Allow External Server on Cloud to Relay Email
Hi Exchange Server Expert,
I have a query to ask. Currently my company has hosted a web server on the cloud with the public IP address. Since it is a web server, we will need to allow it to relay email via the Microsoft IIS to our exchange server. I have tried before for the internal
server with private ip to relay email on the exchange server by creating a receive connector. however, I never try for the remote server with public ip address. we would like the remote server to relay email to both our internal email (accepted domain in exchange
server) and also external recipients with the external domain.
How am I suppose to perform this task?
Thanks for your attention.
Best Regards,
Henry
Hi Oliver,
thanks again for your prompt response.
I can't login to the web server as it is managed by vendor that configure the web server and we are only being allowed to access the web server via the public URL. basically, i don't know what is the configuration behind. I was being told that they will
configure the email inside the IIS, which i also don't know how to configure.
I have tried to configure the relay connector inside the exchange before following the same guide by changing the private IP to the web server public ip. i also allowed the permission group to exchange servers and authentication on "externally secured".
however after i inform the vendor to test it, it didn't work at all.
i am not able to test using telnet like what i did when doing relay for my internal server. I can't use telnet to test my web server to check whats wrong with the relay. i would like to test like what the guide do, but it is not allowed me to telnet.
what should i do to troubleshoot? i think that allowing relay of external server is a security breach which is very risky. am i right?
thanks
Regards,
Henry
Hi Henry,
Speak to the vendor that manages the web server for IIS setup and ask 'can I use authentication?' If they come back with a 'yes you can' simply provide them with a user/pass so they can authenticate.
Personally I wouldn't allow a public IP to relay by configuring an Exchange Organisation to allow anonymous relay for a public IP, and would ask that they authenticate.
If they come back with a no - then we can troubleshoot your Exchange configuration.
Oliver Moazzezi | Exchange MVP, MCSA:M, MCITP:Exchange 2010,Exchange 2013, BA (Hons) Anim | http://www.exchange2010.com | http://www.cobweb.com | http://twitter.com/OliverMoazzezi
Similar Messages
-
Internal NAV2013 to relay email externaly through our internal exchange server 2013
ello,
We are using NAV 2013 to externally relay email outside and inside through our in house Exchange server 2013.
I created a new Frontend connected with "TYPE" Custom and selected specific ip to configure relay through exchange server.
Once created the Receive connectors I want only Anonymous permission to be set under permission group and not exchange users as this is allowing external 3rd party exchange server to relay emails through our exchange server.
When i edit the properties of the exchange server to uncheck Exchange Server it gives me an error
"You must set the value for the PermissionGroups parameter to ExchangeServers when you set the AuthMechanism parameter to a value of ExternalAuthoritative."
My motive is that I want to allow only the NAV2013 to relay emails through our exchange and no other exchange server or any other application for security reasons.
Once i created a Receive Connectors bydefault TLS is selected and then i put a tick mark on Anonymous but as soon as i save i get error "You must set the value for the PermissionGroups parameter to ExchangeServers when you set the AuthMechanism parameter
to a value of ExternalAuthoritative." and it doesn't let me save unless i select Exchange Server
I have followed the same link that you provided me.
There is another problem as well, I have restricted a distribution group from receiving email from external to the organisation but as soon as i created this relay connectors this group starts receiving email external to the organisation which is very strange.
I tested by disabling the relay connector and then sending email from gmail and then i get a bounce in gmail and the DG doesn't receive email but as soon as I enable relay connector the distribution group starts receiving email.
I have also recreated the connector as well but still the same issue.
Please helpHi,
Please double check whether the "You must set the value for the PermissionGroups parameter to ExchangeServers when you set the AuthMechanism parameter to a value of ExternalAuthoritative" is an error, we can safely ignore it if it
is only a warning message.
I found a related KB for your reference even if the Exchange server version is mismatched.
Exchange 2010: Get-ReceiveConnector warns that an Exchange 2007 connector is corrupted and in an inconsistent state
http://support.microsoft.com/kb/2291884
Please double confirm the following setting:
Authentication tab: Checked TLS and Externally Secured.
Permission Groups: Anonymous users, Exchange Servers
Thanks
Mavis
Mavis Huang
TechNet Community Support -
Allow external host to relay through Ironport?
What is the "safest" way to allow an external host to relay e-mail through our Ironport? I know it's not "recommended", but I don't have any choice.
I guess I could set up the external IP that's allowed to relay in
Mail Policies --> Hat Overview - Relaylist. But that would allow anyone from that IP to relay, and I don't really feel that it's secure enough.
Is it anyway to "tighten" the security and also require a username/password in combination with coming for the correct IP-address to make it atleast a little bit more safe?Hi Jonas,
The safest way to achieve the required is to configure SMTP Authentication feature on Cisco IronPort Appliance.
SMTP Auth is a mechanism for authenticating clients connected to an SMTP server. You can use this functionality to enable users at your organization to send mail using your mail servers even if they are connecting remotely (e.g. from home or while traveling).
Cisco IronPort supports two methods to authenticate user credentials:
1. You can use an LDAP directory.
2. You can use a different SMTP server (SMTP Auth forwarding and SMTP Auth outgoing).
Once authenticated, the user will be allowed to relay mail through Cisco IronPort Appliance. To find out step by step instructions on configuring this feature, I would recommend you to go through "Configuring AsyncOS for SMTP Authentication" section in the Advanced Configuration Guide of AsyncOS.
Hope this will help.
Regards,
Rehan Latif -
Migrating one email domain to external server
our AD domain "domain1.com" users have @domain1.com, @domain2.com, and @domain3.com (this one is for testing usage) mailboxes/addresses on our internal Exchange 2010 14.01.0438.000 server. All users are on the same domain regardless
of the email address they use. mailboxes with @domain1.com as their primary smtp address are being migrated to an email service outside of our organization/domain but will still remain users on our domain. For those users we'll be creating a new
profile in Outlook pointed at that new external mail server to switch over to on the cutover date while leaving the existing profile as is. Following migration for a period of time we want @domain1.com users to still be able revert to their current
Outlook profile and be able to get to our OWA in case any problems/inconsistencies occurred migrating contents to the new service. It's understood that sending/receiving mail would no longer work for them on the internal Exchange server, the point is just
that they could access the old contacts/calendar/notes/tasks/emails.
My testing with migrating @domain3.com indicated that in order for domain2.com senders to be able to send mail to @domain1.com recipients after the cutover date and have the mail arrive at the external server instead of the internal server, the following
would have to be done:
-domain1.com removed from gatewayproxy attribute in recipient polices -
removal of gatewayProxy via ADSI
-domain1.com removed from exchange >> organization configuration >> hub transport >> accepted domains
-mx record pointing at external mail server added to internal dns server domain1.com zone
-domain1.com removed from smtp proxyAddresses attribute on each mailbox
It seems like there should be a way to achieve the result of getting the mail to the external server without modifying the proxyAddresses attributes so that the users could still get back into the old exchange server after cutover with their original address.
any ideas?
Thanksthe steps to get [email protected] to [email protected] mail sent to external server are clear from testing and additional testing shows some option for still getting into the old mailboxes from clients/owa but not clear is how it could be done while leaving
domain1.com mailbox addresses intact on the old Exchange server and the AD user object 'mail' attribute intact as it was pre-cutover. To expand and rephrase my original post, is there a way to make Exchange determine whether it should route domain1.com
mail internally vs externally via a global setting that would take priority over and cause to be ignored smtp proxyAddresses attributes on individual mailboxes so these don't have to be stripped/modified causing unwanted AD attribute alteration?
objective partially achieved -
AD object for [email protected] mailbox has the following attributes -
proxyAddresses = SMTP:[email protected] (Exchange primary reply-to address) & smtp:[email protected]
'mail' attribute = [email protected]
if we change primary/reply SMTP in exchange to [email protected] and remove SMTP:[email protected], the result of internal mail sent to [email protected] going to the external server is accomplished but the 'mail' attribute in AD then changes to [email protected]
which is unwanted. we still want 'mail' attribute left as is for these users since their email addresses are not changing. access to mailbox contents on old exchange server via old [email protected]'s old outlook profile + OWA still work which
is good though.
also found that adding a domain to organization configuration >> hub transport >> accepted domains as 'external relay' in addition to a send connector for the domain pointed at the MX for the external server still isn't enough to override/ignore
any proxyaddresses on the internal mailboxes. mail willl still end up at the internal mailbox. -
Exch 2013 - Someone Relaying Email Through Server
Exch 2013 - Someone Relaying Email Through Server, there are thousands are emails in Queu. Please help me urgently
You need make sure your Receive connector is not allowing IP address \ host from the internet to open relay using it.
If you open the tracking log you will be able to see which connector is allowing the relay.
Exchange Blog:
www.ntweekly.com
MCSA, MCSE, MCITP:SA, MCITP:EA, MCITP:Enterprise Messaging Administrator 2010,MCTS:Virtualization -
EMAIL to external server like Yahoo through SAP
Hi all,
I want to send a mail to the vendor when a PO is created through SAP. Please tell me what is the procedure to follow to do it and what all are the setings need to be done in SAP to send Email through SAP to external server like yahoo, rediff etc.
Thanks*& Form F_SEND_MAIL
Send the mail to corresponding user
FORM F_SEND_MAIL.
DATA : LV_TABLE_LINES LIKE SY-TABIX. " table index
CLEAR: V_MSG1, IT_RECLIST.
REFRESH IT_RECLIST.
*-popualate email ids
IT_RECLIST-RECEIVER = V_UNAME.
IT_RECLIST-REC_TYPE = 'B'.
IT_RECLIST-SAP_BODY = C_X.
IT_RECLIST-EXPRESS = C_X.
*-append receiver table
APPEND IT_RECLIST.
CLEAR IT_RECLIST.
*-populate document attributes
CLEAR: X_DOC_CHNG.
X_DOC_CHNG-OBJ_NAME = 'Error'(M01).
X_DOC_CHNG-OBJ_DESCR = 'ERROR REPORT'(M02).
*-populate body text
IT_OBJTXT = 'Error file is attached'(M03).
APPEND IT_OBJTXT.
*-document size
CLEAR : LV_TABLE_LINES.
DESCRIBE TABLE IT_OBJTXT LINES LV_TABLE_LINES.
READ TABLE IT_OBJTXT INDEX LV_TABLE_LINES.
X_DOC_CHNG-DOC_SIZE =
( LV_TABLE_LINES - 1 ) * 255 + STRLEN( IT_OBJTXT ).
*-populate packing list for body text
CLEAR IT_OBJPACK-TRANSF_BIN.
IT_OBJPACK-HEAD_START = 1.
IT_OBJPACK-HEAD_NUM = 0.
IT_OBJPACK-BODY_START = 1.
IT_OBJPACK-BODY_NUM = LV_TABLE_LINES.
IT_OBJPACK-DOC_TYPE = C_DOCTYP.
APPEND IT_OBJPACK.
CLEAR IT_OBJPACK.
*-populate object header
IT_OBJHEAD = 'INET TO SAP Error Report'(M04).
APPEND IT_OBJHEAD.
CLEAR IT_OBJHEAD.
*--for attachment ---start
*-populate object bin table for attachment
*-column header
LOOP AT IT_MAIL.
IT_OBJBIN = IT_MAIL.
APPEND IT_OBJBIN.
CLEAR IT_OBJBIN.
ENDLOOP.
*-get total no.of lines of Object table(attachment)
CLEAR : LV_TABLE_LINES.
DESCRIBE TABLE IT_OBJBIN LINES LV_TABLE_LINES.
*-populate object header
IT_OBJHEAD = 'Report'(M05).
APPEND IT_OBJHEAD.
CLEAR IT_OBJHEAD.
*-packing list for attachment
IT_OBJPACK-TRANSF_BIN = C_X.
IT_OBJPACK-HEAD_START = 1.
IT_OBJPACK-HEAD_NUM = 1.
IT_OBJPACK-BODY_START = 1.
IT_OBJPACK-BODY_NUM = LV_TABLE_LINES .
IT_OBJPACK-DOC_TYPE = C_DOCTYP .
IT_OBJPACK-OBJ_NAME = 'ABCD'.
IT_OBJPACK-OBJ_DESCR = 'ERROR REPORT'(M02).
IT_OBJPACK-DOC_SIZE = LV_TABLE_LINES * 255.
APPEND IT_OBJPACK.
CLEAR IT_OBJPACK.
*--code for attachment -- end
*-Sending the document
CALL FUNCTION 'SO_NEW_DOCUMENT_ATT_SEND_API1'
EXPORTING
DOCUMENT_DATA = X_DOC_CHNG
PUT_IN_OUTBOX = C_X
IMPORTING
SENT_TO_ALL =
NEW_OBJECT_ID =
TABLES
PACKING_LIST = IT_OBJPACK
OBJECT_HEADER = IT_OBJHEAD
CONTENTS_BIN = IT_OBJBIN
CONTENTS_TXT = IT_OBJTXT
CONTENTS_HEX =
OBJECT_PARA =
OBJECT_PARB =
RECEIVERS = IT_RECLIST
EXCEPTIONS
TOO_MANY_RECEIVERS = 1
DOCUMENT_NOT_SENT = 2
DOCUMENT_TYPE_NOT_EXIST = 3
OPERATION_NO_AUTHORIZATION = 4
PARAMETER_ERROR = 5
X_ERROR = 6
ENQUEUE_ERROR = 7
OTHERS = 8
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4 INTO V_MSG1.
MESSAGE I000 WITH V_MSG1.
ENDIF.
Hope this code will be useful -
Cannot send mail from newsletter server and Server error: Unable to relay
We have newsletter server. Sometimes we sent mail by our exchange 2010 server. But recently we are unable to send mail to external mail server. we sent mail by newsletter server within a domain now. We need to solve. Pls. check below log file and provide
how to solve it.
Sender ID: [email protected]
our domain: www.silkways.net
LOG:
Status Msg : The email details entered successfully into the database.
Status Msg : The email details entered successfully into the database.
Access Level : 1
MAIL SENT TO : [email protected]
FAILED TO SEND MAIL TO : [email protected]
Error : SMTP Error: The following recipients failed: [email protected]<p>SMTP server error: 5.7.1 Unable to relay
</p>
FAILED TO SEND MAIL TO : [email protected]
Error : The following From address failed: [email protected]<p>SMTP server error: 5.5.2 Sender already specified
</p>
FAILED TO SEND MAIL TO : [email protected]
Error : SMTP Error: The following recipients failed: [email protected]<p>SMTP server error: 5.7.1 Unable to relay
</p>
FAILED TO SEND MAIL TO : [email protected]
Error : The following From address failed: [email protected]<p>SMTP server error: 5.5.2 Sender already specified
</p>
FAILED TO SEND MAIL TO : [email protected]
Error : The following From address failed: [email protected]<p>SMTP server error: 4.7.0 Too many errors on this connection, closing transmission channel
</p>
FAILED TO SEND MAIL TO : [email protected]
Error : SMTP Error: The following recipients failed: [email protected]<p>SMTP server error: 5.7.1 Unable to relay
</p>
FAILED TO SEND MAIL TO : [email protected]
Error : The following From address failed: [email protected]<p>SMTP server error: 5.5.2 Sender already specified
</p>Hi,
Since you are able to send emails to internal domain i assume the application server IP address already allowed into Receive Connector.
To relay application emails to external domain you should enable Externally Secured box in the Authentication Tab of the particular Receive Connector.
Kottees :My Blog Please mark it as an answer if it really helps you. -
Allow external traffic to access internal computers
We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
ASA Version 8.4(3)
hostname ciscoasa
domain-name default.domain.invalid
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.2.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 152.18.75.132 255.255.255.240
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object network a-152.18.75.133
host 152.18.75.133
object network a-10.2.1.2
host 10.2.1.2
object-group network ext-servers
network-object host 142.21.53.249
network-object host 142.21.53.251
network-object host 142.21.53.195
object-group network ecomm_servers
network-object 142.21.53.236 255.255.255.255
object-group network internal_subnet
network-object 10.2.1.0 255.255.255.0
access-list extended extended permit ip any any
access-list extended extended permit icmp any any
access-list extended extended permit ip any object-group ext-servers
access-list acl_out extended permit tcp any object-group ecomm_servers eq https
access-list outside_in extended permit ip any host 10.2.1.2
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply inside
icmp permit 10.2.1.0 255.255.255.0 inside
icmp permit any echo-reply outside
icmp permit any outside
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static a-10.2.1.2 a-152.18.75.133
route outside 0.0.0.0 0.0.0.0 152.18.75.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.2.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 10.2.1.2 255.255.255.255 inside
ssh 122.31.53.0 255.255.255.0 outside
ssh 122.28.75.128 255.255.255.240 outside
ssh timeout 30
console timeout 0
dhcpd auto_config outside
dhcpd address 10.2.1.2-10.2.1.254 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c7d7009a051cb0647b402f4acb9a3915
: end
ciscoasa(config)# sh nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static a-10.2.1.2 a-152.18.75.133
translate_hits = 1, untranslate_hits = 112
ciscoasa(config)# sh nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static a-10.2.1.2 a-152.18.75.133
translate_hits = 1, untranslate_hits = 113
ciscoasa(config)#Okay I will bite.
Assuming you have
a. dynamic pat rule for lan users-devices to reach the internet
(missing ???????????????
(should look like a nat rule that makes two entries when you make the one rule)
(with router set at defaults it may make this rule for you already in place)
-object bit
object network obj_any_inside
subnet 0.0.0.0 0.0.0.0
and rule bit
object network obj_any_inside
nat (inside,outside) dynamic interface
b. route rule - tells asa next hop is IP gateway address
route outside 0.0.0.0 0.0.0.0 152.18.75.129 1
c. Nat rule for port forwarding- Using objects it creates two entries (lets say i call it natforward4server)
object bit
object network natforward4server
host 10.2.1.2
Nat bit
object network natforward4server
nat (inside,outside) static interface service tcp 443 443
d. Nat for translated ort.
If you had wanted to translate a port, lets say you have external users that can only use port 80 but need to access https
object bitobject network natfortransl4server
host 10.2.1.2
Nat bit
object network natfortransl4server
nat (inside,outside) static interface service tcp 443 80 -
Has anyone else had problems uploading modifyed files to an external server
Hi, My website bilyz.com has been running OK on two external servers, two different hosting providers, yet neither will allow me to upload modified files.
Since both external servers will run my site OK this narrows the problem source down to my site construction (pre 2014 update) or to Muse software.
The external servers will accept all my html files without a hitch but stalls at various images and not always the same image.
Now I have totally rebuilt the site by stripping out all images, resizing them and remounting them into the slider widget but it doesn't make a difference.
The external server technicians are at a loss to explain and after research have referred me back to Adobe Muse.
Kind regards
Bill WattersThank you Aish
As per your suggestion I published the unchanged site to Business Catalyst as bilyzcom.businesscatalyst.com and it uploaded without a fault. Then I made an alteration to the Gallery page where I changed one image in the slider and a small typo on the Design page. Then published again but this time I selected 'options' and clicked on 'modified files only' Result: The site uploaded perfectly and the altered pages showed the recent changes.
So can we conclude that the source of the problem isn't in the Muse software?.
However, If this problem only occurs with the external server since the update; it also stalls when uploading all files and with modified files so could it point to the recent Muse 2014 update?
Yesterday I have also uninstalled my most recent version then re-installed it via the Creative Cloud File manager. . My copy is 2014.0.1.30 CL 785017
I hope this gives you something to work on.
I look forward to your reply. -
How to connect to external server using router from VLAN's
Hi, I am newbie. I am trying to build network system in Packet Tracer.
Now I have such network layout.
I have different VLAN's Accounting and Sales. I have configured this using subinterface in router to allow computers from different vlan's communicate with each other. Everything works.
Let's assume that there are next subnets and VLAN's. Acct. VLAN (2) (ip's 172.168.0.1-172.168.0.254/24) and Sales VLAN (4) (ip's 172.168.1.1-172.168.1.254/24).
But I need to connect all this computers to the external server. That has ip , for instance 192.168.20.13/24. Like this.
I don't know hot to correctly configure router to make it possible for computers to connect to this server. I have connected switch to the another router interface. And than connected server to the switch and specified ip 192.168.20.13/24. Than I tried to set ip to the router interface from the same subnet like 192.168.20.22/24. So now router can communicate with server.
But how to allow computers to communicate with the server. Please help. I am newbie.
I would be grateful for any help.Hi Androgen,
One question for you..How does the sales VLAN computers communicate with the accounting VLAN machines? It's through the inter-VLAN routing that you have already setup.
Communicating to the external server is also similar to this.
The computer's in the VLAN should be configured with the default gateway IP which is the the L3 sub-interface IP for that subnet.
Also, the external server needs to have a default gateway to communicate with other remote subnet. The default gateway of that server would be 192.168.20.22 which is the L3 interface for your external subnet.
CF -
I have been using my iphone for almost a year and after my email address was hacked yesterday by a diet berry fake email, i can send out an email from my phone. I have removed, rebooted, removed, etc.....and changed my password, still can't send out an email.
Error Message: A copy has been placed in your outbox. Sending the message content to the server failed.
ThanksOR they are the right settings but you are trying to send through a different internet provider or 3G provider, that does not allow that SMTP server to send email.
if I send email from 3g or someone elses wifi on a different ISP, it will not work, because it does not allow that server to be contacted. this is normal.
What you want to do is setup a gmail account and use their SMTP server settings for the defauly outgoing server. that way you dont have to worry about this. -
when i publish my flex application in an external server i get that error if my flash builder beta 2 is closed in my system , i did configure an endpoint to the dataservice to point to the external server and if i run my flash builder and any body browser the site it open and they can access the data from my application but if i close my flash builder we have this error all of us
Send failed
Channel.Security.Error error Error #2048: Security sandbox violation:
http://www.dcecrak.com/Maine.swf cannot load data from
http://localhost:37813/flex2gateway/?hostport=www.dcecrak.com&https=N&id=-1. url:
'http://www.dcecrak.com/flex2gateway/'
i created a crossdomain.xml file and put it in the web root , if i try to open the link http://www.dcecrak.com/flex2gateway it open with blank page this means that every thing is oky , my service-config file looks like that :
<?xml version="1.0" encoding="UTF-8"?>
<services-config>
<services>
<service-include file-path="remoting-config.xml" />
<service-include file-path="proxy-config.xml" />
<service-include file-path="messaging-config.xml" />
</services>
<security>
<login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/>
<!-- Uncomment the correct app server
<login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
<login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/>
<login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
-->
<!--
<security-constraint id="basic-read-access">
<auth-method>Basic</auth-method>
<roles>
<role>guests</role>
<role>accountants</role>
<role>employees</role>
<role>managers</role>
</roles>
</security-constraint>
-->
</security>
<channels>
<!-- CF Based Endpoints -->
<channel-definition id="dcecrak" class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://www.dcecrak.com/flex2gateway/" class="coldfusion.flash.messaging.CFAMFEndPoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
<polling-interval-seconds>8</polling-interval-seconds>
<serialization>
<enable-small-messages>false</enable-small-messages>
</serialization>
<coldfusion>
<!-- define the resolution rules and access level of the cfc being invoked -->
<access>
<!-- Use the ColdFusion mappings to find CFCs-->
<use-mappings>true</use-mappings>
<!-- allow "public and remote" or just "remote" methods to be invoked -->
<method-access-level>remote</method-access-level>
</access>
<!-- Whether the Value Object CFC has getters and setters. Set the value of use-accessors to true if there are getters and setters in the Value Object CFC. -->
<use-accessors>true</use-accessors>
<!--Set the value of use-structs to true if you don't require any translation of ActionScript to CFCs. The assembler can still return structures to Flex, even if the value is false. The default value is false.-->
<use-structs>false</use-structs>
<property-case>
<!-- cfc property names -->
<force-cfc-lowercase>false</force-cfc-lowercase>
<!-- Query column names -->
<force-query-lowercase>false</force-query-lowercase>
<!-- struct keys -->
<force-struct-lowercase>false</force-struct-lowercase>
</property-case>
</coldfusion>
</properties>
</channel-definition>
<channel-definition id="cf-polling-amf" class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://{server.name}:{server.port}{context.root}/flex2gateway/cfamfpolling" class="coldfusion.flash.messaging.CFAMFEndPoint"/>
<properties>
<polling-enabled>true</polling-enabled>
<polling-interval-seconds>8</polling-interval-seconds>
<serialization>
<enable-small-messages>false</enable-small-messages>
</serialization>
<coldfusion>
<!-- define the resolution rules and access level of the cfc being invoked -->
<access>
<!-- Use the ColdFusion mappings to find CFCs-->
<use-mappings>true</use-mappings>
<!-- allow "public and remote" or just "remote" methods to be invoked -->
<method-access-level>remote</method-access-level>
</access>
<!-- Whether the Value Object CFC has getters and setters. Set the value of use-accessors to true if there are getters and setters in the Value Object CFC. -->
<use-accessors>true</use-accessors>
<!--Set the value of use-structs to true if you don't require any translation of ActionScript to CFCs. The assembler can still return structures to Flex, even if the value is false. The default value is false.-->
<use-structs>false</use-structs>
<property-case>
<!-- cfc property names -->
<force-cfc-lowercase>false</force-cfc-lowercase>
<!-- Query column names -->
<force-query-lowercase>false</force-query-lowercase>
<!-- struct keys -->
<force-struct-lowercase>false</force-struct-lowercase>
</property-case>
</coldfusion>
</properties>
</channel-definition>
<channel-definition id="my-cfamf-secure" class="mx.messaging.channels.SecureAMFChannel">
<endpoint uri="https://{server.name}:{server.port}{context.root}/flex2gateway/cfamfsecure" class="coldfusion.flash.messaging.SecureCFAMFEndPoint"/>
<properties>
<polling-enabled>false</polling-enabled>
<add-no-cache-headers>false</add-no-cache-headers>
<serialization>
<enable-small-messages>false</enable-small-messages>
</serialization>
<coldfusion>
<!-- define the resolution rules and access level of the cfc being invoked -->
<access>
<!-- Use the ColdFusion mappings to find CFCs-->
<use-mappings>true</use-mappings>
<!-- allow "public and remote" or just "remote" methods to be invoked -->
<method-access-level>remote</method-access-level>
</access>
<!-- Whether the Value Object CFC has getters and setters. Set the value of use-accessors to true if there are getters and setters in the Value Object CFC. -->
<use-accessors>true</use-accessors>
<!--Set the value of use-structs to true if you don't require any translation of ActionScript to CFCs. The assembler can still return structures to Flex, even if the value is false. The default value is false.-->
<use-structs>false</use-structs>
<property-case>
<!-- cfc property names -->
<force-cfc-lowercase>false</force-cfc-lowercase>
<!-- Query column names -->
<force-query-lowercase>false</force-query-lowercase>
<!-- struct keys -->
<force-struct-lowercase>false</force-struct-lowercase>
</property-case>
</coldfusion>
</properties>
</channel-definition>
<!-- Java Based Endpoints -->
<channel-definition id="java-amf" class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://{server.name}:{server.port}{context.root}/flex2gateway/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
</channel-definition>
<channel-definition id="java-secure-amf" class="mx.messaging.channels.SecureAMFChannel">
<endpoint uri="https://{server.name}:{server.port}{context.root}/flex2gateway/amfsecure" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
</channel-definition>
<channel-definition id="java-polling-amf" class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://{server.name}:{server.port}{context.root}/flex2gateway/amfpolling" class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>true</polling-enabled>
<polling-interval-seconds>8</polling-interval-seconds>
</properties>
</channel-definition>
<!--
<channel-definition id="java-http" class="mx.messaging.channels.HTTPChannel">
<endpoint uri="http://{server.name}:{server.port}{context.root}/flex2gateway/http" class="flex.messaging.endpoints.HTTPEndpoint"/>
</channel-definition>
<channel-definition id="java-secure-http" class="mx.messaging.channels.SecureHTTPChannel">
<endpoint uri="https://{server.name}:{server.port}{context.root}/flex2gateway/httpsecure" class="flex.messaging.endpoints.SecureHTTPEndpoint"/>
</channel-definition>
-->
</channels>
<logging>
<target class="flex.messaging.log.ConsoleTarget" level="Error">
<properties>
<prefix>[BlazeDS] </prefix>
<includeDate>false</includeDate>
<includeTime>false</includeTime>
<includeLevel>false</includeLevel>
<includeCategory>false</includeCategory>
</properties>
<filters>
<pattern>Endpoint.*</pattern>
<pattern>Service.*</pattern>
<pattern>Configuration</pattern>
<pattern>Message.*</pattern>
</filters>
</target>
</logging>
<system>
<manageable>false</manageable>
<!--
<redeploy>
<enabled>true</enabled>
<watch-interval>20</watch-interval>
<watch-file>{context.root}/WEB-INF/flex/services-config.xml</watch-file>
<watch-file>{context.root}/WEB-INF/flex/proxy-config.xml</watch-file>
<watch-file>{context.root}/WEB-INF/flex/remoting-config.xml</watch-file>
<watch-file>{context.root}/WEB-INF/flex/messaging-config.xml</watch-file>
<watch-file>{context.root}/WEB-INF/flex/data-management-config.xml</watch-file>
<touch-file>{context.root}/WEB-INF/web.xml</touch-file>
</redeploy>
-->
</system>
</services-config>
and my crossdomain.xml looks like that :
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="localhost" to-ports="*" secure="false"/>
<allow-access-from domain="*" to-ports="*" secure="false"/>
<allow-http-request-headers-from domain="*"/>
</cross-domain-policy>
really its strange only the site works if my flash builder is running , please helpThanks all for your attention, i have solved my problem and i think its a bug in the flash builder , the problem was that when you compile the application and you enabling Network Monitoring , the communication of the AMF channels done throw the http://localhost:37813/flex2gateway/
and that was the problem if you close the flash builder on your system that getaway dose not exist and on the hosted server there is no such address localhost by this port also so the client application witch is catch in you system try to access your localhost and that cause a security error and the address is also not exist .
so the solution or we have to compile the project after we disable the Network Monitoring in flash builder . -
Seeded LOV in OA Page works on internal server, does not in external server
I am using the appraisal creation page '/oracle/apps/per/selfservice/appraisals/webui/MASetupDetailsPG'. Here we have a LOV that lists the appraisal template.
The LOV returns records when Pressing 'Go' from the LOV Search page while accessing from internal server.
However, while performing the same steps from external server, on clicking 'Go' , we get 'No Search Conducted'. ideally , we'll expect the records to come up (or) no results match the chosen criteria. However in this case, it simply gives 'No Search Conducted'.
The 'About this Page' on LOV Page does not show the VO/AM details from external server.
I have checked the following:
1. Class path is same while accessing from both external and internal server
2. Page personalisations are fairly starightforward, just prompts,instruction text changes etc
3. There is no VO/AM customisation. This was done by checking jdr_utils from apps. i suppose this is just application-wide and cannot be checked at server level. pls validate my statement.
4. I have tried 'Diagnostics' using 'About this Page'. It works internally and gives the LOV query with bind parameters. However when I try to do 'Diagnostics'-->Show log on Screen, the screen just hangs before i can see the 'log Level' list on the screen. So I am unable to take trace even from external server.
5. Few other LOVs work from external server. But this one does not.
What could be the cause and how do i debug further?
Any help is appreciated.
Thanks,
LNAs far as I know, if he does what you suggest he won't be able to resolve the "main" domainname.
The internal DNS will think it is the SOA for the "whole" domainname, including subdomain or not, and woun't ask any other DNS. So he needs to add all public IPs/names in his DNS if using the same domainname.
Delegation of a subdomain, this requires both DNS using public IPs:
http://www.zytrax.com/books/dns/ch9/delegate.html
I guess this is "wishful thinking":
IF he (most likely woun't happen) could/be allowed to do zone transfers from a DNS hosting the "main" domainname and run that zone as a slave/secondary on his internal DNS it should work. It wouldn't be ugly if it can be done without adding his internal DNS IP as a NS record. I don't know about notifying the slave about changes to the main domain then though.
If running your own public DNS to separate between public and internal only/private IP lookups depending on what IP the request is coming from:
http://www.zytrax.com/books/dns/ch7/acl.html -
Allow external iframes local IP
I am at the beginning of migrating from on-site SharePoint to SharePoint Online.
Trying to get a page viewer to display an HTML/PHP page that is hosted locally. I understand that this will cause problems when viewing the pages when off-site, but that is ok for the requirements.
Is it possible to set Site Settings > Site
Collection Administration > HTML
Field Security > Allow
External iFrames to accept content from internal servers, local IP (eg 192.168.1.*)?
If so, what "domain" is needed in the above settings (or otherwise) to allow these pages to display?
The URL pointing to the local page works in web browsers fine, just doesn't display on SharePoint Online.
Thanks,
LachyHello
Nat provides ip.translation but its doesnt give.you any real security to.the server you still.need.to prohibit access via either ios fw features( cbac zbfw,extended acls etc) or via a designated fwl
To answer your question
Yes you can
You can position it in a dmz with a.public ip address and use port forwarding/filtering etc to.open up specifc ports to the server
Res
Paul
Sent from Cisco Technical Support Android App -
I have a class that when run as a "main" transmits a HTTP/1.1 post successfully
to an external server. This external server requires keep-alive connections.
However when instantiated inside a weblogic servlet container, the post fails
because the HTTP protocol is set to HTTP/1.0. I have tried this with V5.1 SP11
and then with V6.1 SP2 with the same result. The code works under Tomcat.
I can find no way to force HTTP/1.1 in the URLConnection. Any suggestions?
Great. I have a question to BEA folks, if they ever read this newsgroup:
what is the reason for installing WLS protocol handlers, and, if there is
one, why the implementation is still buggy? I saw many, many instances when
code making outgoing connections failed to work in WLS, and the solution is
always the same - use handler which comes with the JVM.
Bob Bowman <[email protected]> wrote:
> <[email protected]> wrote:
>>If it works as a standalone application and fails inside WebLogic, most
>>likely this
>>is caused by WebLogic http handler implementation. You can try to modify
>>your code
>>like this:
>>
>>URL url = new URL(null, "http://some_url", new sun.net.www.protocol.http.Handler());
>>HttpURLConnection conn = (HttpURLConnection)url.openConnection();
>>
>>(you will need to modify weblogic.policy to allow your code to specify
>>protocol
>>handler).
>>
>>Bob Bowman <[email protected]> wrote:
>>
>>> I have a class that when run as a "main" transmits a HTTP/1.1 post
>>successfully
>>> to an external server. This external server requires keep-alive connections.
>>> However when instantiated inside a weblogic servlet container, the
>>post fails
>>> because the HTTP protocol is set to HTTP/1.0. I have tried this with
>>V5.1 SP11
>>> and then with V6.1 SP2 with the same result. The code works under
>>Tomcat.
>>
>>> I can find no way to force HTTP/1.1 in the URLConnection. Any suggestions?
>>
>>--
>>Dimitri
> Worked like a champ! Thanks.
Dimitri
Maybe you are looking for
-
photoshop elements 13 and premiere 13 purchased, downloaded and installed... but wont OPEN/LAUNCH.. HELLP!!?
-
Im having problems recording
-
In previous versions, I magnified or reduced each site I visited to fill my screen by clicking + or -. When I revisited those sites, I automatically got the magnification I previously chose. Now I must increase or reduce the magnification manually ev
-
Hi Experts, I have read SAP Library & sdn forum thread also,but even I did not understand when does system creates exception message 10 & 15. can anybody please explain with giving suitable example. PLEASE DO NOT SUGGEST ANY SAP HELP LINK OR FORUM TR
-
ISE and Citrix Netscaler for LB
I'm working on a solution where we have NetScaler load balancers distributing radius requests from the NADs to respectvie PSNs. Authentication works and redirect URLs work etc.. The challenge we're having is with EAP-TLS sessions. The user get's a pr