Enable SMTP authentication and create anonymous authentication in Domino
We all know that being an enterprise administrator is a great thing. Why is it so nice? It is because the enterprise administrator has a high level of permissions and the data of all users is transparent to administrators, at the same time, it is also a matter of pressure, so why do we say so? Let's take an email for example. Many users will find many problems during use, such as failed email sending, some emails cannot be accepted, or even the enterprise's email system is under attack, resulting in paralysis of the email system. As a result, the pressure on administrators is quite high, another possibility is that users in Domino can use their valid accounts and passwords to verify the email addresses of other users in the enterprise to send emails. This problem is indeed a headache and a risk, the employee was impatient and used his own user and password to verify the boss of the company to send an anonymous email. The consequence is unimaginable. Today we will introduce it mainly, this section also describes how to prevent users from using their own users and passwords to authenticate emails sent over the internet. If SMTP authentication is enabled, sends an anonymous message to a user, an IP address, or an IP address segment. If the company has rich resources, you can create a separate server to allow anonymous links, but this is not safe. The best way is to create an SMTP verification exception.
In fact, today we will mainly introduce how to create smtp validation columns, because many systems in the company sometimes do not have valid users and passwords for verification;
For example, to send a TMG traffic report, you need to fill in the sending Address and Receiving address, but you cannot fill in the verification user information of the mail sending address. In fact, many systems in the Enterprise will have such problems, for specific solutions, see
1. Enable SMTP authentication Configuration
1. Modify the server configuration document to disable anonymous connections to SMTP on the server.
2. Add SMTP-related verification parameters
3. Restart the service to make the configuration take effect.
4. Test SMTP verification through outlook Configuration
2. Create an SMTP sending exception to allow an IP address segment to run anonymous connections
1. Modify the server configuration and enter the IP address and IP address segment that can be sent through anonymous links.
2. Restart the server to make the server configuration take effect.
3. Test with outlook
Environment Introduction
Domino Name: dsgrd.com
Hostname: dsgrd-mail01.dsgrd.com
IP: 192.168.220.10
Roles: Domino server
Hostname: dsgrd-mail02.dsgrd.com
IP: 192.168.220.11
Roles: Domino server
1. Enable SMTP Verification
1. Modify server document configuration and disable anonymous access
Open Server document configuration-
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F31Q9-0.png "height =" 508 "/>
Server document configuration --- port --- internet port --- mail
Change the anonymous status of SMTP external control from: yes to no
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F35252-1.png "height =" 530 "/>
Save the server configuration after change and continue changing the same configuration for the server dsgrd-mail02
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F34049-2.png "height =" 525 "/>
Next, add the server parameter, which must be added to the notes. ini file of the server configuration file,
Let's open the notes. ini for dsgrd-mail01 \ dsgrd-mail02 separately and add the following parameters
The Notes. ini file is in the Domino installation directory.
SMTPVerifyAuthenticatedSender = 1
SMTPAllowConnectionsAnonymous = 1
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F31196-3.png "height =" 581 "/>
After adding the service, we need to restart the service to take effect. In the console, restart server
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F32007-4.png "height =" 566 "/>
Next we test, I created the zhangsan, server address dsgrd-mail01.dsgrd.com in the environment
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F324D-5.png "height =" 541 "/>
We configure and test in outlook
The system prompts "530 Verification Failed" when sending test account settings
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F31034-6.png "height =" 586 "/>
Next, we will change SMTP verification in outlook and test again.
Other settings of outlook --- sending server --- check my sending server smtp) requirements Verification
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F3N30-7.png "height =" 598 "/>
Test passed
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F363J-8.png "height =" 563 "/>
Next we will use zhangsan's valid user and password to verify the lisi@dsgrd.com to send the mail,
Verification Failed; prompt that the sending Address has not been authenticated session
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F34K4-9.png "height =" 620 "/>
This error is prompted because the authenticated user and password do not match the internet address.
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F33616-10.png "height =" 527 "/>
All the above configurations and demos for SMTP verification. Next we will create an smtp validation column, because many systems in the company sometimes fail to verify that they do not have valid users and passwords;
For example, to send a TMG traffic report, you need to fill in the sending Address and Receiving address, but you cannot fill in the verification user information of the mail sending address. In fact, many systems in the Enterprise will have such problems, to solve this problem, modify the server configuration. For details, see:
1.
Open Server Configuration --- vro/SMTP ---- restriction and control ---- SMTP external control ---- external control connection --- only allow the following Internet address links and fill in the IP address or IP address segment that requires anonymous connection
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F34935-11.png "height =" 599 "/>
We will allow anonymous connections to 192.168.220.20.
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F32E2-12.png "height =" 523 "/>
Then set external relay force-do not check these linked hosts during relay:
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F3G12-13.png "height =" 546 "/>
Restart the service and test the configuration.
Cancel outlook settings --- SMTP sending request verification
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F3I39-14.png "height =" 565 "/>
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F3NR-15.png "height =" 577 "/>
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/001F34044-16.png "height =" 579 "/>
This article from "Gao Wenlong" blog, please be sure to keep this source http://gaowenlong.blog.51cto.com/451336/1304762