• State Not Answered
  • Replies replies
    8
  • Subscribers subscribers
    15
  • Views views
    700
  • Users 0 members are here
  • Locked Locked
Related
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Control

MigrationDeletedUser
I need help understanding the Access Control settings.
I have 2014 SP1 installed on a SuSE 11 SP3, only one Post Office, Domain, and all agents are on this dedicated server.

I want to lock down incoming messages to specific internet IPs.
We have moved our email security to the cloud, thus the reason for this.
I have made the necessary changes to the DNS Server yesterday and I came in early this morning in hopes of finishing up.
In the GWIA Access Control settings for the Default Class of Service, under SMTP Incoming, I added the IPs that the vendor said we would use under the 'Allow messages from:'

Question: In adding the IPs can I use wildcards for this? For example, if an IP Range is: 10.10.10.20-10.10.10.30, is 10.10.10.2? a valid entry?

I then selected 'Prevent incoming messages', clicked OK until I was all the way out of the gwia settings, then restart the gwia agent.
I sent a test message from my personal (hotmail) account and it was immediately rejected as undeliverable.
(Naturally, I went back in and selected 'Allow incoming messages' until I can get a successful test).

I'm thinking that it might be the wildcard that is not acceptable?
If not, then I don't know what else I need to do.

I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic from a specific site.
Which shows: In the Exceptions, "Allow messages from" section , put in an entry of, *@*.*
However, I don't THINK it applies since it lists only GW versions 6 - 8.(?)

Many thanks!

Stan
Parents
  • 0
    Hi.

    Am 12.11.2014 13:56, schrieb Demaximis:
    >
    > I need help understanding the Access Control settings.

    Yes. ;)


    > Question: In adding the IPs can I use wildcards for this?

    Answer: You don't and can't use IPs there.

    > I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic
    > from a specific site.
    > Which shows: In the Exceptions, "Allow messages from" section , put in
    > an entry of, *@*.*
    > However, I don't THINK it applies since it lists only GW versions 6 -
    > 8.(?)

    It does apply, and is a dead giveaway that access control works based on
    email addresses (only), and not IPs.

    What you're looking for is a job for a firewall. It's outside the scope
    of what GWIA can do.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • 0 in reply to mrosen

    Massimo, hate to burst your bubble, but access control does work for IP's.



    For whatever reason, the syntax to provide 'wildcarding' of addresses is not *, but you include a range of addrs you want to accept from: ie, 10.10.10.5-100, using a - to specify the range..



    --Morris



    >>> Massimo Rosen<mrosenNO@SPAMcfc-it.de> 11/12/2014 8:48 AM >>>



    Hi.

    Am 12.11.2014 13:56, schrieb Demaximis:

    >
    > I need help understanding the Access Control settings.


    Yes. ;)



    > Question: In adding the IPs can I use wildcards for this?


    Answer: You don't and can't use IPs there.


    > I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic
    > from a specific site.
    > Which shows: In the Exceptions, "Allow messages from" section , put in
    > an entry of, *@*.*
    > However, I don't THINK it applies since it lists only GW versions 6 -
    > 8.(?)


    It does apply, and is a dead giveaway that access control works based on
    email addresses (only), and not IPs.

    What you're looking for is a job for a firewall. It's outside the scope
    of what GWIA can do.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • 0 in reply to MigrationDeletedUser
    I will give that a try tomorrow and I will report my results.

    Thanks Morris!:)
Reply Children
No Data

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.