• State Not Answered
  • Replies replies
    8
  • Subscribers subscribers
    15
  • Views views
    722
  • Users 0 members are here
  • Locked Locked
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Control

MigrationDeletedUser
I need help understanding the Access Control settings.
I have 2014 SP1 installed on a SuSE 11 SP3, only one Post Office, Domain, and all agents are on this dedicated server.

I want to lock down incoming messages to specific internet IPs.
We have moved our email security to the cloud, thus the reason for this.
I have made the necessary changes to the DNS Server yesterday and I came in early this morning in hopes of finishing up.
In the GWIA Access Control settings for the Default Class of Service, under SMTP Incoming, I added the IPs that the vendor said we would use under the 'Allow messages from:'

Question: In adding the IPs can I use wildcards for this? For example, if an IP Range is: 10.10.10.20-10.10.10.30, is 10.10.10.2? a valid entry?

I then selected 'Prevent incoming messages', clicked OK until I was all the way out of the gwia settings, then restart the gwia agent.
I sent a test message from my personal (hotmail) account and it was immediately rejected as undeliverable.
(Naturally, I went back in and selected 'Allow incoming messages' until I can get a successful test).

I'm thinking that it might be the wildcard that is not acceptable?
If not, then I don't know what else I need to do.

I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic from a specific site.
Which shows: In the Exceptions, "Allow messages from" section , put in an entry of, *@*.*
However, I don't THINK it applies since it lists only GW versions 6 - 8.(?)

Many thanks!

Stan
Parents
  • 0
    Hi.

    Am 12.11.2014 13:56, schrieb Demaximis:
    >
    > I need help understanding the Access Control settings.

    Yes. ;)


    > Question: In adding the IPs can I use wildcards for this?

    Answer: You don't and can't use IPs there.

    > I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic
    > from a specific site.
    > Which shows: In the Exceptions, "Allow messages from" section , put in
    > an entry of, *@*.*
    > However, I don't THINK it applies since it lists only GW versions 6 -
    > 8.(?)

    It does apply, and is a dead giveaway that access control works based on
    email addresses (only), and not IPs.

    What you're looking for is a job for a firewall. It's outside the scope
    of what GWIA can do.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • 0 in reply to mrosen

    Massimo, hate to burst your bubble, but access control does work for IP's.



    For whatever reason, the syntax to provide 'wildcarding' of addresses is not *, but you include a range of addrs you want to accept from: ie, 10.10.10.5-100, using a - to specify the range..



    --Morris



    >>> Massimo Rosen<mrosenNO@SPAMcfc-it.de> 11/12/2014 8:48 AM >>>



    Hi.

    Am 12.11.2014 13:56, schrieb Demaximis:

    >
    > I need help understanding the Access Control settings.


    Yes. ;)



    > Question: In adding the IPs can I use wildcards for this?


    Answer: You don't and can't use IPs there.


    > I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic
    > from a specific site.
    > Which shows: In the Exceptions, "Allow messages from" section , put in
    > an entry of, *@*.*
    > However, I don't THINK it applies since it lists only GW versions 6 -
    > 8.(?)


    It does apply, and is a dead giveaway that access control works based on
    email addresses (only), and not IPs.

    What you're looking for is a job for a firewall. It's outside the scope
    of what GWIA can do.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • 0 in reply to MigrationDeletedUser
    I will give that a try tomorrow and I will report my results.

    Thanks Morris!:)
  • 0 in reply to MigrationDeletedUser
    Morris,

    Am 12.11.2014 21:54, schrieb Morris Blackham:
    > Massimo, hate to burst your bubble, but access control does work for IP's.

    Thanks. I get old... :( ;)

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • 0 in reply to mrosen
    You too!? :rolleyes:

    I made the suggestion changes and I got the same results: Test messages from my hotmail account to my work account weren't being delivered.
    So, I gave up on that "feature" and made settings in our firewall to prevent anything connecting to our mail server (port 25) except for the security servers.

    Stan
  • 0 in reply to MigrationDeletedUser
    In article <546367EF.56D8.00A3.1@no-mx.forums.novell.com>, Morris
    Blackham wrote:
    > For whatever reason, the syntax to provide 'wildcarding' of
    > addresses is not *, but you include a range of addrs you want
    > to accept from: ie, 10.10.10.5-100, using a - to specify
    > the range..

    Do you know when that got introduced?
    I worked with support way back to get TID 3959034 written to get this
    sort of thing to work and the - didn't work in GW7 era.


    https://www.novell.com/support/kb/doc.php?id=3959034
    needs a bit of updating, but certainly has worked up through GW 2012



    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • 0 in reply to mrosen
    In article <SFkaw.781$Yv2.538@novprvlin0913.provo.novell.com>, Massimo
    Rosen wrote:
    > Thanks. I get old... :( ;)

    We all do, but I still have more Grey hairs than you do, and Morris a
    few more than I.
    None of us are omniscient, even if we occasionally come across as 'know
    it alls'


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Reply
  • 0 in reply to mrosen
    In article <SFkaw.781$Yv2.538@novprvlin0913.provo.novell.com>, Massimo
    Rosen wrote:
    > Thanks. I get old... :( ;)

    We all do, but I still have more Grey hairs than you do, and Morris a
    few more than I.
    None of us are omniscient, even if we occasionally come across as 'know
    it alls'


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Children
No Data

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.