SMTP Access control 1

[DaveStaples]

I have a problem with my smtp server, I can send mail out through it from the internal network, however external (via internet) cannot send in. Using the tests on

http://www.dnsreport.com

i get the error:

Trying to connect to all mailservers:

mylenrd.com. - 81.130.201.231 [Could not connect: Got an unknown MAIL FROM response: 454 5.7.3 Client was not authenticated.

This is because I have set the access control to intergrated windows authentication. To make it work I have to set the access control to Anonymous access. I believe this would alow any one to relay mail, which we will not permit.

How to I sort the access issues to make it work correctly ?

 

[Davetoo]

On your SMTP server, you have to set Access Control Authentication to allow Anonymous, Basic and Integrated Windows (check all three). If you don't, as you've discovered, you won't receive external emails. Reason being is the external servers can't authenticate to your server. This is not the same as Relaying, which is handled via the Relay Restrictions further down, which should be set to ""Only the list below" with either an empty list or only internal servers or known IP's, and the Allow all computers which successfully authenticate... should be checked.

 

[DaveStaples]

I have checked the boxes as suggested, but doing a relay check from

http://www.abuse.net

I get the response

Mail relay testing
Connecting to mylenrd.com for anonymous test ...
<<< 220 server.MylenRD.Com Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Thu, 3 Jul 2003 20:45:56 +0100
>>> HELO

http://www.abuse.net

<<< 250 server.MylenRD.Com Hello [208.31.42.77]


Relay test 1
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 2.1.0 spamtest@abuse.net....Sender OK
>>> RCPT TO:<relaytest@abuse.net>
<<< 550 5.7.1 Unable to relay for relaytest@abuse.net

Relay test 2
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest>
<<< 250 2.1.0 spamtest@MylenRD.com....Sender OK
>>> RCPT TO:<relaytest@abuse.net>
<<< 550 5.7.1 Unable to relay for relaytest@abuse.net

Relay test 3
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<>
<<< 250 2.1.0 <>....Sender OK
>>> RCPT TO:<relaytest@abuse.net>
<<< 550 5.7.1 Unable to relay for relaytest@abuse.net

Relay test 4
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@mylenrd.com>
<<< 250 2.1.0 spamtest@mylenrd.com....Sender OK
>>> RCPT TO:<relaytest@abuse.net>
<<< 550 5.7.1 Unable to relay for relaytest@abuse.net

Relay test 5
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[81.130.201.231]>
<<< 250 2.1.0 spamtest@[81.130.201.231]....Sender OK
>>> RCPT TO:<relaytest@abuse.net>
<<< 550 5.7.1 Unable to relay for relaytest@abuse.net

Relay test 6
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@mylenrd.com>
<<< 250 2.1.0 spamtest@mylenrd.com....Sender OK
>>> RCPT TO:<relaytest%abuse.net@mylenrd.com>
<<< 250 2.1.5 relaytest%abuse.net@mylenrd.com

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not.

You cannot tell if it is really an open relay without sending a test message; this anonymous user test DID NOT send a test message.

Do I have an open relay ?

 

[Davetoo]

As the test shows, not necesarily. Your results match mine, and I'm not relaying mail.

 

[DaveStaples]

Thanks
I did not understand relaying ....

Useful info:-

http://www.microsoft.com/technet/tr...chnet/security/prodtech/mailexch/excrelay.asp