357 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Disabling Java Updates
Fri, May 30th 2014 703
Cautiously Optimistic the compact -replica saved the day
Thu, Jan 30th 2014 451
Disable SMTP-AUTH to stop relay hackers in their tracks
Tue, Nov 26th 2013 522
September 3, 2013 10:08 PM
Tue, Sep 3rd 2013 246
A question for a rainy day
Tue, Aug 20th 2013 210
Applying patches to ESXi 5.x without using vSphere or CLI
Tue, Jul 30th 2013 210
PIRC Design Modification TimeDate Location
Mon, Jun 17th 2013 196
Top 10
Disabling Java Updates
Fri, May 30th 2014 703
Disable SMTP-AUTH to stop relay hackers in their tracks
Tue, Nov 26th 2013 522
Cautiously Optimistic the compact -replica saved the day
Thu, Jan 30th 2014 451
Sending SMTP to secureserver.net from dedicated Domino outbound SMTP servers
Wed, Nov 2nd 2011 421
Password prompt bug in Traveler for Android
Fri, May 27th 2011 306
Clearing Traveler Status Messages
Tue, Mar 8th 2011 283
September 3, 2013 10:08 PM
Tue, Sep 3rd 2013 246
Configuring a Barracuda for round-robin or failover
Fri, Sep 21st 2012 237
Registering new users with PIRC enabled by default
Wed, Feb 15th 2012 222
Applying patches to ESXi 5.x without using vSphere or CLI
Tue, Jul 30th 2013 210


Sending SMTP to secureserver.net from dedicated Domino outbound SMTP servers
David Brown    

 

A wise man once blogged about an issue with routing outbound SMTP to godaddy hosted domains (messages that route via smtp.secureserver.net).

5 years later the problem persists.

Even though the IP being used for outbound SMTP is not, nor has ever been, "blocked" by anyone, you will still see the following after the initial SMTP handshake (turn up outbound SMTP debugging, if necessary):

SMTPClient: ReceiveResponse: 554 Your access to this mail system has been rejected due to spam or virus content. If you believe that this failure is in error, please submit an unblock request at  http://unblock.secureserver.net

Going to the URL yields an ever-so-helpful, "Thank You.  [ip address that was entered] is not blocked at this time. It may have been unblocked due to an earlier request.

If you have additional questions please call 480-624-2500."

Well, your SMTP server says it's still blocked, so what gives?

So, I called the number, and talked to "Mark." It took a while for what I was calling about to click with Mark, but, eventually he insisted that because I couldn't send him an example of a bounced message with a message header that that the problem had to be on my side.  I tried to explain that there wouldn't be a header for a message that was not actually routed to their systems (and if it were routed to their systems we wouldn't be having this call in the first place).  Sending the chunk from the log showing that it was their side that was preventing the delivery didn't help convince him.

Anyway, nothing was solved during the call.

Here's the solution:

Even if your outbound SMTP server is not intended to accept inbound SMTP from outside your internal network, you have to open port 25 for the server's public IP.  If you choose to do this ( in my situation, I had to since godaddy doesn't appear to be changing their non-standard approach any time soon), and you don't want to truly expose your server to public SMTP traffic, be sure the server's configuration doc is in order.

For example, Router/SMTP > Restrictions and Controls > SMTP Inbound Controls > Inbound Connection Controls (section) > Allow connections only from the following SMTP internet hostnames/IP addresses (field)

In an environment where this list can be large, I like to use a group for this value and then make modifications to the group, as necessary.

In this case, I knew that only 2 IP addresses would ever need to route inbound SMTP to this server (the two servers that are specifically set up to do this in the DMZ), so I entered the two IP addresses [in brackets] and restarted the router/smtp and... voilà.

Now godaddy gets a response to their helo (even though the response is basically "you will NEVER send SMTP back through me"), and the oubound mail is accepted by smtp.secureserver.net for delivery.



---------------------
http://www.bleedyellow.com/blogs/port1352/entry/sending_smtp_to_secureserver_net_from_dedicated_outbound_smtp_servers
Nov 02, 2011
422 hits



Recent Blog Posts
703


Disabling Java Updates
Fri, May 30th 2014 11:12a   David Brown
I've had recent reason to not want Java to update. There is a setting that is supposed to allow me to turn off the feature, but it would not let me save the setting. Google to the rescue. Here is how to get the setting to stick: For Windows 7, The Java Control Panel needs Admin rights. Navigate to where Java is installed, usually something along these lines: C:Program Files (x86)Javajre7bin Then scroll down till you see: javacpl.exe Right click on it and select "Run as Administr [read] Keywords: admin google java
451


Cautiously Optimistic the compact -replica saved the day
Thu, Jan 30th 2014 5:09a   David Brown
l compact -C mail/user.nsf [0A50:007E-0E70] 01/30/2014 05:38:55 AM Remote console command issued by admin/org: l compact -C mail/user.nsf [0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, database design compression is enabled in database mailuser.nsf. [0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, document data compression is enabled in database mailuser.nsf. [0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, LZ1 is en [read] Keywords: admin domino ibm database
522


Disable SMTP-AUTH to stop relay hackers in their tracks
Tue, Nov 26th 2013 8:16a   David Brown
Sometimes setting up a system to allow password authentication is less secure. Ever notice activity like this on your SMTP-enabled Domino server? SMTP Server: Authentication failed for user guest ; connecting host 46.137.108.26 SMTP Server: Authentication failed for user backup ; connecting host 46.137.108.26 etc. Guess what... In this case, I am not happy that ec2-46-137-108-26.eu-west-1.compute.amazonaws.com (Amazon Web Services, Ireland) thinks they need to relay SMTP through my se [read] Keywords: domino ibm lotus bleedyellow bleedyellow.com password server smtp
246


September 3, 2013 10:08 PM
Tue, Sep 3rd 2013 9:14p   David Brown
Ok. I saw this bug mentioned in the Technote explaining the compact -REPLICA options but forgot that it wouldn't be fixed in any of the 8.5.3 HFs (including 8.5.3FP3 HF324) So, if you are tempted to run something like "load compact -REPLICA -IDS_FULL=80"... you should actually run "load compact -REPLICA -IDS_FULL 080" You could also specify "load compact -REPLICA -IDS_FULL=080" Even if the database is not over the 80% threshold (as specified in the example above), ther [read] Keywords: administration ibm ldd lotus ods bug database java
210


A question for a rainy day
Tue, Aug 20th 2013 11:13a   David Brown
...and there have been quite a few of those recently... Has anyone ever seen this for the uninstall icon? [read] Keywords: bleedyellow bleedyellow.com
210


Applying patches to ESXi 5.x without using vSphere or CLI
Tue, Jul 30th 2013 4:13p   David Brown
How to enable and use ESXi Shell Access with the Direct Console to apply patches (when you don't have access to the server via vSphere or CLI) At the direct console of the ESXi host, press F2 and provide credentials when prompted. Scroll to Troubleshooting Options and press Enter. Choose Enable ESXi Shell and press Enter. Press Esc until you return to the main direct console screen. At the main direct console screen, press Alt-F1 to open a virtual console window to the h [read] Keywords: network profile server vmware xml




196


PIRC Design Modification TimeDate Location
Mon, Jun 17th 2013 12:14p   David Brown
PIRC added the "Design Modification TimeDate" the database. It is updated in the database whenever design refresh or replace is run and makes an update. Does anyone know where I can find the "Design Modification TimeDate" field and/or property? Is it available in the Designer client or only via NotesPeek or? Thanks. [read] Keywords: database
237


Configuring a Barracuda for round-robin or failover
Fri, Sep 21st 2012 2:09p   David Brown
Shamelessly grabbed directly from the help file... Destination Server Name/IP - IP address or hostname that receives email after the spam and virus scans. It is usually best to use a hostname rather than an IP address so that the destination mail server can be moved and DNS updated at any time without any changes to the Barracuda Spam & Virus Firewall. Note: If you set Use MX Records below to Yes, you must enter a domain name for this field. If multiple servers are specified, then the [read] Keywords: apple email server virus
111


Thanks for the "details"
Wed, Jun 20th 2012 6:12p   David Brown
[read] Keywords: bleedyellow bleedyellow.com
222


Registering new users with PIRC enabled by default
Wed, Feb 15th 2012 9:12a   David Brown
In the process of enabling PIRC (http://www-01.ibm.com/support/docview.wss?ca=kb&rs=899&uid=swg21501675), it occurs to me that there doesn't seem to be a direct way of PIRC-enabling the new file upon mail database creation. Sure it is easy enough to set the advanced property for all databases in a directory, etc, but that is only as good as the moment you do that. The mailfile for the next user to be registered (and their clustered mail database(s) also created during registration) [read] Keywords: ibm database




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition