Well, don't you normally send all your messages from that machine ASSP and Exchange are on? If not, put the IP's of all the other sending machines in AcceptAllMail and you should be set. I still don't see how you're seen as an open relay because as your log shows, ASSP refuses and drops the connection, so why would any open relay tester think it accepts it? Presumably it would think that only if it got 250 OK at the end of the DATA command! It would *really* help to show the full log for a mail flow from an open relay tester tagging you. And have logging be set to verbose for everything.
Ah, wait, I think I got it! Was looking in the Relaying section, wondering why the hell it wouldn't let you relay anyway since 127.0.0.1 is in Accep All Mail when I saw below the option, enabled by default : *Move Local Connection with wrong Sender Address to NULL /(LocalSender2NULL)/ <http://127.0.0.1:55555/#LocalSender2NULL> * * If set, ASSP will move all Local connections where the sender failed DoLocalSenderDomain <http://127.0.0.1:55555/#DoLocalSenderDomain> or DoLocalSenderAddress <http://127.0.0.1:55555/#DoLocalSenderAddress> to a NULL-connection. The sender will receive "250 OK". * What this means as I understand it is that if a sender is not in localdomains or localaddress, ASSP just drops the e-mail (as I understand it, regardless of what's in Accep All Mail). What is worse is the senders receive the SMTP status code "250 OK" so they think it got through, and open-relay testers see that status and think you're an open relay. You can turn off this option and fill in the localdomains, and everything should work. I can only venture to say this option is there to prevent infected machines on your network sending spam with forged from addresses (as it always happens) - but not sure. You need to turn it off. As for local addresses check, like I said in the forum, the current version now allows ASSP to be the only one that can use VRFY on your server. So just enable VRFY in Exchange, set ASSP to only allow it for itself (I think in the Recipients section you'll find that) and you can then reject mail to invalid users without any risk. Please let us know how it works out... Alex. On 9/23/2009 6:00 PM, Stefan Palan wrote: > Hi Alex, > > Thanks for your reply. You're right, ASSP delivers such messages to my > MTA, but the outgoing message from u...@external_domain1.com and going > to u...@external_domain2.com has to pass through ASSP so addresses can > be whitelisted. That is when it blocks the message, saying the sender > domain is not local. An excerpt from the log says: > > --- > Sep-23-09 00:02:04 [RelayAttempt] 127.0.0.1<u...@external_domain1.com> > to: u...@external_domain2.com attempt blocked for unknown local sender > domain > --- > > If I turn off local domain checking in ASSP, everything works fine on > that end, but open relay tests think my server is an open relay. That is > because it (ASSP) accepts a message for delivery, even though my system > never sends it (because the MTA only sends from authenticated users). > Maybe my current non-default configs help: > > --- > # Relaying # > acceptAllMail -- Accept All Mail*: > 192.168.21.252|192.168.21.249|127.0.0.1 (Default: ) > nolocalDomains -- Skip Local Domain Check: Off (Default: On) > relayHost -- Relay Host: 127.0.0.1:325 (Default: ) > relayPort -- Relay Port: 127.0.0.1:225 (Default: ) > # Recipients # > sendAllAbuseNP -- Skip Spam Checks for Abuse Catchall: On (Default: Off) > --- > > So I take it that it should normally send all messages coming from > 127.0.0.1 or 192.168.21.252 (which is the internal IP of the machine > that ASSP and the MTA are on), even if I turn the Domain check on? What > I cannot do is turn on the local address check, because entering and > updating all my local users in ASSP would take far too much time. > > As for your concern that my system is an open relay, that's not the > case. If I turn off ASSP and set Exchange to listen on port 25, every > open relay test fails. Even in the current configuration, no relay > attempts succeed, even though messages are accepted for delivery by > ASSP. > > Stefan. > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user > > > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
