|
2 PCs running W2K & W2K server (there's also an iMac but I won't start to complicate matters http://bbs.scoobynet.co.uk/wink.gif )
Want to run Exch 5.5 & use that to send/recieve emails to the lan. Using a Cisco 760 router to share internet access in the house. Zonealarm as well. Surftime account via Demon. 1) Am able to send but not recieve emails via the lan/router - what have I missed? Demon I know has post.demon.co.uk to use as outgoing & pop3.demon.co.uk for tapping incoming. Can't see where this needs to be set up - no mention of usernames/passwords. Is it Zonealarm causing this problem? Apparently my port 25 is closed http://bbs.scoobynet.co.uk/confused.gif How can I open this? 2) If I were to use Proxy Server would I get any further security benefits, bearing in mind the router I've got? http://bbs.scoobynet.co.uk/smile.gif |
I am totally sh1t at this It bollox,but have you checked under "programs" in Zonealarm to ensure the mail program is ticked?
can't help with the rest,you were speaking arabic. |
Hey Puff
You and I do need to have a chat but I haven't had the time. Anyhow exchange doesn't connect to pop3 unless you have a small business server version. That said thou demon give you smtp in both directions sooo all that should happen is when the server connects via the router demon should connect to port 25 of the server and send you the mail. Give me a ring on 07973703301 or 01314679999 on MOnday and I will explain!! Regards Willie [This message has been edited by WillieF (edited 12 August 2001).] |
Or mail me...
|
dba
Thanks - I have checked that http://bbs.scoobynet.co.uk/biggrin.gif Willie Willdo - Seems that I may have a problem with my port 25. Need to find some way of unblocking it then... Running a port sniffer at the moment which is quite interesting http://bbs.scoobynet.co.uk/wink.gif |
Puff,
Willie is right. You gotta set up your Exchange server to connect to the Demon SMTP server (via port 25). That way all of your mail will be handled and stored locally (in Exchange). POP3 is for wimps http://bbs.scoobynet.co.uk/wink.gif As for opening up your firewall (for port 25), i guess you gotta read the instructions for Zonealarm!!! Just one thing - don't open 25 to "anyone" - only the trusted Demon servers. mb |
I don't think you can open up ports to specific address ranges in ZoneAlarm -- they're either 'open' or 'closed'. If you *don't* use SMTP delivery, you won't need your local network to act as a server for anything so you can close off all the ports. POP3 connects on port 110, but that's 110 at the server end and a high port number at the client end.
However, it looks like your version of Exchang (sledgehammer to crack a nut) doesn't support POP3 delivery, so you need to find it in the 'programs' list in ZA, and check 'allow access to local network', 'allow access to internet', 'allow to act as local server' and 'allow to act as internet server' (and probably 'pass lock' while you're at it). If you're then worried about security (e.g. people SMTP tunnelling from the internet), you could probably set up an access list on the 760 but I think someone mentioned in another thread that it doesn't support them http://bbs.scoobynet.co.uk/frown.gif Have you tried using something simpler? VPOP3 will collect mail from a POP3 mailbox and act as a local server for delivery around a LAN. I presume this is a home-based thing rather than an office-based one? |
Just out of interest.... the problem I ALLWAYS had when configuring Ex 5.5 with demon was when you configure imc or ims what ever it was called in 5.5 there was a option button Reroute incoming mail (required for POP3 support) make sure this is NOT Selected..
Hope it is working ok now. Should work other than that... David |
I assume for outgoing connections you're using NAT on the Cisco to translate your private addressing?
Have you bound incoming connections on port 25 through to your exchange box? But do you have a static IP from the isp? I'm not familiar with the 760 - I don't know how you do this if it's not running IOS http://bbs.scoobynet.co.uk/smile.gif Richard |
http://bbs.scoobynet.co.uk/eek.gif
So much to learn - thanks for your replies so far! Did manage to get 2 emails come into me - somehow - but the experience hasn't been repeated http://bbs.scoobynet.co.uk/rolleyes.gif What about Proxy Server? Any security benefits of installing it? |
With Demon you get static IP -- but only 1 IP address. I think perhaps this is where the problem is -- the router will need to do NAT. I know that if you do Demon ADSL you get five addresses to play with (i.e. a /29), but on dialup it's only one.
