Scenario:
1) Company has Exchange 5.5 with all the service packs.
2) Company has user create a new account via web page.
3) User is immediately e-mailed an account and temporary password
3.a) email is NOT authenticated in any way.
3.b) scripting language is iHTML
3.c) User is almost always OUTSIDE the domain.
4) User changes password and is then allowed to do his thing.
Everything works GREAT until a group of people called ORDB come onto the
scene.
You see, the only way this works is that Relaying is enabled in the IMS
settings...also allowing spammers to mercilessly use their website and get
them BLACKLISTED. Mail starts bouncing, connections being refused, etc.
So turn off the routing except to only authenticated users? BAM! every
e-mail functionality of the website dies.
I've tried placing routing restrictions on the IMS so that only the IP
address of the web server can use relaying. Nope. Even though the
scripting language is server side, the email seems to be originating from
the users IP.
I know this because when we opened it up for that IP address, I could open
a browser on the server and everything works fine...but on another user's
machine inside the firewall...It dies.
_____________________________
Even though the user's IP address seems to be used, SOMETHING is going
through the server because the IP address in the iHTML is a 10.10.x.x
(non-routable). Its inside the firewall. Is it somehow translated? Can
you explain that? I didn't think I was net stupid...but alas
------
I thought about creating another IMS module in Exchange (books have talked
about doing this for other reasons) and have it answer on a secret port
(NOT 25). Have this one totally open to relaying. The iHTML can specify
a
specific port to connect to. Stupid idea? If someone found it..the whole
thing would start over again. Is it possible?
------
I thought about having some process sitting somewhere (maybe on the SQL
server) that would do the emailing and have it authenticate. The iHTML
would then only add all the information into a table and be done with it.
The SQL server would check for records every minute or so and e-mail once
for each record it finds. Client doesn't necessarily want this.
Any other advice or ideas from the gurus?
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
