Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SMTP access for external clients
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SMTP access for external clients - 14.May2002 10:22:00 PM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
Hi there, I have an internal E2K server behind ISA. Everything is fine, and I use OWA to access my mail externally. However now we have some clients who want to use POP3 and SMTP externally, via Outlook/Outlook Express instead of OWA.
I have run the mail wizard and set up the POP3 fine, but SMTP is not so good.
Do I just need to untick the ANONYMOUS ACCESS box in E2K under the default SMTP server properties? Do I also change the relay restrictions to ALL EXCEPT THE FOLLOWING, and put no IP's in the list, and leave the box for relaying for all authenticated machines??
Have tried these things but they don't seem to work. Here are some errors I get when using Outlook Express externally...
This when trying to use authentication..
Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'MYMAILACCOUNT', Server: 'smtp.mydomain.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10053, Error Number: 0x800CCC0F
And this when trying without authentication
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'externaladdress@externaldomain.com'. Subject 'TEST SUBJECT', Account: 'MYMAILACCOUNT', Server: 'smtp.mydomain.com', Protocol: SMTP, Server Response: '550 5.7.1 Unable to relay for externaladdress@externaldomain.com', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
Any help would be greatly appreciated.
Thanks Tom and co!
|
|
|
|
RE: SMTP access for external clients - 15.May2002 6:40:00 PM
|
|
|
sniper
Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline
|
thats the proper reply from an Exchange 2k server dening relaying. There is a setting that is default that say allow clients the succesfully authenticate to relay. This requires additional set up on the outlook express client but it does work once you go in outlok express and go to the properties for the internet account---> goto the servers tab ----> there is a section at the buttom that reads OUT GOING MAIL
put a check in : my server requires authentication. ---> that will enable the settings button configure the setting with the users info and you should be good to go
|
|
|
|
|
RE: SMTP access for external clients - 17.May2002 12:00:00 AM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
Hi Chris,
Thanks for your help. However I have done this and as per the last post when I try OExpress with this setting I get the following..
This when trying to use authentication..
Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'MYMAILACCOUNT', Server: 'smtp.mydomain.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10053, Error Number: 0x800CCC0F
I think this must be a setup in Exchange problem. I was hoping someone could give me a rundown on what to tick, etc in E2K to make sure I have it set properly.
|
|
|
|
|
RE: SMTP access for external clients - 21.May2002 10:35:00 AM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
Can anyone at all help me on this?
Should be a simple task really?
We can log on to OWA using a name and password but cannot relay through SMTP?
|
|
|
|
|
RE: SMTP access for external clients - 22.May2002 6:44:00 AM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
no they are not using Earthlink..
Just to reiterate..
I have published the SMTP server using the secure mail wizard.
In E2K I have the following settings on the default SMTP server..
Access->Authentication
Anon Access - yes
Basic Auth - yes
Requires TLS Encrypt - no
Integrated Windows Auth - yes
Access->Relay
Only the list below
192.168.0.0 (255.255.255.0)
Allow all computers which successfully authenticate to relay, regardless of the list above - yes
Is there anything else I should do??
|
|
|
|
|
RE: SMTP access for external clients - 22.May2002 8:19:00 PM
|
|
|
Robert Holroyd
Posts: 14
Joined: 25.Mar.2001
From: Fort Myers, FL, USA
Status: offline
|
I have this problem as well. there seems to be an
issue with the SMTP filter. if you uncheck the
SMTP filter ( within ISA ) mail gets sent just
fine. use the filter and you get no relay message.
I have spent all day looking into this and even
pointed an MX record to the internal and then
external IP's of the e2k box.. Dont know why
you would need this..
It has something to do with the filter itself.
I would be curious to see if you uncheck the
SMTP filter, if your mail gets sent for your remote clients.
Rob
|
|
|
|
RE: SMTP access for external clients - 22.May2002 8:38:00 PM
|
|
|
Abraham
Posts: 166
Joined: 8.Mar.2002
From: Colombia
Status: offline
|
Hi.miken
If you have SP2 to Ex2000, you must configure this on the SMTP VS: On the Access Tab on Relay
you must Check "Only the List Below" and leave blank that list(This is on Technet) you must clear the "ALL EXCEPT THE FOLLOWING".
NDRs that contain an 5.7.1 error code can occur if the allow computers which successfully authenticate to relay check box is not selected on the Simple Mail Transfer Protocol (SMTP) virtual server (to locate this check box, click the SMTP virtual server's Access tab, click Relay ).
|
|
|
|
|
RE: SMTP access for external clients - 23.May2002 8:59:00 AM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
Thanks Robert, disabling the SMTP filter on ISA definitely got me a step in the right direction.
Now though I am unable to relay unless I have
Anonymous access ticked, and
All Except the following in the relay tab of the SMTP server. This makes me an open relay!
If I disable anonymous access I cannot receive any mail, and I cannot authenticate either?
I know this has turned more into an Exchange question, but can anyone help??
I want my E2K server to accept anything for my hosted domains, and relay for users with a valid name and password. It does not seem to auth any users, whether they are admins or OWA accounts??
OWA works fine using the same username/passwords.
|
|
|
|
|
RE: SMTP access for external clients - 23.May2002 2:59:00 PM
|
|
|
komoman
Posts: 43
Joined: 2.May2002
From: Philly
Status: offline
|
Hey again Mike,
You need to allow anonymous access for mail to be delivered to your server. The relay settings are what prevent you from being an open relay.
On the relay tab change the "select which computer may relay.." to "Only the list below" and leave the list blank. You do NOT need to add an exception list for your internal clients. They're on your network therefore by definition they are not relaying.
These are the default settings of Exchange. They allow anonymous delivery of e-mail bound for the domain(s) being managed by Exchange but do not allow relaying.
Dan
|
|
|
|
RE: SMTP access for external clients - 23.May2002 4:24:00 PM
|
|
|
pbaldwin
Posts: 7
Joined: 23.May2002
From: UK
Status: offline
|
The reason the SMTP Filter gets in the way of you authenticating is apparent if you view its properties: It has a list of SMTP commands it supports and you wont find authentication commands or things like 'STARTTLS' (which would make encrypted transfer possible). With the filter on, ISA will return errors during the SMTP connection on behalf of your Exchange server.
The filter isn't broke, it just isn't expecting what you are trying to do. A clever-dick could perhaps provide a list of commands that can be added to the SMTP Filter that would enable you to enable it again.
When you are up and running, you should really look at using SSL/TLS, without it you are sending your domain passwords as plain-text on the Internet. Not good!
|
|
|
|
|
RE: SMTP access for external clients - 23.May2002 10:41:00 PM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
Hi there.
Thanks alot for your help people.
I have configured to allow Anonymous Access, and ticked the box "only the list below" and left the list blank. I have also ticked the "allow all servers that authenticate to relay...".
So now I can receive emails to my domains, and can send from internally, and collect via pop3/imap clients externally (outlook express 5).
However external clients CANNOT use the SMTP server to post, they receive the same UNABLE TO RELAY error.
I thought perhaps using IMAP would solve it, but no, it still uses the SMTP server to send messages.
What could I have left out? I really need to get this working help!
|
|
|
|
|
RE: SMTP access for external clients - 26.May2002 6:20:00 PM
|
|
|
tshinder
Posts: 47417
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Mike,
WHY do you want external users to use your internal SMTP server? Typcially, the external users have their own dial-up or some other connection to the Internet with an ISP and they can use their ISPs SMTP server for outbound mail. I don't really see any reason for external users to use your internal mail server.
HTH,
Tom
|
|
|
|
|
RE: SMTP access for external clients - 26.May2002 9:47:00 PM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
Hi Tom,
I agree with your scenario as the best situation, but often there are people working offsite who are connected over a client network of which they do not know the SMTP configuration. OWA is sufficient for these people currently, but they would prefer to use pop3 or IMAP.
Also for clients it would be nice to be able to give them one configuration no matter what connection they are using. If we cannot do this we will have to liase with their connection providers to determine their local mail servers, and go from there.
Is it possible to do this? How do companies like Brinkster etc provide smtp services to clients who will never be on their set of IP addresses?
Thanks,
Mike
|
|
|
|
|
RE: SMTP access for external clients - 27.May2002 9:59:00 PM
|
|
|
miken
Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
|
this link is not valid? can you please repost it?
|
|
|
|
|
RE: SMTP access for external clients - 30.May2002 7:02:00 PM
|
|
|
tshinder
Posts: 47417
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Mike,
Hmmm. Good points. Since you cannot use the SMTP filter to auth, you have to either come up with a different authentication scheme or allow relay (ouch!).
The only solution I can think of here is to install a second SMTP server on the internal network, and publish it using a second ISA Server, or just using the RRAS NAT publishing on a second server. This would allow you to AUTH and prevent an open relay from being available to the Internet.
HTH,
Tom
quote:
Originally posted by miken:
Hi Tom,
I agree with your scenario as the best situation, but often there are people working offsite who are connected over a client network of which they do not know the SMTP configuration. OWA is sufficient for these people currently, but they would prefer to use pop3 or IMAP.
Also for clients it would be nice to be able to give them one configuration no matter what connection they are using. If we cannot do this we will have to liase with their connection providers to determine their local mail servers, and go from there.
Is it possible to do this? How do companies like Brinkster etc provide smtp services to clients who will never be on their set of IP addresses?
Thanks,
Mike
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Big Grin]](/image/smiles/biggrin.gif)
) access any other SMTP server outside their network. I beat my head against the wall on this one for a while myself. If they are using Earthlink then they'll just have to use Earthlink's SMTP server for outbound e-mail.