From |
From CCO
"Cisco 700 series routers provide PAT, enabling local hosts on a private IP network to communicate externally. Packets destined for an external address have their private IP address plus port number translated to the router's external IP address before the IP packet is forwarded to the WAN. IP packets returning to the router have their external IP addresses (plus port number) translated back to the private IP addresses, and the packets are forwarded to the LAN. " the command is "set ip pat on" i.e. it will then it will automatically Xlate all outbound connections behind the dial-in address. The key I guess is whether the exchange box is going to poll the mail servers to check for incoming mail which (zone alarm aside) should be fine or whether you need the remote mail server to initiate the connection. In which case you would need to set up a static IP address, a DNS entry for your mail domain pointing at your static IP, and a specific translation on the 760 to map port 25 traffic to your server IP - you need to configure a smtp port handler for this :- set ip pat porthandler smtp 172.27.0.2 (with your exchange box address obviuosly http://bbs.scoobynet.co.uk/smile.gif) Puff if you run a proxy then make sure you turn your local cache right down (or the proxy's). With 1 or 2 users and two cahces (local machine and proxy). If one doesn't have it then neither will the other - and you just end up with delays (albeit v.small) as all the various caches are checked. People will have differing views but, if you are natting behind the 760 router then that should provide most of the security that personal firewalls provide as there is no way for remote connections to be initiated to the server or PCs. (except port 25) Url for 760 commands |
Puff
Proxy server will provide little additional security if you're running NAT on the Cisco. Are you?! It may well improve the load time of commonly downloaded pages though. But be aware you cannot proxy an smtp connection..... Your biggest security risk will be to allow incoming smtp connections (especially if you can't use an access list on the Cisco to restrict this to only the Demon smtp boxes) - I'm not sure what vulnerabilites exist for Exchange, but get the box patched up http://bbs.scoobynet.co.uk/smile.gif Also shut down as many smtp options as poss under Exchange (to see them, telnet to port 25 and type help [you may need a 'helo' first]). Or do as was recommended above, dump Exchange and go with a pop3 solution. This allows you to keep your 'outgoing connections only' NAT rule. All incoming requests will be dropped, leaving a hacker only trojans or session hijacks. If you do allow the incoming connection; it is probably easier to set the NAT up to forward all incoming ports to your Exchange host....don't do this! Make it only incoming requests on 25. Richard |
Puff
Just out of curiosity - how many users do you have at home to need full-blown exchange http://bbs.scoobynet.co.uk/smile.gif - I hope its all licensed http://bbs.scoobynet.co.uk/biggrin.gif |
Dean
Well, there's me & the wife & Ez http://bbs.scoobynet.co.uk/biggrin.gif & of course I'm using a licensed copy http://bbs.scoobynet.co.uk/smile.gif Seriously, I know it's overkill (understatement http://bbs.scoobynet.co.uk/biggrin.gif ) but as I'm the only muppet who looks after our network at work, its not a bad idea to try & duplicate it at home, when I'm free of calls/interuptions etc. Also enables me to gain (much needed http://bbs.scoobynet.co.uk/wink.gif ) experience/knowledge in looking after/setting up these sort of things & allows for a certain amount of product testing. I'm mainly self-taught & we don't have a training budget http://bbs.scoobynet.co.uk/rolleyes.gif Anyway, it doesn't matter if I fubar the set-up, as its not mission critical!!! http://bbs.scoobynet.co.uk/eek.gif All ideas/tips etc from the very knowledgeable people on the bbs all helps http://bbs.scoobynet.co.uk/smile.gif Thanks peeps http://bbs.scoobynet.co.uk/smile.gif |
However, might go & get vPOP3 - presume its OK for Macs too?
|
of course you could use demon as a smart mailhost and get your x55 server to poll the demon server every 5 mins, that way you dont have to worry about anon incoming smtp connections.
your x55 server will be initiating the port 25 connection each time so this should get around the issues of zonealarm blocking the incoming port 25 stuff.. Any |
|
First ensure that your incoming smtp mail is delieverd to the demon smtp server which is your smarthost..
next go to your internet mail service(IMS) settings in x55, set the connections tab to send via DNS and select outgoing only. Then create a new IMS and set it to incoming only and setup the polling of mail via the dial up connection, specify the period required and the host to retrieve from. More time consuming overall but worth it as you can control the mail flow more precisely |
Puff
If you can identify exactly want you want the router to do, I can give you a config. Along the lines of PCs addresses, ISP number etc. + Plus details of want you want allowed inbound i.e. SMTP to Box A, WWW to Box B etc plus outbound. (Typically allow any connection initiated on the home LAN out). Bear in mind that unless you have an ISDN account with fixed IP address (e.g. Demon business) the options for inbound connections are very limited as no-one will know your IP address http://bbs.scoobynet.co.uk/smile.gif Can't help too much on mail/exchange 'cos its not my thing. (Cisco's however are !) If you power the router up and can get a terminal on the console the output of "show ver" would tell us what IOS and memory the box has. It may take a "firewall feature" set IOS which again gives a bit more scope for fancy configs. Mail off-line if you want. Deano |
Dean
& to think that tonight I might shoot you in the back http://bbs.scoobynet.co.uk/eek.gif http://bbs.scoobynet.co.uk/wink.gif I've emailed you an ISDN phone number that is there for remote admin via the console... http://bbs.scoobynet.co.uk/smile.gif |
You can run full servers off a demon connection without problems. I've been testing a full server (DNS, WWW, EMAIL) off the back of a demon connection for 24/7 without problems, prior to co-lo in telehouse.
