Internal Open Relay For Entire Network

Hello All,
Sorry if this has been answered, but I haven't seen anything that addresses specifically what I need in the forums.
I have a single Exchange 2010 Server. I've set up a new receive connector called Open Relay and have opened up various I.P. Addresses. What I would like to do is open it up for all of my subnets internally (10.0.0.1/24.) Which is easy enough.
Here's the problem, I only want the Open Relay to work internally, I do not want any of my workstations to be able to relay off the trusted subnets, across those internal subnets YES, but to the outside world, NO. Everything I try gives them rights to relay
both inside and outside, that is a blacklisting just waiting to happen.
This is so that all the scripts that I run remotely on workstations can send me emails with info that I need.
Thanks Eric

Create a receive connector
http://technet.microsoft.com/en-us/library/bb232021.aspx
add the required subnet to allow relay
Get-ReceiveConnector yourconnectorname | get-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights
MAS

Similar Messages

Change Adobe Reader Preference for entire network

Is there a way for our network administrator to change an Adobe Reader XI Preference (specifically, uncheck the "Enable Enhanced Security" checkbox) for our entire network?

You admin should know how to do that.
All doc is here: http://www.adobe.com/devnet-docs/acrobatetk/
Ben

Bridge for entire network

Here is my problem. I am taking a back up drive full of client images. There are many folders/subfolders within this drive. Ultimately, I want each computer within the network to be able to do keyword searches for images. There are so many, I want them to be able to plug the keywords and pull up the images requested per our clients. Is there anyway I can have this carry over to other towers or do we need to create a workspace on everyone's tower?
How to's and Advice needed. Thanks. Mac's

Create a receive connector
http://technet.microsoft.com/en-us/library/bb232021.aspx
add the required subnet to allow relay
Get-ReceiveConnector yourconnectorname | get-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights
MAS

Open relay connector

Trying to replace an open relay for servers/applications on exchange 2013 so I can retire exchange 2007, but I get the unable to relay error. I’ve created the new frontend connector on CAS server with its own IP/DNS entries, scoped it and put security
identical to the working connector on 2007. Also, I ran the obligatory:
Get-ReceiveConnector "exchange1\relay2" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Used ADSIedit to verify it has the exact same permissions as the working relay connector in old exchange.
Exchange 2013 I think, is not using the connector. When I telnet to relay.domain.com (exchange 2007), I get 250 relay.domain.com Hello [ip] as expected. When I telnet to relay2.domain.com (exchange 2013), I get 250 exchange1.domain.com Hello [ip] whereas
I would expect to get 250 relay2.domain.com. If I attempt to send, I get unable to relay and logs show connection attempts using Exchange1\Default Front end connector.
What did I miss?

After some more testing, I think I may know what's going on, but not why. I removed all the IPs from the remote range and added just one IP address and restarted the transport service. I can still open a telent session from a server that is not in
the list.
From the How Does Exchange 2013 Know which recieve connector to use? section of http://exchangeserverpro.com/exchange-2013-configure-smtp-relay-connector/, he states the following:
Simply put, receive connector selection is on a “most specific match wins” basis. The connector with remote network settings that most closely match the IP of the connecting server/device will
be the one that handles the connection.
This is not happening in my case. Even though my custom relay connector is a closer match, connections are going to the default frontend connector.

Any special precautions needed to prevent open relay?

Hi, we turned on the mail server on our os x server 10.4.7 machine and have started learning how to setup and manage our email server.
Is there any special precaution / setup we need ot do to ensure we do not unwittingly become an "open relay" for spammers?
Or does the default behavior after an install take care of that?

greetings
postfix by defaultis not open for relay. The settings in your /etc/main.cf files will determine what is any other machines you will allow to relay.
mynetworks_style and mynetworks determine what other systems can relay.
set mynetwork_style to host to limit relaying to just your local machine. Add ip addresses to mynetworks to allow specific clients to use your smtp server.
hope this helps

Can't do google seaches or get tabs to open without ringo and get the alert..The operation can not be completed because of an internal failure. A secure network communication has not been cleaned up correctly.

I can't get tabs to open or google search to operate without constant ringo and I get the alert...The operation can not be completed because of an internal failure. A secure network communication has not been cleaned up correctly. I have 8.0 firefox version

This is a known bug and it is being worked on.
The relevant bug report is [https://bugzilla.mozilla.org/show_bug.cgi?id=588511 Bug 588511], but please do not comment on the bug report.

I have iPhone 4, it was working just fine..no I have a problem: it keeps searching for the network and then says no network..it was open to clean from inside..how can I fix the problem

I have iPhone 4, it was working just fine..no I have a problem: it keeps searching for the network and then says no network..it was open to clean from inside..how can I fix the problem

Tap Settings > General > Reset > Reset Network Settings
If that doesn't help, try here > iOS: Troubleshooting Wi-Fi networks and connections

Setting Up Mailserver to received and Send Mail for external Network

I have a G5 currenty running 10.3.9 Server with Mail services run and working fine, we are upgrading to 10.4 Server and would like our Sales Reps the ability to send and Receive mail from outside the office. How do I configure my server, Router, ISP and/or Mail clients to do this??? we are currently able to recieve mail from outside just not send.

