Hi Thomas, The mail flow is this:
Outbound OC -> HE -> ASSP -> Internet Inbound Internet -> ASSP -> HE -> OC Inbound works fine as we can set up an inbound connector on Office 365 and tell it to accept mail for specific domains from our ASSP IP address. Outbound is the issue. HE communicates uses "outbound connectors". The only thing you can configure in an outbound connector is the IP address it delivers to. There is no ability to specify a username and password, there is no ability to specify a different port. In the end, I have assigned an extra IP address to the ASSP server. I have bound the normal traffic to the main IP, port 25 and bound the relay port to the second IP, port 25. I've made sure that the second IP is locked down. The data centre firewall, iptables and allowRelayCon are configured to only accept port 25 mail locally or from the IP blocks that Microsoft use. The only improvement I could make would be to limit the sender domains allowed by connections to relayPort. All the best, Colin Waring. On 11/08/2014 12:39, Thomas Eckardt wrote: > Collin, > > the infrastructure behind your Office 365 implementation is still unclear > to me. > It does not matter if this szenario is used by an ISP or a local company. > > assuming the following: > > - you have local Office 365 clients -> OC > - you have a local assp instance ->assp > - you have a hosted Exchange 365 instance -> HE > > Where local means 'local' in terms of assp - this could be any client and > assp in the world. All OC's should connect to assp using the 'relayPort' > or the 'listenPort2'. Foreign connections should go to the assp > 'listenPort'. > > OC is getting mails from HE using POP3 - that's clear to me > OC (and local printers/faxmachines/scanners/notifyers....) sends all mails > (local and outgoing) to assp and assp forwards the mails to HE using TLS > (and injected AUTH for the local > printers/faxmachines/scanners/notifyers....) - that's clear to me > Because assp should scan incoming foreign mails for spam, the domain MX > points to assp - assp forwards the good mails to a local MTA(forwarder), > which sends the mails to the HE . > > >> get ASSP and Office 365 talking seen as Office 365 can't do outbound > authentication > > Now the question: > > - all OC must (IMHO) use TLS and AUTH to connect to the HE directly - why > they can't do this through assp? > - in which case the HE is connecting to assp via SMTP - the only case > where AUTH will be a problem ? > > Please help me to understand the problem - it seems that you do something > different? > > Thomas > > > Von: Colin <colin.war...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 09.08.2014 12:07 > Betreff: Re: [Assp-test] FW: Email interface kicking in on > external mail? > > > > Thanks for the clarification. > > This was an attempt to get ASSP and Office 365 talking seen as Office > 365 can't do outbound authentication. Unfortunately it has meant that > anyone using Office 365 was treated as a local user which is something > that we cannot have so I will have to take it all out and find another > solution to Office 365. > > My personal preference for the email interface would be to be able to > restrict it and just have it work on a defined domain (ie smtphost.co.uk > for us) but if you're happy with just the requirement to define unique > addresses then that's OK as it is your software! > > All the best, > Colin Waring. > >> -----Original Message----- >> From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] >> Sent: 08 August 2014 11:07 >> To: ASSP development mailing list >> Subject: Re: [Assp-test] Email interface kicking in on external mail? >> >> don't use 'acceptAllMail' for foreign IP's - I never used it for any IP, >> because it is an old legacy problematic feature - use the 'relayPort' >> instead >> I know, that is must be used in some cases for local IP's. For example , >> if you can't define the destination-port for a SMTP-server in another >> application (report/notifications). >> >> 'assphelp' is the default for 'EmailHelp' >> >> From the GUI: >> >> Enable Email Interface (EmailInterfaceOk) • >> Checked means that you want ASSP to intercept and parse mail to the >> following usernames at any localdomains. The domain '@assp.local' is >> automatically a local domain and can be used for the email-interface. >> read: 'at any localdomains' !!!! >> >> How ever - IP's connected to the relayPort are authenticated to relay > and >> to use the emailinterface ..... >> >> The usernames used in the emailinterface/BlockReport have to be unique > for >> all local domains - this is a simple conclution - and every username >> should show, what it is used for. >> This requires no additionally exception lists or definitions - only a >> clear setup. >> >> Thomas >> >> >> >> >> > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