However, issues you are likely to hit are regarding the ports you do/do not open up for incoming/outgoing access, both on the router and also on ZoneAlarm (plus IPSEC/ TCPIP filtering if you're using them). Whatever happens ensure you DO NOT allow relaying through exchange! Most exchange servers set up by 'self taught' people are totally open and as you are on the end of a static IP from demon you're likely to find that you are regularly scanned for open ports (I got several realy attempts per day!). Ensure you pass the tests at |
Kryten
LOL Funny you should mention about relay & Exchange... Easynet, who supplied/configured our leased line, suddenly rang up about 3 months ago & gave me 40 minutes to reconfigure our server against relaying, or they would turn off the connection http://bbs.scoobynet.co.uk/eek.gif Seems they had only *just* become aware that it was happening http://bbs.scoobynet.co.uk/eek.gif & this was their knee-jerk reaction. Fortunately, after a bit of abuse from me http://bbs.scoobynet.co.uk/wink.gif , I was told how to do it, so did. Just rather tedious exercise http://bbs.scoobynet.co.uk/rolleyes.gif http://bbs.scoobynet.co.uk/smile.gif |
Hehe http://bbs.scoobynet.co.uk/biggrin.gif
I now have access to a Cisco 1600 series jobbie http://bbs.scoobynet.co.uk/biggrin.gif In theory this should allow me to sort out the Exchange/Demon bit + be more secure & I'm sure there will be further benefits. Or am I wrong again? http://bbs.scoobynet.co.uk/rolleyes.gif |
Well at least it's more likely that people on here know how to configure it. What interfaces does it have, and what IOS version and featureset?
|
http://bbs.scoobynet.co.uk/eek.gif more questions http://bbs.scoobynet.co.uk/eek.gif
The model is a 1603 Its been used as 1 of 2 identical routers acting as, well, routers between our network and another with a dedicated 128k line. Therefore it would appear to have an X21 lead, which is no good for me. However, it has an ISDN BRI port which will do for my Home Highway. I have various bits of software, an IP pack, including Configmaker, and that would appear to be/have IOS 12.0 http://bbs.scoobynet.co.uk/confused.gif However, I've also got a 1601 & that is still in use & I've got software for that as well, or is it all the same for the series & interchangeable? Not sure exactly what is what. Any way to find out? Also has a flash card. |
There should be a console port on the back that you plug an RJ-45 into. Then you need an RJ-45 to 9 or 25-pin serial adapter and plug into the serial port of your PC. Use a terminal emulator (hyperterm is fine) set to 9600 baud and you will be able to log on to the router and find out its config (if you know the passwords -- they're probably 'cisco' and 'cisco'). Log in with a password, then type 'enable' and put in the enable password. Then 'sh ver' will show you which IOS is running, 'sh flash' will show you what's on the flash card and 'sh run' will show the current config.
Config maker -- never used it. The IOS will be the same for the 1601 and 1603 -- the numbers on the end usually refer to differences in the type of interfaces or number of slots. I presume it has an Ethernet port as well (otherwise it's not going to be much use)? What you really need is a guide to configuring Cisco IOS. You can download a lot of stuff from |
Puff - why not post the ISDN # to the board? You *know* it makes sense http://bbs.scoobynet.co.uk/biggrin.gif
Richard |
Richard
Even though Dean would like as not shoot me on sight, I trust him http://bbs.scoobynet.co.uk/biggrin.gif http://bbs.scoobynet.co.uk/smile.gif |
The reason they threaten to cut the line is twofold. One is the extra bandwidth through their network it will use, the other is that as the spam is appearing from their network, they could end up on the RBL lists.
A guy I know didn't patch his server (despite repeated reminders) and I got a frantic phone call one day to say that his provider had shut his link down due to spamming. Got him to check the mail queues and there were 200,000 messages in the queue waiting to be sent! Once you're discovered as a relay, your IP address makes it onto newsgroups/spam websites within minutes http://bbs.scoobynet.co.uk/frown.gif |
| All times are GMT +1. The time now is 10:24 PM. |
© 2024 MH Sub I, LLC dba Internet Brands