SMTP forwarding question
in [IIS]
|
From: H-Man on 23 Feb 2010 17:48 I have a Windows 2000 server with IIS installed As so many others, I have several laptops out there that have issues sending email due to port 25 being blocked. I would like to make an authenticated port (something other than 25) available to my field personnel and have it forward to my ISP SMTP server on port 25. My internet domain is hosted by my ISP. I know this might be a basic question, but how do I go about making IIS allow a secure connection, accept emails destined for anywhere and forward it to our ISP's server for further handling? -- HK
From: Chris M on 24 Feb 2010 05:27 On 23/02/2010 22:48, H-Man wrote: > I have a Windows 2000 server with IIS installed > > As so many others, I have several laptops out there that have issues > sending email due to port 25 being blocked. I would like to make an > authenticated port (something other than 25) available to my field > personnel and have it forward to my ISP SMTP server on port 25. My internet > domain is hosted by my ISP. > > I know this might be a basic question, but how do I go about making IIS > allow a secure connection, accept emails destined for anywhere and forward > it to our ISP's server for further handling? > One way of doing it (sorry if these settings don't look the same in Windows 2000 but I don't have anything running that version any more!) Set the SMTP virtual server Authentication setting to require Basic Authentication. Disable anonymous access. In the relay restrictions, allow all computers which successfully authenticate to relay. Now, this will have the unforunate effect of causing your clients to send their username/passwords across the Internet in clear text which you obviously don't want. Therefore, set the virtual server to use a certificate, and require a secure channel for communication. If you're using a self-signed certificate then your clients will need to trust this certificate. Set the listening port on the server to 465 (standard for Secure SMTP). This will secure the connection before authentication takes place. Hope this helps, -- Chris M.
From: H-Man on 24 Feb 2010 10:09 On Wed, 24 Feb 2010 10:27:38 +0000, Chris M wrote: > On 23/02/2010 22:48, H-Man wrote: >> I have a Windows 2000 server with IIS installed >> >> As so many others, I have several laptops out there that have issues >> sending email due to port 25 being blocked. I would like to make an >> authenticated port (something other than 25) available to my field >> personnel and have it forward to my ISP SMTP server on port 25. My internet >> domain is hosted by my ISP. >> >> I know this might be a basic question, but how do I go about making IIS >> allow a secure connection, accept emails destined for anywhere and forward >> it to our ISP's server for further handling? >> > > One way of doing it (sorry if these settings don't look the same in > Windows 2000 but I don't have anything running that version any more!) > > Set the SMTP virtual server Authentication setting to require Basic > Authentication. Disable anonymous access. In the relay restrictions, > allow all computers which successfully authenticate to relay. > > Now, this will have the unforunate effect of causing your clients to > send their username/passwords across the Internet in clear text which > you obviously don't want. Therefore, set the virtual server to use a > certificate, and require a secure channel for communication. If you're > using a self-signed certificate then your clients will need to trust > this certificate. Set the listening port on the server to 465 (standard > for Secure SMTP). This will secure the connection before authentication > takes place. > > Hope this helps, Thanks, I'll give it a go. -- HK
From: H-Man on 24 Feb 2010 18:22 On Wed, 24 Feb 2010 10:27:38 +0000, Chris M wrote: > On 23/02/2010 22:48, H-Man wrote: >> I have a Windows 2000 server with IIS installed >> >> As so many others, I have several laptops out there that have issues >> sending email due to port 25 being blocked. I would like to make an >> authenticated port (something other than 25) available to my field >> personnel and have it forward to my ISP SMTP server on port 25. My internet >> domain is hosted by my ISP. >> >> I know this might be a basic question, but how do I go about making IIS >> allow a secure connection, accept emails destined for anywhere and forward >> it to our ISP's server for further handling? >> > > One way of doing it (sorry if these settings don't look the same in > Windows 2000 but I don't have anything running that version any more!) > > Set the SMTP virtual server Authentication setting to require Basic > Authentication. Disable anonymous access. In the relay restrictions, > allow all computers which successfully authenticate to relay. > > Now, this will have the unforunate effect of causing your clients to > send their username/passwords across the Internet in clear text which > you obviously don't want. Therefore, set the virtual server to use a > certificate, and require a secure channel for communication. If you're > using a self-signed certificate then your clients will need to trust > this certificate. Set the listening port on the server to 465 (standard > for Secure SMTP). This will secure the connection before authentication > takes place. > > Hope this helps, I got the relay working, thanks for you help. Just a bit more on certificates. I tried a self signed certificate, but can't get it to show up so that I can select it. Win2KS comes with IIS5. The only self ssl tool I could find to install a certificate was in the IIS6.o resource kit. I installed the ssldiag too and ran it to create a self-signed cert. It won't show when I go to select the certificate. I would imagine I'd need to open port 443 on our corporate firewall then as well, right? The SMTP doe listen on port 465 as indicated. A self-signed certificate is not a problem as it should only be my staff, and just a few at that, that need in, so they can accept the certificate as legit. -- HK
From: Chris M on 25 Feb 2010 03:35
On 24/02/2010 23:22, H-Man wrote: > On Wed, 24 Feb 2010 10:27:38 +0000, Chris M wrote: > >> On 23/02/2010 22:48, H-Man wrote: >>> I have a Windows 2000 server with IIS installed >>> >>> As so many others, I have several laptops out there that have issues >>> sending email due to port 25 being blocked. I would like to make an >>> authenticated port (something other than 25) available to my field >>> personnel and have it forward to my ISP SMTP server on port 25. My internet >>> domain is hosted by my ISP. >>> >>> I know this might be a basic question, but how do I go about making IIS >>> allow a secure connection, accept emails destined for anywhere and forward >>> it to our ISP's server for further handling? >>> >> >> One way of doing it (sorry if these settings don't look the same in >> Windows 2000 but I don't have anything running that version any more!) >> >> Set the SMTP virtual server Authentication setting to require Basic >> Authentication. Disable anonymous access. In the relay restrictions, >> allow all computers which successfully authenticate to relay. >> >> Now, this will have the unforunate effect of causing your clients to >> send their username/passwords across the Internet in clear text which >> you obviously don't want. Therefore, set the virtual server to use a >> certificate, and require a secure channel for communication. If you're >> using a self-signed certificate then your clients will need to trust >> this certificate. Set the listening port on the server to 465 (standard >> for Secure SMTP). This will secure the connection before authentication >> takes place. >> >> Hope this helps, > > I got the relay working, thanks for you help. > > Just a bit more on certificates. > I tried a self signed certificate, but can't get it to show up so that I > can select it. Win2KS comes with IIS5. The only self ssl tool I could find > to install a certificate was in the IIS6.o resource kit. I installed the > ssldiag too and ran it to create a self-signed cert. It won't show when I > go to select the certificate. I would imagine I'd need to open port 443 on > our corporate firewall then as well, right? The SMTP doe listen on port 465 > as indicated. > > A self-signed certificate is not a problem as it should only be my staff, > and just a few at that, that need in, so they can accept the certificate as > legit. Sorry, I'm not able to jump onto a Windows 2000 box so I can't really try this myself. Did you import the certificate into the local computer certificate store? You won't need to open 443 incoming - just 465. -- Chris M. |