Outbound E-mail
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=1717
Printed Date: 07 July 2025 at 6:20am
Topic: Outbound E-mail
Posted By: Guests
Subject: Outbound E-mail
Date Posted: 14 August 2003 at 5:03pm
Hello - and please excuse me being a newbie. I just downloaded the software and I'm running it through my test domain to see how things work. I'm getting e-mail to process inbound, and what the product offers is what my down-stream spam heuristics engine needs - and in turn what I need to then program AS-ISP to stop even more. It looks like it holds promise.The problem is outbound mail. Any outbound mail is halted by an error - relaying denied. By moving the MX record to the AS-ISP system, it also becomes the valid sender, yet the docs are geared for inbound mail. I'm thinking it just doesn't want to accept my domain, or it's IP, as the 'local domain', which I think is the key. A copy of the log is below:08/14/03 16:20:47:437 -- (1296) Connection from: 172.16.1.3 - Originating country : N/A
08/14/03 16:20:47:593 -- (1296) Resolving 172.16.1.3 - http://www.m2tech.ccmail.m2tech.cc" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.m2tech.ccmail.m2tech.cc
08/14/03 16:20:47:593 -- (1296) Bypassed all rules for: testbox@myisp.com from MyMailbox.M2_PO.M2_DOM@m2tech.cc
08/14/03 16:20:47:671 -- (1296) EMail from MyMailbox.M2_PO.M2_DOM@m2tech.cc to testbox@myisp.com was queued. Size: 1 KB
08/14/03 16:20:47:671 -- (1296) Disconnect
08/14/03 16:20:47:671 -- (364) Sending email from MyMailbox.M2_PO.M2_DOM@m2tech.cc to testbox@myisp.com
08/14/03 16:20:47:796 -- (364) EMail from: MyMailbox.M2_PO.M2_DOM@m2tech.cc to: testbox@myisp.com was returned to sender - server error - Relaying denied
08/14/03 16:20:48:078 -- (364) Error-email from MyMailbox.M2_PO.M2_DOM@m2tech.cc to testbox@myisp.com was forwarded to 172.16.1.3
08/14/03 16:20:48:078 -- (364) server error - Relaying denied
08/14/03 16:21:18:390 -- (364) Connection from: 172.16.1.3 - Originating country : N/A
08/14/03 16:21:18:562 -- (364) Resolving 172.16.1.3 - http://www.m2tech.ccmail.m2tech.cc" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.m2tech.ccmail.m2tech.cc
08/14/03 16:21:18:562 -- (364) Bypassed all rules for: postmaster_no_reply@m2tech.cc from
08/14/03 16:21:18:640 -- (364) EMail from to postmaster_no_reply@m2tech.cc was queued. Size: 1 KB
08/14/03 16:21:18:640 -- (364) DisconnectNotes: The 172.16.1.x network is the DMZ I have here - 172.16.1.3 is my mail system SMTP gateway, which operates fine before we add in the AS-ISP system. 172.16.1.10 is the AS-ISP system, testbox@myisp.com is faked for this post, but is a valid external ISP mailbox. The MyMailbox reference is also a fake mailbox, but the rest of the address is valid. To perform the redirect, I changed the 1-to-1 public IP NAT mapping, and adjusted the SMTP port filters to the new DMZ IP address. On the inside, I pointed the outbound SMTP e-mail gateway to the AS-ISP server. Any thoughts as to what I may have missed?Rob
|
Replies:
Posted By: LogSat
Date Posted: 14 August 2003 at 10:49pm
Robert,
FYI, we are currently develping an alpha-version that also filters using Bayesian-dna fingerprinting on emails, combining the results from the current blacklists to achieve a much greater accuracy. We hope to have a public beta available within 2-3 weeks.
Going back to your issue, SpamFilter is designed to handle incoming email only. Workarounds can be made to handle outgoing trafic as well, but we do not recommend them... In any case, the key issue in your case is the following log entries:
08/14/03 16:20:47:796 -- (364) EMail from: MyMailbox.M2_PO.M2_DOM@m2tech.cc to: testbox@myisp.com was returned to sender - server error - Relaying denied
After SpamFilter receives any email, it then attempts to forward it to your destination smtp server. If there is a problem with your destination smtp server, the error message that the dest server gives appears after the "server error -" phrase. In your case, your dest. smtp server is rejecting the emails SpamFilter forwards to it by giving the "relaying denied" msg.
You have configured SpamFilter properly to handle outgoing traffic, but please note that all emails SpamFIlter receives are sent off to your dest smtp server, and if they are outbound, the dest smtp server needs to be able to relay them.
