 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / New Users / February 2005IMF vs SmtpMail
This began when I installed the Intelligent Message Filter on the Exchange Server 2003 I use to send the mail: "Error sending email: The message could not be sent to the SMTP server. The transport error code was 0x800ccc69. The server response was 550 5.7.1 Requested action not taken: message refused" And from the Exchange Server Event Log: "The message with ID <000001c5190f$32fd44b0$0302010a@sierra.todomain.com>, P1 From smtp:kal@fromdomain.com, Subject email test, from remote host "EXCHANGESERVER" was Rejected/Deleted by Intelligent Message Filter. This is an informational event and does not indicate an error. MSExchangeTransport SMTP Protocol Event ID: 7512" The same thing happens with ASP code taken from the MSDN article "Sending SMTP Mail by Port 25 Using CDOSYS". These give error messages '8004020f' and '0x80040211' but I believe it is the same problem. Is there a way to use CDO (I guess SmtpMail uses this) and not have the message trapped? Kal Hi Based on my knowledge, the IMF can be considered as a serverside event sink dll, it is located at the server side and monitor the incoming mail and filter them based on certain conditions. So I think the problem seems to be at the server side. To isolate the problem, I think we may try to use a mail client, e.g. Outlook Express to send the same mail with identity subject,mail receipt and so on to see if the similar problem will occur. Also for exchange problem, I think you may try to post in the exchange related newsgroup, so that othe community will benifit from your experience. microsoft.public.exchange.admin microsoft.public.exchange If you still have any concern, please feel free to post here. Best regards, Peter Huang Microsoft Online Partner Support  SignatureGet Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Outlook Express goes thru without a problem. I did not find microsoft.public.exchange. Kal > Hi > [quoted text clipped - 24 lines] > This posting is provided "AS IS" with no warranties, and confers no > rights. Hi I also have discussed with our exchange engineer. Here is his suggestion! Based on our understanding,currently, you are sending mail with a software written by yourself, and mails from it are rejected after IMF installed. But Exchange response 5.7.1 in NDR, which generally means "unable to relay". This is a problem on SMTP virtual server configuration, but not about IMF. For NDR 5.7.1, here is a part of KB284204. Numeric Code: 5.7.1 Possible Causes: o General access denied, sender access denied - the sender of the message does not have the privileges required to complete delivery. o You are trying to relay your mail through another SMTP server and it does not permit you to relay. o The recipient might have mailbox delivery restrictions enabled. For example, a recipient's mailbox delivery restriction was set to receive from a Distribution List only and non-members' email will be rejected with this error. o For Exchange Server 2003, a distribution list can be configured to restrict mail delivery from unauthenticated users. Mail that is sent by using an unauthenticated SMTP session are rejected. Troubleshooting: Check system privileges and attributes for the contact and retry the message. Also, make sure you are running Exchange 2000 Service Pack 1 or later for other potential known issues. Delivery status notifications in Exchange Server and in Small Business Server http://support.microsoft.com/?id=284204 He suggested that we can try two steps: 1. disable IMF and check if the problem remains 2. use a mail client such as outlook express or simply telnet to submit a mail, check if it works If you still have any other concern, please feel free to post here. Best regards, Peter Huang Microsoft Online Partner Support SignatureGet Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Peter, Thanks for your help. The Exchange Engineer did not read the entire message, specifically the part from the Event Log. Never-the-less, the suggestion led to useful information. I disabled IMF and SmtpMail worked as before. While doing it I noted that this small app was written to send a logfile on an error condition, so I re-enabled IMF and disabled the attached logfile. Again the message went thru. I reattached the logfile and it was blocked. The attachment was named testfile.log, so I changed the attachment name to testfile.txt and tried it again. Again it worked. In summary, an attachment named testfile.log is blocked by IMF but an identical attachment named testfile.txt is not blocked. A message with no attachment is not blocked. Kal > Hi > [quoted text clipped - 46 lines] > This posting is provided "AS IS" with no warranties, and confers no > rights. Hi I am glad that you have resolved the problem. Since I am not familar with Exchange, and I am sorry for the response before. If you still have other dot issue, please feel free to post here. Thanks for your understanding! Best regards, Peter Huang Microsoft Online Partner Support SignatureGet Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Hi Kal, Ignore the advice to uninstall IMF. You need to send authenticated e-mail. You can do this either with Windows authentication (e.g. the service account or app pool account running your application), or you can pass the credentials to the SMTP server. Both methods can be done with CDOSYS. There is an excellent FAQ at SystemWebMail.com with a good topic on sending authenticated e-mail to your SMTP server. http://www.systemwebmail.com/faq/3.8.aspx One thing missing from that faq: if you set smtpauthenticate to "2" then you are using Windows Authentication. Signature--- Nick Malik [Microsoft] MCSD, CFPS, Certified Scrummaster http://blogs.msdn.com/nickmalik Disclaimer: Opinions expressed in this forum are my own, and not representative of my employer. I do not answer questions on behalf of my employer. I'm just a programmer helping programmers. -- > This began when I installed the Intelligent Message Filter on the Exchange > Server 2003 I use to send the mail: [quoted text clipped - 20 lines] > > Kal Thanks Nick, Not my exact problem, but useful. I have used systemwebmail's information previously, and it is excellent. I do not allow authentication as a compromised password will allow spammers access. The only allowed relay is by ip address and these are all on my private network in the 10.1.x.x series. Kal > Hi Kal, > [quoted text clipped - 36 lines] >> >> Kal Hello Kal, > I do not allow authentication as a compromised password will allow > spammers access. If you use windows authentication, you do not have to put the userid or password into the code. The Userid and Password are simply derived from the app pool account you have already set up. Signature--- Nick Malik [Microsoft] MCSD, CFPS, Certified Scrummaster http://blogs.msdn.com/nickmalik Disclaimer: Opinions expressed in this forum are my own, and not representative of my employer. I do not answer questions on behalf of my employer. I'm just a programmer helping programmers. -- Nick, If you allow relay for the internal network you can use anonymous and no userid or password. If you allow only anonymous no one can use exchange to crack your passwords because authentication is simply not being done. Kal > Hello Kal, > [quoted text clipped - 4 lines] > password into the code. The Userid and Password are simply derived from > the app pool account you have already set up. Hi Kal, If someone can get your passwords from the app pool, they aren't using Exchange to crack your passwords. They'd need access to the physical servers. (Hope you have a few locked doors :-). The credentials are already in the app pool. By using anonymous e-mail, your app is simply ignoring the credentials available to it. Anonymous access gives your internal applications the ability to send e-mail with two lines less of code. However, the receiving e-mail client may decide that the message came from an external spammer, because the e-mail "from" address is not verified. Outlook 2003 will frequently consider these messages to be Junk Mail and move them out of the recipient's In Box. If you want your messages to always get to the reader, Authenticate. In my personal opinion, all anonymous access to e-mail should be completely banned as the first step in a long process of killing off the sourge of unsolicited e-mail. If you want to make an argument, based on security, for using anonymous e-mail, I'd suggest strongly that spam fighting is a far greater benefit to your organization than the minor code inconvenience (with zero security impact) of using authenticate e-mail. If you want to debate the merits of anonymous vs authenticated e-mail, and the security implications thereof, I'd suggest that you post a query on one of the exchange or security groups. Signature--- Nick Malik [Microsoft] MCSD, CFPS, Certified Scrummaster http://blogs.msdn.com/nickmalik Disclaimer: Opinions expressed in this forum are my own, and not representative of my employer. I do not answer questions on behalf of my employer. I'm just a programmer helping programmers. -- > Nick, > If you allow relay for the internal network you can use anonymous and no [quoted text clipped - 10 lines] >> password into the code. The Userid and Password are simply derived from >> the app pool account you have already set up. Nick, As I understand it, if you allow authenticated users to send email any compromised password will allow spamming, however the compromise was accomplished. As I recall, authentication does not discriminate between internal and external. If you do not allow authentication I fail to see how it will provide an opening to a spammer, provided you do not have an open relay. I am pretty sure this recommendation came from an MS document. I do not have it at hand so cannot refer you. I do not want to have a debate. Neither am I sure that allowing authentication improves security. I take your point that it improves chances for successful delivery. On this webserver we have form based email that users who have authenticated to the website but who are not members of the domain can use to send email. The from address on this email is taken from the user's web login. In order for this email to be authenticated it would need to show a from address of a domain member. Is that correct? How would you propose to handle this? My objective here is to be able to remove SMTP from the webserver. It appears that spammers are using it for an NDR spam scam, and the Exchange Server seems to provide more control. Kal > Hi Kal, > [quoted text clipped - 39 lines] >>> password into the code. The Userid and Password are simply derived from >>> the app pool account you have already set up. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.