newsfeed.news2me.com!newsfeed2.easynews.com!easynews.
> com!easynews!news-west.rr.com!news-wrt-01.rdc-nyc.rr.com!news-feed-01.rdc-ny
> c.rr.com!news.rr.com!news-out.nyc.rr.com!news-wrt-01.rdc-nyc.rr.com.POSTED!5
> 3ab2750!not-for-mail
> >Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:226814
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >Acording to this
> >http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958
> >
> >Each time you run CEIW it re adds 127.0.0.1 to the authorised list.
> >
> >Note The Internet Connection Wizard and the Configure E-mail and Internet
> >Connection Wizard add a packet filter to ISA Server to enable SMTP
> incoming
> >from the Internet. If you want to continue to use a server publishing rule
> >for the SMTP protocol, make sure 127.0.0.1 is not in the allowed relay
> list
> >in Exchange. If you run the Configure E-mail and Internet Connection
> Wizard
> >in Windows Small Business Server 2003 and choose the option to configure
> >Exchange, 127.0.0.1 will be added back. You must remember to remove the
> >address every time that you run the Configure E-mail and Internet
> Connection
> >Wizard and configure Exchange. This issue does not occur in SBS 2000.
> >
> >
> >
> >Can anyone explain why this happens? also why does it wipe out your
> approved
> >list each time?
> >
> >Cheers,
> >Dean
> >
> >
> >
>
>
.
- References:
- smtp 127.0.0.1
- From: Dean Collins
- RE: smtp 127.0.0.1
- From: "Nathan Liu [MSFT]"
- smtp 127.0.0.1
- Prev by Date: Re: Particular domain name with-in the SBS DNS Console to resolve it IP address
- Next by Date: RE: splitting network between sbs 2003 and server 2000
- Previous by thread: RE: smtp 127.0.0.1
- Next by thread: RE: smtp 127.0.0.1
- Index(es):
Relevant Pages
|
