From: H-Man on
I have a Windows 2000 server with IIS installed

As so many others, I have several laptops out there that have issues
sending email due to port 25 being blocked. I would like to make an
authenticated port (something other than 25) available to my field
personnel and have it forward to my ISP SMTP server on port 25. My internet
domain is hosted by my ISP.

I know this might be a basic question, but how do I go about making IIS
allow a secure connection, accept emails destined for anywhere and forward
it to our ISP's server for further handling?

--
HK
From: Chris M on
On 23/02/2010 22:48, H-Man wrote:
> I have a Windows 2000 server with IIS installed
>
> As so many others, I have several laptops out there that have issues
> sending email due to port 25 being blocked. I would like to make an
> authenticated port (something other than 25) available to my field
> personnel and have it forward to my ISP SMTP server on port 25. My internet
> domain is hosted by my ISP.
>
> I know this might be a basic question, but how do I go about making IIS
> allow a secure connection, accept emails destined for anywhere and forward
> it to our ISP's server for further handling?
>

One way of doing it (sorry if these settings don't look the same in
Windows 2000 but I don't have anything running that version any more!)

Set the SMTP virtual server Authentication setting to require Basic
Authentication. Disable anonymous access. In the relay restrictions,
allow all computers which successfully authenticate to relay.

Now, this will have the unforunate effect of causing your clients to
send their username/passwords across the Internet in clear text which
you obviously don't want. Therefore, set the virtual server to use a
certificate, and require a secure channel for communication. If you're
using a self-signed certificate then your clients will need to trust
this certificate. Set the listening port on the server to 465 (standard
for Secure SMTP). This will secure the connection before authentication
takes place.

Hope this helps,

--
Chris M.


From: H-Man on
On Wed, 24 Feb 2010 10:27:38 +0000, Chris M wrote:

> On 23/02/2010 22:48, H-Man wrote:
>> I have a Windows 2000 server with IIS installed
>>
>> As so many others, I have several laptops out there that have issues
>> sending email due to port 25 being blocked. I would like to make an
>> authenticated port (something other than 25) available to my field
>> personnel and have it forward to my ISP SMTP server on port 25. My internet
>> domain is hosted by my ISP.
>>
>> I know this might be a basic question, but how do I go about making IIS
>> allow a secure connection, accept emails destined for anywhere and forward
>> it to our ISP's server for further handling?
>>
>
> One way of doing it (sorry if these settings don't look the same in
> Windows 2000 but I don't have anything running that version any more!)
>
> Set the SMTP virtual server Authentication setting to require Basic
> Authentication. Disable anonymous access. In the relay restrictions,
> allow all computers which successfully authenticate to relay.
>
> Now, this will have the unforunate effect of causing your clients to
> send their username/passwords across the Internet in clear text which
> you obviously don't want. Therefore, set the virtual server to use a
> certificate, and require a secure channel for communication. If you're
> using a self-signed certificate then your clients will need to trust
> this certificate. Set the listening port on the server to 465 (standard
> for Secure SMTP). This will secure the connection before authentication
> takes place.
>
> Hope this helps,

Thanks,

I'll give it a go.

--
HK
From: H-Man on
On Wed, 24 Feb 2010 10:27:38 +0000, Chris M wrote:

> On 23/02/2010 22:48, H-Man wrote:
>> I have a Windows 2000 server with IIS installed
>>
>> As so many others, I have several laptops out there that have issues
>> sending email due to port 25 being blocked. I would like to make an
>> authenticated port (something other than 25) available to my field
>> personnel and have it forward to my ISP SMTP server on port 25. My internet
>> domain is hosted by my ISP.
>>
>> I know this might be a basic question, but how do I go about making IIS
>> allow a secure connection, accept emails destined for anywhere and forward
>> it to our ISP's server for further handling?
>>
>
> One way of doing it (sorry if these settings don't look the same in
> Windows 2000 but I don't have anything running that version any more!)
>
> Set the SMTP virtual server Authentication setting to require Basic
> Authentication. Disable anonymous access. In the relay restrictions,
> allow all computers which successfully authenticate to relay.
>
> Now, this will have the unforunate effect of causing your clients to
> send their username/passwords across the Internet in clear text which
> you obviously don't want. Therefore, set the virtual server to use a
> certificate, and require a secure channel for communication. If you're
> using a self-signed certificate then your clients will need to trust
> this certificate. Set the listening port on the server to 465 (standard
> for Secure SMTP). This will secure the connection before authentication
> takes place.
>
> Hope this helps,

I got the relay working, thanks for you help.

Just a bit more on certificates.
I tried a self signed certificate, but can't get it to show up so that I
can select it. Win2KS comes with IIS5. The only self ssl tool I could find
to install a certificate was in the IIS6.o resource kit. I installed the
ssldiag too and ran it to create a self-signed cert. It won't show when I
go to select the certificate. I would imagine I'd need to open port 443 on
our corporate firewall then as well, right? The SMTP doe listen on port 465
as indicated.

A self-signed certificate is not a problem as it should only be my staff,
and just a few at that, that need in, so they can accept the certificate as
legit.

--
HK
From: Chris M on
On 24/02/2010 23:22, H-Man wrote:
> On Wed, 24 Feb 2010 10:27:38 +0000, Chris M wrote:
>
>> On 23/02/2010 22:48, H-Man wrote:
>>> I have a Windows 2000 server with IIS installed
>>>
>>> As so many others, I have several laptops out there that have issues
>>> sending email due to port 25 being blocked. I would like to make an
>>> authenticated port (something other than 25) available to my field
>>> personnel and have it forward to my ISP SMTP server on port 25. My internet
>>> domain is hosted by my ISP.
>>>
>>> I know this might be a basic question, but how do I go about making IIS
>>> allow a secure connection, accept emails destined for anywhere and forward
>>> it to our ISP's server for further handling?
>>>
>>
>> One way of doing it (sorry if these settings don't look the same in
>> Windows 2000 but I don't have anything running that version any more!)
>>
>> Set the SMTP virtual server Authentication setting to require Basic
>> Authentication. Disable anonymous access. In the relay restrictions,
>> allow all computers which successfully authenticate to relay.
>>
>> Now, this will have the unforunate effect of causing your clients to
>> send their username/passwords across the Internet in clear text which
>> you obviously don't want. Therefore, set the virtual server to use a
>> certificate, and require a secure channel for communication. If you're
>> using a self-signed certificate then your clients will need to trust
>> this certificate. Set the listening port on the server to 465 (standard
>> for Secure SMTP). This will secure the connection before authentication
>> takes place.
>>
>> Hope this helps,
>
> I got the relay working, thanks for you help.
>
> Just a bit more on certificates.
> I tried a self signed certificate, but can't get it to show up so that I
> can select it. Win2KS comes with IIS5. The only self ssl tool I could find
> to install a certificate was in the IIS6.o resource kit. I installed the
> ssldiag too and ran it to create a self-signed cert. It won't show when I
> go to select the certificate. I would imagine I'd need to open port 443 on
> our corporate firewall then as well, right? The SMTP doe listen on port 465
> as indicated.
>
> A self-signed certificate is not a problem as it should only be my staff,
> and just a few at that, that need in, so they can accept the certificate as
> legit.

Sorry, I'm not able to jump onto a Windows 2000 box so I can't really
try this myself. Did you import the certificate into the local computer
certificate store?

You won't need to open 443 incoming - just 465.

--
Chris M.