Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Groupwise SMTP authentication

35 views
Skip to first unread message

Massimo Rosen

unread,
Feb 1, 2010, 10:04:46 AM2/1/10
to
Hi,

helpdesk-dehoogstraat wrote:
>
> We have a Groupwise 7 server running in our network. A few days ago we
> discovered that any (unauthenticated) client can send mail through our
> Groupwise (smtp) server,

To what receipient? It's totally normal that any SMTP client can send to
your own users. That's the ultimate job of a GWIA. If you can send to
external internet users that way, someone must have enabled relaying in
your GWIA.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Massimo Rosen

unread,
Feb 1, 2010, 3:42:20 PM2/1/10
to
Hi,

helpdesk-dehoogstraat wrote:
>
> To internal addresses. But stil, is it possible to force any user on the
> network to authenticate to the smtp server before sending anything?

Is your GWIA also used to receive email from the internet? In that case,
no.

> Now
> users can install tools on their computers and use the smtp server to
> spam eachother if they wanted.

Same with pretty much every email server in the world. And guess what, I
can even do that from the internet. That's how SMTP works.

DZanre

unread,
Feb 2, 2010, 10:49:18 AM2/2/10
to
helpdesk-dehoogstraat wrote:

> Really? My providers smtp server needs authentication before I can send
> anything. Our GWIA isn't connected directly to the internet but first
> connects to a mailrelay which also filters spam etcetera.

Yeah - but your provider's SMTP server is forcing you to authenticate to
"relay". I.e., when you connect to Comcast's or Verizon's, or whoever's
SMTP server, you are probably not sending to a Comcast or Verizon account,
and these servers are set up specifically to accommodate POP3/IMAP4 users
and have nothing to do with the mail that is being received for the ISP's
own domains. Your GWIA is dual purpose. It's primary function is to
receive mail for your site, and as such is required to receive ALL mail for
your site, regardless of what "SMTP Engine/Server" is sending it. Your GWIA
has no idea that, for example, a user is sending via Thunderbird, or
Postfix! It has to receive the mail if it is for your domain, or you
wouldn't ever get ANY email for your domain.

If you are so concerned with what your "internal users" are doing, perhaps
you should address this more at your firewall. It's possible to configure
most sites to prevent workstations from sending on port 25, either by
blocking it at the workstation itself (local firewall), or configuring your
network in such a way that only your external router (and selected IP
addresses) have rights to send to your GWIA. Some of this can be done at
the router, and the GWIA's Access Control can also reject mail from other
internal IP addresses should you so choose!


--
Danita
Novell Knowledge Partner
Moving GroupWise to Linux?
http://www.caledonia.net/gwmove.html

0 new messages