• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SMTP access for external clients

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> SMTP access for external clients Page: [1]
Login
Message << Older Topic   Newer Topic >>
SMTP access for external clients - 14.May2002 10:22:00 PM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
Hi there, I have an internal E2K server behind ISA. Everything is fine, and I use OWA to access my mail externally. However now we have some clients who want to use POP3 and SMTP externally, via Outlook/Outlook Express instead of OWA.

I have run the mail wizard and set up the POP3 fine, but SMTP is not so good.

Do I just need to untick the ANONYMOUS ACCESS box in E2K under the default SMTP server properties? Do I also change the relay restrictions to ALL EXCEPT THE FOLLOWING, and put no IP's in the list, and leave the box for relaying for all authenticated machines??

Have tried these things but they don't seem to work. Here are some errors I get when using Outlook Express externally...

This when trying to use authentication..

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'MYMAILACCOUNT', Server: 'smtp.mydomain.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10053, Error Number: 0x800CCC0F

And this when trying without authentication

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'externaladdress@externaldomain.com'. Subject 'TEST SUBJECT', Account: 'MYMAILACCOUNT', Server: 'smtp.mydomain.com', Protocol: SMTP, Server Response: '550 5.7.1 Unable to relay for externaladdress@externaldomain.com', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

Any help would be greatly appreciated.
Thanks Tom and co!
Post #: 1
RE: SMTP access for external clients - 15.May2002 6:40:00 PM   
sniper

 

Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline
thats the proper reply from an Exchange 2k server dening relaying. There is a setting that is default that say allow clients the succesfully authenticate to relay. This requires additional set up on the outlook express client but it does work once you go in outlok express and go to the properties for the internet account---> goto the servers tab ----> there is a section at the buttom that reads OUT GOING MAIL


put a check in : my server requires authentication. ---> that will enable the settings button configure the setting with the users info and you should be good to go

(in reply to miken)
Post #: 2
RE: SMTP access for external clients - 17.May2002 12:00:00 AM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
Hi Chris,

Thanks for your help. However I have done this and as per the last post when I try OExpress with this setting I get the following..

This when trying to use authentication..

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'MYMAILACCOUNT', Server: 'smtp.mydomain.com', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10053, Error Number: 0x800CCC0F

I think this must be a setup in Exchange problem. I was hoping someone could give me a rundown on what to tick, etc in E2K to make sure I have it set properly.

(in reply to miken)
Post #: 3
RE: SMTP access for external clients - 21.May2002 10:35:00 AM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
Can anyone at all help me on this?
Should be a simple task really?

We can log on to OWA using a name and password but cannot relay through SMTP?

(in reply to miken)
Post #: 4
RE: SMTP access for external clients - 21.May2002 2:29:00 PM   
komoman

 

Posts: 43
Joined: 2.May2002
From: Philly
Status: offline
Hey Mike,

That message looks REALLY familiar. Are the clients by any chance using Earthlink as their ISP? Earthlink has things setup that you CANNOT CANNOT CANNOT (is that clear? [Big Grin] ) access any other SMTP server outside their network. I beat my head against the wall on this one for a while myself. If they are using Earthlink then they'll just have to use Earthlink's SMTP server for outbound e-mail.

Dan

(in reply to miken)
Post #: 5
RE: SMTP access for external clients - 22.May2002 6:44:00 AM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
no they are not using Earthlink..

Just to reiterate..

I have published the SMTP server using the secure mail wizard.

In E2K I have the following settings on the default SMTP server..

Access->Authentication
Anon Access - yes
Basic Auth - yes
Requires TLS Encrypt - no
Integrated Windows Auth - yes

Access->Relay
Only the list below
192.168.0.0 (255.255.255.0)
Allow all computers which successfully authenticate to relay, regardless of the list above - yes

Is there anything else I should do??

(in reply to miken)
Post #: 6
RE: SMTP access for external clients - 22.May2002 8:19:00 PM   
Robert Holroyd

 

Posts: 14
Joined: 25.Mar.2001
From: Fort Myers, FL, USA
Status: offline
I have this problem as well. there seems to be an
issue with the SMTP filter. if you uncheck the
SMTP filter ( within ISA ) mail gets sent just
fine. use the filter and you get no relay message.

I have spent all day looking into this and even
pointed an MX record to the internal and then
external IP's of the e2k box.. Dont know why
you would need this..

It has something to do with the filter itself.
I would be curious to see if you uncheck the
SMTP filter, if your mail gets sent for your remote clients.

Rob

(in reply to miken)
Post #: 7
RE: SMTP access for external clients - 22.May2002 8:38:00 PM   
Abraham

 

Posts: 166
Joined: 8.Mar.2002
From: Colombia
Status: offline
Hi.miken

If you have SP2 to Ex2000, you must configure this on the SMTP VS: On the Access Tab on Relay
you must Check "Only the List Below" and leave blank that list(This is on Technet) you must clear the "ALL EXCEPT THE FOLLOWING".

NDRs that contain an 5.7.1 error code can occur if the allow computers which successfully authenticate to relay check box is not selected on the Simple Mail Transfer Protocol (SMTP) virtual server (to locate this check box, click the SMTP virtual server's Access tab, click Relay ).

(in reply to miken)
Post #: 8
RE: SMTP access for external clients - 23.May2002 8:59:00 AM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
Thanks Robert, disabling the SMTP filter on ISA definitely got me a step in the right direction.

Now though I am unable to relay unless I have
Anonymous access ticked, and
All Except the following in the relay tab of the SMTP server. This makes me an open relay!

If I disable anonymous access I cannot receive any mail, and I cannot authenticate either?

I know this has turned more into an Exchange question, but can anyone help??

I want my E2K server to accept anything for my hosted domains, and relay for users with a valid name and password. It does not seem to auth any users, whether they are admins or OWA accounts??

OWA works fine using the same username/passwords.

(in reply to miken)
Post #: 9
RE: SMTP access for external clients - 23.May2002 2:59:00 PM   
komoman

 

Posts: 43
Joined: 2.May2002
From: Philly
Status: offline
Hey again Mike,

You need to allow anonymous access for mail to be delivered to your server. The relay settings are what prevent you from being an open relay.

On the relay tab change the "select which computer may relay.." to "Only the list below" and leave the list blank. You do NOT need to add an exception list for your internal clients. They're on your network therefore by definition they are not relaying.

These are the default settings of Exchange. They allow anonymous delivery of e-mail bound for the domain(s) being managed by Exchange but do not allow relaying.

Dan

(in reply to miken)
Post #: 10
RE: SMTP access for external clients - 23.May2002 4:24:00 PM   
pbaldwin

 

Posts: 7
Joined: 23.May2002
From: UK
Status: offline
The reason the SMTP Filter gets in the way of you authenticating is apparent if you view its properties: It has a list of SMTP commands it supports and you wont find authentication commands or things like 'STARTTLS' (which would make encrypted transfer possible). With the filter on, ISA will return errors during the SMTP connection on behalf of your Exchange server.

The filter isn't broke, it just isn't expecting what you are trying to do. A clever-dick could perhaps provide a list of commands that can be added to the SMTP Filter that would enable you to enable it again.

When you are up and running, you should really look at using SSL/TLS, without it you are sending your domain passwords as plain-text on the Internet. Not good!

(in reply to miken)
Post #: 11
RE: SMTP access for external clients - 23.May2002 10:41:00 PM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
Hi there.

Thanks alot for your help people.

I have configured to allow Anonymous Access, and ticked the box "only the list below" and left the list blank. I have also ticked the "allow all servers that authenticate to relay...".

So now I can receive emails to my domains, and can send from internally, and collect via pop3/imap clients externally (outlook express 5).

However external clients CANNOT use the SMTP server to post, they receive the same UNABLE TO RELAY error.

I thought perhaps using IMAP would solve it, but no, it still uses the SMTP server to send messages.

What could I have left out? I really need to get this working help!

(in reply to miken)
Post #: 12
RE: SMTP access for external clients - 26.May2002 6:20:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mike,

WHY do you want external users to use your internal SMTP server? Typcially, the external users have their own dial-up or some other connection to the Internet with an ISP and they can use their ISPs SMTP server for outbound mail. I don't really see any reason for external users to use your internal mail server.

HTH,
Tom

(in reply to miken)
Post #: 13
RE: SMTP access for external clients - 26.May2002 9:47:00 PM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
Hi Tom,

I agree with your scenario as the best situation, but often there are people working offsite who are connected over a client network of which they do not know the SMTP configuration. OWA is sufficient for these people currently, but they would prefer to use pop3 or IMAP.

Also for clients it would be nice to be able to give them one configuration no matter what connection they are using. If we cannot do this we will have to liase with their connection providers to determine their local mail servers, and go from there.

Is it possible to do this? How do companies like Brinkster etc provide smtp services to clients who will never be on their set of IP addresses?

Thanks,
Mike

(in reply to miken)
Post #: 14
RE: SMTP access for external clients - 26.May2002 10:35:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Mike,

take a look at http://www.isaserver.org/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=2;t=004488 . At the bottom of this post you will find an idea how you can solve that smtp configuration problem on the client side.

HTH,
Stefaan

(in reply to miken)
Post #: 15
RE: SMTP access for external clients - 27.May2002 9:59:00 PM   
miken

 

Posts: 21
Joined: 29.Oct.2001
From: Auckland, New Zealand
Status: offline
this link is not valid? can you please repost it?

(in reply to miken)
Post #: 16
RE: SMTP access for external clients - 27.May2002 10:04:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Mike,

with the new site, the link is somewhat changed. Here is the new one http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=004488

If you have some old references, just replace 'www.isaserver.org/cgi-bin' with 'forums.isaserver.org' [Big Grin]

HTH,
Stefaan

(in reply to miken)
Post #: 17
RE: SMTP access for external clients - 30.May2002 7:02:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mike,

Hmmm. Good points. Since you cannot use the SMTP filter to auth, you have to either come up with a different authentication scheme or allow relay (ouch!).

The only solution I can think of here is to install a second SMTP server on the internal network, and publish it using a second ISA Server, or just using the RRAS NAT publishing on a second server. This would allow you to AUTH and prevent an open relay from being available to the Internet.

HTH,
Tom

quote:
Originally posted by miken:
Hi Tom,

I agree with your scenario as the best situation, but often there are people working offsite who are connected over a client network of which they do not know the SMTP configuration. OWA is sufficient for these people currently, but they would prefer to use pop3 or IMAP.

Also for clients it would be nice to be able to give them one configuration no matter what connection they are using. If we cannot do this we will have to liase with their connection providers to determine their local mail servers, and go from there.

Is it possible to do this? How do companies like Brinkster etc provide smtp services to clients who will never be on their set of IP addresses?

Thanks,
Mike


(in reply to miken)
Post #: 18

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> SMTP access for external clients Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts