Anonymous_User Absent Member.
Absent Member.
1418 views

SMTP Relaying and External Entities

Hi Guys,

Environment is Groupwise 2012 on OES Linux.

Background is that this site uses a single GWIA to handle normal outbound and inbound Groupwise traffic as well as utilising the SMTP gateway for automated sending of emails for their internally housed business systems to external customers. SMTP relaying has been set up to allow all from the production environment whereas the dev and test environments are restricted to only being allowed to deliver internally (ie their IP addresses are not in the list of allowed exceptions). Late last week we had a situation where the Dev environment delivered an email to an external address when it shouldn't have. No changes had been made to the SMTP relay settings. Further investigation revealed that the address was in an external domain as an external entity.

As we're being asked to further investigate I'm hoping that someone can clarify whether an external entity email address is immune from the SMTP relay settings and confirm whether it's working as designed.

Worst case, we'll need to reevaluate the use of external entities.

Thanks all.

E
Labels (2)
0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: SMTP Relaying and External Entities

Hi.

First, some clarification of terms: What you describe are not external
entitities in a groupwise sense. External Entitiies in Groupwise are
completely normal groupwise users that simply have no eDirectory User
counterpart. From a purely Groupwise view, they behave exactly like
normal users.

What you seem to talk about are External Users added to your groupwise
system via external domains and post offices.

To answer your question: Yes, such users will be handled by groupwise as
if they were internal, as such, sending email to such a user via SMTP is
not considered relaying, even if the mail needs to go out through the
GWIA again to reach the external user.

Basically, all email addresses known to your groupwise system
addressbook will always be accepted by GWIA, no matter if they're real
internal groupwise objects, or external addresses/users.



Am 27.04.2015 um 05:06 schrieb ewilliams:
>
> Hi Guys,
>
> Environment is Groupwise 2012 on OES Linux.
>
> Background is that this site uses a single GWIA to handle normal
> outbound and inbound Groupwise traffic as well as utilising the SMTP
> gateway for automated sending of emails for their internally housed
> business systems to external customers. SMTP relaying has been set up
> to allow all from the production environment whereas the dev and test
> environments are restricted to only being allowed to deliver internally
> (ie their IP addresses are not in the list of allowed exceptions). Late
> last week we had a situation where the Dev environment delivered an
> email to an external address when it shouldn't have. No changes had
> been made to the SMTP relay settings. Further investigation revealed
> that the address was in an external domain as an external entity.
>
> As we're being asked to further investigate I'm hoping that someone can
> clarify whether an external entity email address is immune from the SMTP
> relay settings and confirm whether it's working as designed.
>
> Worst case, we'll need to reevaluate the use of external entities.
>
> Thanks all.
>
> E
>
>


CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SMTP Relaying and External Entities

Thanks Massimo.

Appreciate the clarification. Confirms our suspicions and testing.

Take it easy.

E
0 Likes
jlivitski1 Absent Member.
Absent Member.

Re: SMTP Relaying and External Entities

mrosen;2392164 wrote:
To answer your question: Yes, such users will be handled by groupwise as
if they were internal, as such, sending email to such a user via SMTP is
not considered relaying, even if the mail needs to go out through the
GWIA again to reach the external user.

Basically, all email addresses known to your groupwise system
addressbook will always be accepted by GWIA, no matter if they're real
internal groupwise objects, or external addresses/users.

By default, GWIA won't allow relaying, even to authenticated users, right?

So, one workaround to allowing relaying would be to add the "external" addresses as GroupWise contacts?
0 Likes
Knowledge Partner
Knowledge Partner

Re: SMTP Relaying and External Entities

Hi.

Am 08.11.2016 um 02:26 schrieb jlivitski:
> By default, GWIA won't allow relaying, even to authenticated users,
> right?


Correct.

> So, one workaround to allowing relaying would be to add the "external"
> addresses as GroupWise contacts?


No. GW "contacts" are personal, and not known to the system.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
jlivitski1 Absent Member.
Absent Member.

Re: SMTP Relaying and External Entities

Thanks for the response!

So, I guess the GWIA doesn't consider messages from the MTA/POA bound for the internet as "relaying" either.

I don't see any option to allow relaying for authenticated logins, but there is an option to allow relaying for specific IP addresses.
0 Likes
Knowledge Partner
Knowledge Partner

Re: SMTP Relaying and External Entities

Am 08.11.2016 um 20:26 schrieb jlivitski:
>
> Thanks for the response!
>
> So, I guess the GWIA doesn't consider messages from the MTA/POA bound
> for the internet as "relaying" either.


Of course not.

> I don't see any option to allow relaying for authenticated logins,


Unfortunately, such a setting doesn't exist (yet)

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.