359 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Smart Upgrade Pattern Detection
Tue, Sep 23rd 2014 241
Disabling Java Updates
Fri, May 30th 2014 180
Cautiously Optimistic the compact -replica saved the day
Thu, Jan 30th 2014 196
Disable SMTP-AUTH to stop relay hackers in their tracks
Tue, Nov 26th 2013 412
September 3, 2013 10:08 PM
Tue, Sep 3rd 2013 174
A question for a rainy day
Tue, Aug 20th 2013 130
Applying patches to ESXi 5.x without using vSphere or CLI
Tue, Jul 30th 2013 163
Top 10
Disable SMTP-AUTH to stop relay hackers in their tracks
Tue, Nov 26th 2013 412
Sending SMTP to secureserver.net from dedicated Domino outbound SMTP servers
Wed, Nov 2nd 2011 348
Smart Upgrade Pattern Detection
Tue, Sep 23rd 2014 241
Password prompt bug in Traveler for Android
Fri, May 27th 2011 196
Cautiously Optimistic the compact -replica saved the day
Thu, Jan 30th 2014 196
Clearing Traveler Status Messages
Tue, Mar 8th 2011 189
Disabling Java Updates
Fri, May 30th 2014 180
September 3, 2013 10:08 PM
Tue, Sep 3rd 2013 174
Applying patches to ESXi 5.x without using vSphere or CLI
Tue, Jul 30th 2013 163
Configuring a Barracuda for round-robin or failover
Fri, Sep 21st 2012 146


Sending SMTP to secureserver.net from dedicated Domino outbound SMTP servers
David Brown    

 

A wise man once blogged about an issue with routing outbound SMTP to godaddy hosted domains (messages that route via smtp.secureserver.net).

5 years later the problem persists.

Even though the IP being used for outbound SMTP is not, nor has ever been, "blocked" by anyone, you will still see the following after the initial SMTP handshake (turn up outbound SMTP debugging, if necessary):

SMTPClient: ReceiveResponse: 554 Your access to this mail system has been rejected due to spam or virus content. If you believe that this failure is in error, please submit an unblock request at  http://unblock.secureserver.net

Going to the URL yields an ever-so-helpful, "Thank You.  [ip address that was entered] is not blocked at this time. It may have been unblocked due to an earlier request.

If you have additional questions please call 480-624-2500."

Well, your SMTP server says it's still blocked, so what gives?

So, I called the number, and talked to "Mark." It took a while for what I was calling about to click with Mark, but, eventually he insisted that because I couldn't send him an example of a bounced message with a message header that that the problem had to be on my side.  I tried to explain that there wouldn't be a header for a message that was not actually routed to their systems (and if it were routed to their systems we wouldn't be having this call in the first place).  Sending the chunk from the log showing that it was their side that was preventing the delivery didn't help convince him.

Anyway, nothing was solved during the call.

Here's the solution:

Even if your outbound SMTP server is not intended to accept inbound SMTP from outside your internal network, you have to open port 25 for the server's public IP.  If you choose to do this ( in my situation, I had to since godaddy doesn't appear to be changing their non-standard approach any time soon), and you don't want to truly expose your server to public SMTP traffic, be sure the server's configuration doc is in order.

For example, Router/SMTP > Restrictions and Controls > SMTP Inbound Controls > Inbound Connection Controls (section) > Allow connections only from the following SMTP internet hostnames/IP addresses (field)

In an environment where this list can be large, I like to use a group for this value and then make modifications to the group, as necessary.

In this case, I knew that only 2 IP addresses would ever need to route inbound SMTP to this server (the two servers that are specifically set up to do this in the DMZ), so I entered the two IP addresses [in brackets] and restarted the router/smtp and... voilà.

Now godaddy gets a response to their helo (even though the response is basically "you will NEVER send SMTP back through me"), and the oubound mail is accepted by smtp.secureserver.net for delivery.



