[quote user="scubalg"]

i own the website witch is a PHP based website it has a mail server built into it for example the user registration on the website requires a relay to mail things to other address. mail comes in from DONOTREPLY@livinggods.com and sends it to XXXXusersaccountXXX@yyyy.com

the server is a windows 2003 server and is not configed as a domain controller and does not have any local area networks. Its strickly a web hosting server, which runs our clan website, teamspeak 2 server, FTP server, MySQL Database, and Call of Duty 4 server

i do not want to setup mailboxes i just want the SMTP to relay the mail

[/quote]

 

You can do this.  You would run MercuryS as the SMTP host and MercuryE as the sender.   Your PHP application could send mail to local host if Mercury/32 was running on the server. 

I would worry about relaying for spammers though since many of these web based application are not very good about controlling what is sent to the relay host.  If the spammers were able to take over this web site then your system would very shortly be blocked by every black list out there.

 

 

Thanks Thomas & Dilbert,

The chain is:

Internet -> Mercury -> pop3 connector -> Exchange 

I've realized what the problem was.

When I moved spam to spambucket@mydomain, Mercury was putting that mail into my Domain mailbox with

X-Envelope-To: spambucket@mydomain

To: OriginalRecepient@mydomain 

 

The Pop3 connector I'm using, by default was reading both these headers and sending a copy to both recipients. Fortunately, I can specify which headers get read, and ask it to read X-Envelope-To only.

 Regards,

Richard 

 

Thankyou everyone for your suggestions.  I'm getting notifications now, so I guess I fixed the problem.  It seems it was due to my MercuryD setup regarding "Local User" and "Default User".

I had a user name in the Local User field and the Default User field was blank, so that all mail received goes to that one user, irrespective of who it was addressed to.  However, on reading the help regarding the Default User field I found:

If you leave this field blank, MercuryD will discard any messages for which it can find no local delivery addresses...

I believe this is where my messages were going.  Unless something else has changed without my knowledge.  All I did was move the username from the Local User field to the Default User field, and all seems well.

Thanks again

Regards, Stuzz

[quote user="tBB"][quote user="vgracia"]

it does mean that the mercury v4.52 ssl over pop3 is now compatible with outlook?

[/quote]

No, it means that you need - as Thomas already mentioned - STunnel ( http://www.stunnel.org ) if you want native SSL over POP3/IMAP4 as Mercury doesn't support it. Note that the recommended port for POP3/SSL is 995 and for IMAP4/SSL is 993 as you can see here: http://www.stunnel.org/faq/misc.html so the required STunnel.conf entry(s) would look like:

;---

[POP3S-IN]
accept = 0.0.0.0:995
connect = 127.0.0.1:110
delay = yes
TIMEOUTbusy = 120
TIMEOUTclose = 0
TIMEOUTconnect = 120
TIMEOUTidle = 30

;---

and/or

;---

[IMAPS-IN]
accept = 0.0.0.0:993
connect = 127.0.0.1:143
delay = yes
TIMEOUTbusy = 120
TIMEOUTclose = 0
TIMEOUTconnect = 120
TIMEOUTidle = 30

;---

Best regards,

Nico

[/quote]

Hi,

I know this is an old thread, but where did you find those timeout values? Especially the "TIMEOUTclose = 0". The stunnel documentation only mentions this for a broken MSIE, not relevant for imap or pop and probably old news anyway. Are they really necessary and/or do they fix any known problems?

Greetins

Markus Borst

[quote user="domiz"]

Hi all!

I installed mercury pop3 client, imap and smtp. And all works fine in my local lan. But now i want to use it from the internet. I want to connect to my mailserver through my xxx.dyndns.org address. Now my question is, where must i enter my local network address and where my dnydns address? i tried some configurations but nothing did help. All needed ports are definitly open. if anyone could help me, please do so.

Domiz 

[/quote]

 

You say the ports are open.  What happens when you try to telnet into ports 25, 110 and 143?  Can you see activity on the console?  If not then your dynamic NDS type address is not pointing to the system running Mercury/32.  FWIW, mercury automatically binds to all of the interfaces available and so if you can't get it from the outside then it looks like you are not connecting to the system.

 

 

Hi Thomas,

 

I did see that setting but since it did not say anything about SMTP I never put 2 and 2 together.  I spent most of my time looking in MercuryC configuration settings.  I will try your suggestion.

 

Many thanks for the help,

 
Charles 

1 Non-Local Message Ignored

 This indicates that there is no receipt in the message matching a local user.  For a mailing list the addresses is <list name>@<internet name for this system> and if this is not correct yuo need to create an alias to the list name.

 

Thanks..

I'll try that.
 

You may have trouble if the drive letter changes, lots of parameters in Mercury setup require a full path.

You can set the assigned drive letter in the 'Disk Management' snapin in MMC. This will need to be done on each 'new' machine.

You should set it to a "high" letter (X,Y,or Z) so there is more chance of the drive letter being available on any particular machine. (E, F & so on are commonly grabbed by extra HDD's or DVD drives, camera's etc).

Or maybe M: would be more appropriate [:D] 

So we have in fact three different things called local here: local user, local domain, and (non-)local source. The first two make sense (user with mailbox on server, domain listed as local in core configuration), but it would perhaps be better to call the third one "mail received via SMTP" if that is what it means. It isn't mentioned in Mercury help or in the manual, and it's more or less impossible to guess the meaning.

/Rolf 

> Hello All,
>
>  
>
> I’m totally new to running my own MTA and Mercury is the first software
> I’ve tried of this nature, as such please excuse any mistakes.
>
> For the sake of the examples, we can pretend that Mercury has been
> setup to operate the acme.org domain. I have enabled MercuryS, MercuryP
> and MercuryE. Everything is configured such that remote internet users
> are forced to authenticate before they can relay mail which is great.
>
> I’ve been doing some testing, when “Authenticated SMTP connections may
> relay mail” is checked, the setting of “Do not permit SMTP relaying of
> non-local mail” seems to become irrelevant; because regardless of its
> state - as long as I authenticate whilst sending a mail, I can send
> make the “FROM:” header anything, for example bill.gates@microsoft.com
> and it will get sent. To me this seems like a bug but I’ve worked
> around it with an “Outgoing Filtering Rule” that basically says ( NOT
> HEADER contains “@acme.org” DELETE MESSAGE ).
>
> The net result is that 1. users must authenticate to send and 2. users
> cannot send email that does not originate from acme.org.
>
> The problem:
>
> Imagine two mailboxes, Clare and Bob. When Clare authenticates to send
> an email she can claim her email is originating from Bob or anything
> infact @acme.org.

Absolutely, it's always going to be like this as long as you are sending mail via SMTP.  There is nothing to authenticate the the person sending a message is actually the person in the MAIL FROM: address.  Of course, if the SMTP host authenticated the MAIL FROM: there is nothing to authenticate that the From: address was not spoofed.  Now is you were to turn on TSL via STARTTLS  then the whole process of sending works in a different manner.  The sender must provide a username and password to make the initial connection.  Clients like OE and Outlook can't use STARTTLS or TLS so you would have to run STunnel to allow these client to send via SSL.  Here's a bit on setting up STunnel.

Q: I need to use STunnel (http://www.stunnel.org) to access my corporate e-mail securely across the Internet from home. Please explain how can I do this?

A: In WinPMail, go to the Tools -> Internet Options... menu item, click on the Receiving (POP3) tab in the dialog and fill in the POP3 Host field as:
127.0.0.1
Then click on the Sending (SMTP) tab and fill in the SMTP Host field as:
127.0.0.1

Next, start up Windows Notepad and create a two-line Batch text file that starts STunnel. Below is an example of how the Batch file should look. You will need the change the path accordingly for where your copy of stunnel is located as well as the host names for your corporate POP3 and SMTP servers and the port numbers being used on each of those servers for STunnel:

    start /m C:\stunnel\stunnel-3.22.exe -c -d 110 -r pop.corp.com:995
    start /m C:\stunnel\stunnel-3.22.exe -c -d 25 -r smtp.corp.com:465

Save this as ST_PEG.BAT or similar (it must have a .BAT filename extension). Run this Batch file prior to running WinPMail in order to provide the STunnel redirection functionality.

For more information on setting up STunnel with Pegsasus Mail, look here: http://www.noderunner.net/~llin/old/pmail-ssl.html

MercuryC and MercuryD also work the same way.


>  
>
> So what I’m trying to establish is how I can work the following setup:
>
>  
>
> --  Users may only relay if the email is originating from
>     <their_username>@acme.org and they have authenticated themselves by
>     supplying a password.
>

You can't as it stands.  If you were using Pegasus Mail sending via the Mercury mail spool directory and forcing all mail through Mercury then the From: address will at least be automatically built from the users ID and or synonym but even this can be spoofed given that there are some people out there with some basic knowledge of the system.


>
>  
>
> I would like a setup where both users with (& without) accounts are not
> trusted.
>
>  
>
> To my mind the system should not implicitly grant trust to _anybody_ to
> be truthful about the origin address of an email relayed by Mercury. I
> need to try and find a way to impose more stringent controls on who can
> send emails and from what addresses.

Best of luck.   I've tried to do this for years and come to the conclusion that you cannot use technology to solve a social problem.  It's a losing battle, there are a lot of knowledgeable users out there and the basic mail system has a lot of holes that can be exploited.

>
> I hope that is clear, many thanks in advance for any suggestions.
>
> Thanks,
>
> Tim
>

Ok, I see. Perhaps this is the reason for the different behavior. We use the T-Bird-Version 2.0.0.12 at all 30 Clients. As far as I know, the 3.0 is not released for productive use yet.

Anyway, I agree, that T-Bird has this problems with any IMAP-server not allowing both folders and messages.I tested 6 of them so far. Although the problems look slightly different with each one of them, the problems exist all the time.

[quote user="dilberts_left_nut"]

Another option with filter rules is to use the "extract message to a file" action, then call the "run a program" on the extracted file (with a known filename), followed by a "wait for file" (I think, it's been a while since I looked that closely :)) then a "delete".

This may be a better method if you are only targeting selected mails.

[/quote]

I played with the new policy last night and while it worked it ran against every email vs targeted ones.  It also seemed to run slower (took a 10-15 seconds after receipt of the message before it triggered.  I'll try the filter you suggest above as an alternative (extract, run, wait, delete).  Thanks!

Thanks for your thoughts everyone.  I figued a solution would be something along the lines of putting the attachements in a folder which was polled in some way, I just wasn't sure how to do it.

I'll try out a few ways and let you know how it works out.

Thanks again.

Stuzz

[quote user="homeess"]

I am encountering an issue where authenticated users (local/remote) are being blocked from sending spam looking email. Is there a way to exclude authenticated users only?

[/quote]

In the CC setup on the first (general) tab is a field named 'apply this definition to'. You could set this to 'only mails originating from the internet'.
Be aware that, if you are using the MercuryD module, mails pulled by it from remote pop3 servers are also not checked against the CC definition then because Mercury has no way to determine if they are local or not.

Best regards

Nico

[quote user="houston"]

Yes you're right, outlook express sent e-mails properly. I guess I didn't bollux the syntax......

[/quote]

 

Sorry, I wasn't trying to be rude [:)]  , but using telnet for any more that basic testing is prone to typo's and errors, using a client generally removes this point of failure.

I still think you should look at your relaying controls urgently, as with these turned off, sure YOU can send mail, but so can EVERYONE else. 

 

[quote user="Thomas R. Stephenson"]Not sure but users are based on unique email addresses that are being received.  I suspect this will include mailing lists, postmaster, abuse, and other email address yuo may have.
[/quote]

Very close to bulls-eye Mr. Stephenson [H]
Here is a quote from some info-page here:
[quote]For licensing purposes, a "user" is considered to be either a single mailbox to which mail can be delivered directly by the Mercury server (i.e, an "end point"), or a single mailing list.[/quote]

So I asume this number will increase as Mercury learns about users and mailinglists as mail come and go, and finally saturate at the number of users and mailinglists.

Kai Atle

[quote user="jroger"]Thanks, that's interesting.  I tried creating roger.rowell.foo file and directory names in Windows XP and they seem to work fine. Is it time to rethink the use of the period?[/quote] Nope, since all of these names become directory names I'll bet there will be at least some delivery problems when long file names are used.  You of course can do whatever you want but I really recommend using only plain username.  You can have names longer than 8 characters but even there I would recommend using only ASCII charecters.

Thank you.

I'm running Mercury under the LocalSystem account and... meanwhile... I found a solution in the web... I just need to connect to the console session using remote desktop.
So, I need to start my remote desktop session with the "/console" parameter... start -> run -> mstsc /console

 

My only guess that there is something wrong with the address in the 'glue' headers.