Roberto Franceschetti LogSat Software
|
Posted By: Guests
Date Posted: 15 August 2003 at 9:18am
Ok, then what I inferred about outbound mail is correct.If I could suggest an item to work on, an outbound engine, with a simple outbound relay locked to specific senders and domains would make this system even more useful. Using a seperate machine IP would be ideal to isolate it from the rest of your inbound engine. The code for it, if you did it in a modular fashion, is probably 90% there, sans a config screen.The reason for this: Your notes on how the MX records should get changed to the AS-ISP system would, by default, invalidate your sending system's MX record, and anyone with a similar reverse lookup system would fail if they wanted to validate the sender's DNS. I would think this would be something that should be noted in the docs in that section.By my own logic: By adding an MX record for the sending system, you then open up your sending system to being referenced to receive mail, and your docs do mention the pitfalls of that. I guess I have to see if I can get the next system inside, and AntiVirus SMTP scanner, to do the outbound without accepting inbound except for the AS-ISP box. Thanks for the notes on the upcomming feature ads. I'm using GWAVA ( http://www.beginfinite.com," CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.beginfinite.com, Novell GroupWise AV/SPAM product) at the heart of the mail system here which also has some attachment fingerprint features, along with spam heuristics, RBL, content, AV, and other features. I am still sorting out which product does it's job the best at what point. Hence the AS-ISP testing. I'll see if I can get my other SMTP products to handle outbound only at this point. If so, you'll have probably have another registered customer. Thanks for your information. Anything else you might add is apprecated.Robert Miranda
|
Posted By: Guests
Date Posted: 15 August 2003 at 12:54pm
I'm going to quickly amend my reply to note that, after talking it over with a couple of others, I may be able to use the firewall these systems sit behind to control inbound/outbound visibility. At the IP the AS-ISP system appears at, filters will get configured for inbound SMTP and DNS communications only, and the outbound SMTP system, communicating at a different IP, with a lower-priority MX record, would handle outbound mail, get DNS lookup, but would not be visible to inbound requests.I'll update this conversations with the results in the near future.Rob
|
Posted By: Guests
Date Posted: 25 August 2003 at 3:10pm
Going to update things from the past week just for closure.I'm stuck with the following problems that, at the moment, only another box, or another piece, or two, of SMTP software will seem solve. Not something broke in your product, but just things to be aware of:1. The GroupWise GWIA (NLM) can't send/operate on anything but SMTP port 25. Shifting IP's (possible) isn't going to help,
2. McAfee SMTP (On Win) can shift to alternate ports, but lays all over EVERY server IP address at the port address you specify, wether it's physical or assigned as a secondary. Not very nice.The McAfee issue wouldn't necessisarily be a problem if I could push GWIA to talk at a higher address. Also, if McAfee behaved and locked itself in to a single address, I could buld a workaround that way. Anyone with ideas? The path I want is Internet->McAfee SMTP->GWIA Gateway inbound, and GWIA->(Somehow through McAfee SMTP)->Internet outbound.McAfee SMTP->GWIA Gateway inbound, and GWIA->(Somehow through McAfee SMTP)->Internet outbound.McAfee SMTP->GWIA Gateway inbound, and GWIA->(Somehow through McAfee SMTP)->Internet outbound.GWIA Gateway inbound, and GWIA->(Somehow through McAfee SMTP)->Internet outbound.GWIA Gateway inbound, and GWIA->(Somehow through McAfee SMTP)->Internet outbound.(Somehow through McAfee SMTP)->Internet outbound.(Somehow through McAfee SMTP)->Internet outbound.Internet outbound.Internet outbound.Thanks.
|
Posted By: LogSat
Date Posted: 26 August 2003 at 10:34pm
Robert,
While we can't help and support with the two products you mention, the following info may be of help.
Scenario. Two applications need to listen to port 25 on an IP address. The server has multiple IP addresses. One applicaiton misbehaves by taking over all IPs on the server on port 25.
Solution. If the well-behaved application is started first, it will use a single IP address on port 25. The bad application starts next, using up all remaning IPs, but without interfering with the 1st one since that IP is already taken.
How? Using the registry, under HKLM\SYSTEM\CurrentControlSet\Services\bad-service-name, add the REG_MULTI_SZ value: DependOnService and assign it the name of the good service.
This will cause the bad service to depend on the good service, meaning that it needs to wait for the good service to to start first.
Roberto F. LogSat Software
|
Posted By: Guests
Date Posted: 11 September 2003 at 12:06pm
I wanted to make note that your solution appears to work. Making McAfee Mailscan wait for the SpamFilter service on startup does allow the two to run on seperate IP's, and keeps McAfee from taking both. I also have SpamFilter successfully feeding McAfee, and then that sending the mail in, or accepting internal mail system mail and sending it out.
A couple of notes...
1. Internal DNS with proper MX records for your internal mail system addresses is implimented here. I haven't tried the Relay mode on McAfee, but it might make a mess of things in that mode. McAfee routes via DNS, and it needs to find your internal addresses, and if you have an internal DNS system configured correctly, it should work.
2. Setting the filters for inbound and outbound works well. I used the Novell Filter Exception SMTP examples as a guide.
3. I added script files to stop and start the McAfee service from the desktop.
I'm working on another problem, but will post it once I have more detail to provide..
|
Posted By: Guests
Date Posted: 05 November 2003 at 9:39am
GW GWIA can listen on another port. Check TID 10072891.
|
|