---------------------
http://www.bleedyellow.com/blogs/port1352/entry/sending_smtp_to_secureserver_net_from_dedicated_outbound_smtp_servers
Nov 02, 2011
349 hits



Recent Blog Posts
241


Smart Upgrade Pattern Detection
Tue, Sep 23rd 2014 1:10p   David Brown
I've noticed what I believe to be an inaccuracy in the oldie but goodie Understanding Lotus Notes Smart Upgrade Redpaper. The pattern matching example on Page 29 says that * matches anything- including nothing. The most commonly used wildcards and expressions are * and ?; for example: Release 6.5.4* would match: – Release 6.5.4 – Release 6.5.4FP1 – Release 6.5.4FP2 – Release 6.5.4FP3 – Release 6.5.4HF719 However, [read] Keywords: ibm lotus notes smart upgrade
180


Disabling Java Updates
Fri, May 30th 2014 11:12a   David Brown
I've had recent reason to not want Java to update. There is a setting that is supposed to allow me to turn off the feature, but it would not let me save the setting. Google to the rescue. Here is how to get the setting to stick: For Windows 7, The Java Control Panel needs Admin rights. Navigate to where Java is installed, usually something along these lines: C:Program Files (x86)Javajre7bin Then scroll down till you see: javacpl.exe Right click on it and select "Run as Administr [read] Keywords: admin google java
196


Cautiously Optimistic the compact -replica saved the day
Thu, Jan 30th 2014 5:09a   David Brown
l compact -C mail/user.nsf [0A50:007E-0E70] 01/30/2014 05:38:55 AM Remote console command issued by admin/org: l compact -C mail/user.nsf [0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, database design compression is enabled in database mailuser.nsf. [0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, document data compression is enabled in database mailuser.nsf. [0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, LZ1 is en [read] Keywords: admin domino ibm database
412


Disable SMTP-AUTH to stop relay hackers in their tracks
Tue, Nov 26th 2013 8:16a   David Brown
Sometimes setting up a system to allow password authentication is less secure. Ever notice activity like this on your SMTP-enabled Domino server? SMTP Server: Authentication failed for user guest ; connecting host 46.137.108.26 SMTP Server: Authentication failed for user backup ; connecting host 46.137.108.26 etc. Guess what... In this case, I am not happy that ec2-46-137-108-26.eu-west-1.compute.amazonaws.com (Amazon Web Services, Ireland) thinks they need to relay SMTP through my se [read] Keywords: domino ibm lotus bleedyellow bleedyellow.com password server smtp
174


September 3, 2013 10:08 PM
Tue, Sep 3rd 2013 9:14p   David Brown
Ok. I saw this bug mentioned in the Technote explaining the compact -REPLICA options but forgot that it wouldn't be fixed in any of the 8.5.3 HFs (including 8.5.3FP3 HF324) So, if you are tempted to run something like "load compact -REPLICA -IDS_FULL=80"... you should actually run "load compact -REPLICA -IDS_FULL 080" You could also specify "load compact -REPLICA -IDS_FULL=080" Even if the database is not over the 80% threshold (as specified in the example above), ther [read] Keywords: administration ibm ldd lotus ods bug database java
130


A question for a rainy day
Tue, Aug 20th 2013 11:13a   David Brown
...and there have been quite a few of those recently... Has anyone ever seen this for the uninstall icon? [read] Keywords: bleedyellow bleedyellow.com




163


Applying patches to ESXi 5.x without using vSphere or CLI
Tue, Jul 30th 2013 4:13p   David Brown
How to enable and use ESXi Shell Access with the Direct Console to apply patches (when you don't have access to the server via vSphere or CLI) At the direct console of the ESXi host, press F2 and provide credentials when prompted. Scroll to Troubleshooting Options and press Enter. Choose Enable ESXi Shell and press Enter. Press Esc until you return to the main direct console screen. At the main direct console screen, press Alt-F1 to open a virtual console window to the h [read] Keywords: network profile server vmware xml
131


PIRC Design Modification TimeDate Location
Mon, Jun 17th 2013 12:14p   David Brown
PIRC added the "Design Modification TimeDate" the database. It is updated in the database whenever design refresh or replace is run and makes an update. Does anyone know where I can find the "Design Modification TimeDate" field and/or property? Is it available in the Designer client or only via NotesPeek or? Thanks. [read] Keywords: database
146


Configuring a Barracuda for round-robin or failover
Fri, Sep 21st 2012 2:09p   David Brown
Shamelessly grabbed directly from the help file... Destination Server Name/IP - IP address or hostname that receives email after the spam and virus scans. It is usually best to use a hostname rather than an IP address so that the destination mail server can be moved and DNS updated at any time without any changes to the Barracuda Spam & Virus Firewall. Note: If you set Use MX Records below to Yes, you must enter a domain name for this field. If multiple servers are specified, then the [read] Keywords: apple email server virus
60


Thanks for the "details"
Wed, Jun 20th 2012 6:12p   David Brown
[read] Keywords: bleedyellow bleedyellow.com




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition