SMTP Server

reicherb

Platinum Member
Nov 22, 2000
2,122
0
0
I'm looking for a free SMTP server to use as a local relay for applications that need an smtp server to send mail. We've got a GroupWise server but I've been unable to get it to accept local mail without becoming an open relay. The server would need to be able to only allow traffic from 10.* addresses. I'd perfer something that runs on windows as I need to get it going in a hurt and don't have time to learn *nix (I know it would be better).

Thanks.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I would work on fixing the Groupwise server instead of adding another unnecesary box.
 

reicherb

Platinum Member
Nov 22, 2000
2,122
0
0
The last I hear it wasn't possible. Maybe I'm wrong but I've had the same problem with 5.5 and 6.5.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I havn't used Groupwise but I can't believe that would be true, don't you have a support contract that allows you to call Novell?
 

Garion

Platinum Member
Apr 23, 2001
2,329
6
81
Your 10.x addresses are part of RFC1918 - They are IP address ranges set aside for use on local networks and are NOT routable to the Internet. Any Internet edge router that gets a 10.x address (or 172.16 - 172.31 or 192.168) will drop it.

In general, setting up a SMTP relay isn't done by IP address. You need to build rules that say:

If mail is FROM anyuser@mycompany.com process it
If mail is TO anyuser@mycompany.com process it
Otherwise throw it away.

It's been many years, but Groupwise is a good mail system and their mail relay is fine and should be easily configurable to not be an open relay.

- G
 

ToeJam13

Senior member
May 18, 2004
504
0
0
Not so fast...

There is no problem assigning your mail server with a 10.x.x.x style address. As long as you have a NAT setup on the Internet/public/untrusted side of your firewall that allows inbound and outbound port 25/TCP traffic through to the 10.x.x.x address of your mail server, you're fine.

However, you will still need to set up a rule set. Garion's example will let anyone spam through your SMTP server if they mimic a user on your mail server's domain. So here's how you lock it down:
[*]IF mail is FROM anyuser@anycompany TO validuser@mycompany, accept it
[*]IF mail is FROM validuser@mycompany (using a 10.x.x.x workstation) TO anyuser@anycompany, accept it ***OR***
[*]IF mail is FROM validuser@mycompany (passing SMTP user authentication against an LDAP, Radius, or internal user database) TO anyuser@anycompany, accept it
[*]ELSE disregard mail

If the first two rules weren't expanded, I'd be able to connect to your mail server, claim that I was a user from your mail domain, and send spam to both your users and users on the Internet using your company's domain as a source address. Bad mojo! So to keep that from happening, you either need to lock down sending mail to external users via client source IP ACLs, or by enabling SMTP user authentication.
 

reicherb

Platinum Member
Nov 22, 2000
2,122
0
0
Thanks for the help everyone. I'll look into using GroupWise again next week. The box is already NATed. I'll just have to see about athentication or restricting the source to 10. address.

Thanks!