I cannot find the Line #submission inet n - n -- smtpd in the Main.CF file...here is what I get when I open it
# Global Postfix configuration file. This file lists only a subset
# of all 250+ parameters. See the sample-xxx.cf files for a full list.
# The general format is lines with parameter = value pairs. Lines
# that begin with whitespace continue the previous line. A value can
# contain references to other $names or ${name}s.
# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
# POSTFIX STILL WORKS AFTER EVERY CHANGE.
# SOFT BOUNCE
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
queue_directory = /private/var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
daemon_directory = /usr/libexec/postfix
# QUEUE AND PROCESS OWNERSHIP
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#mydomain = domain.tld
# SENDING MAIL
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# [email protected].
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
# Note: you need to stop/start Postfix when this parameter changes.
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see sample-virtual.cf).
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# sample-smtpd.cf).
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#mydestination = $myhostname, localhost.$mydomain
#mydestination = $myhostname, localhost.$mydomain $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination and $inet_interfaces.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
# - You redefine the local delivery agent in master.cf.
# - You redefine the "local_transport" setting in main.cf.
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see sample-local.cf).
# Details are described in the LOCAL_RECIPIENT_README file.
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a [email protected] address.
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# $inet_interfaces, while $local_recipient_maps is non-empty and the
# recipient address or address local-part is not found.
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#unknown_local_recipient_reject_code = 550
unknown_local_recipient_reject_code = 450
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in file sample-smtpd.cf.
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions restriction in the
# file sample-smtpd.cf for detailed information.
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction in the file sample-smtpd.cf.
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
# If you're connected via UUCP, see also the default_transport parameter.
#relayhost = $mydomain
#relayhost = gateway.my.domain
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a [email protected] address.
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 50 SMTP server process
# limit, this limits the mail inflow to 50 messages a second more
# than the number of messages delivered per second.
# Specify 0 to disable the feature. Valid delays are 0..10.
#in_flow_delay = 1s
# ADDRESS REWRITING
# Insert text from sample-rewrite.cf if you need to do address
# masquerading.
# Insert text from sample-canonical.cf if you need to do address
# rewriting, or if you need username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
# Insert text from sample-virtual.cf if you need virtual domain support.
# "USER HAS MOVED" BOUNCE MESSAGES
# Insert text from sample-relocated.cf if you need "user has moved"
# style bounce messages. Alternatively, you can bounce recipients
# with an SMTP server access table. See sample-smtpd.cf.
# TRANSPORT MAP
# Insert text from sample-transport.cf if you need explicit routing.
# ALIAS DATABASE
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#recipient_delimiter = +
# DELIVERY TO MAILBOX
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination
# and unknown@[$inet_interfaces] is returned as undeliverable.
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
# luser_relay works only for the default Postfix local delivery agent.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#luser_relay = [email protected]
#luser_relay = [email protected]
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
# The controls listed here are only a very small subset. See the file
# sample-smtpd.cf for an elaborate list of anti-UCE controls.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
# For details, see the sample-filter.cf file.
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# By default, Postfix maintains deferred mail logfile information
# only for destinations that Postfix is willing to relay to (as
# specified in the relay_domains parameter). For other destinations,
# Postfix attempts to deliver ALL queued mail after receiving the
# SMTP "ETRN domain.tld" command, or after execution of "sendmail
# -qRdomain.tld". This can be slow when a lot of mail is queued.
# The fast_flush_domains parameter controls what destinations are
# eligible for this "fast ETRN/sendmail -qR" service.
#fast_flush_domains = $relay_domains
#fast_flush_domains =
# SHOW SOFTWARE VERSION OR NOT
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 10
# DEBUGGING CONTROL
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# If you don't have X installed on the Postfix machine, try:
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
# INSTALL-TIME CONFIGURATION INFORMATION
# The following parameters are used when installing a new Postfix version.
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
sendmail_path = /usr/sbin/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
newaliases_path = /usr/bin/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
mailq_path = /usr/bin/mailq
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
setgid_group = postdrop
# manpage_directory: The location of the Postfix on-line manual pages.
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
sample_directory = /usr/share/doc/postfix/examples
# readme_directory: The location of the Postfix README files.
readme_directory = /usr/share/doc/postfix
# THE FOLLOWING DEFAULTS ARE SET BY APPLE
# bind to localhost only
inet_interfaces = all
# turn off relaying for local subnet
mynetworks_style = host
# mydomain_fallback: optional domain to use if mydomain is not set and
# myhostname is not fully qualified. It is ignored if neither are true.
mydomain_fallback = localhost
myhostname = jamestownpress.com
mailbox_transport = cyrus
enable_server_options = yes
luser_relay =
maps_rbl_domains = dun.dnsrbl.net
message_size_limit = 0
mydestination = $myhostname,localhost.$mydomain
smtpd_use_tls = no
smtpd_enforce_tls = no
smtpd_tls_loglevel = 0
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_pw_server_security_options = plain
server_enabled = 1
relayhost =
smtpd_client_restrictions = permit_mynetworks reject_rbl_client dun.dnsrbl.net permit
always_bcc =
mynetworks = 127.0.0.1/32,192.168.0.0/16,192.168.1.98,192.168.1.3,192.168.1.13,192.168.1.5,1 92.168.1.22,192.168.1.18,192.168.1.41
content_filter = smtp-amavis:[127.0.0.1]:10024
so what do I need to change

Looking for Mac network professional to setup our small business network.

I've installed OS X Server on an iMac within our office to act as a file server and also allow us to access files using a VPN. Probably should have purchased a Mac Mini Server and will likely go that route in the end.
I'm computer savy, but little networks experience and just can't get this working correctly. If we had more time to dedicate to this and with help from this forum, I'm sure we could get it up and running. The goal is to get a simple network going that will allow us to access files, etc in the field and at our home offices with the ability to grow as our business expands.
At this time I'd really like to have someone just handle the setup of the network so we can get functionality asap. I've done some searches and looked for a network professional in our area with experience in Mac networking within a business environment, but haven't had much luck.
If anyone point me in a direction of someone that can help get this going I'd be forever greatful:)
Location: Southern California (Rancho Cucamonga)

I'm not a rocket scientist but I do have a working mail server and website using a mini mac and os x server (Mavericks).
It all begins with your DNS and I recommend you do use a mac mini with OS X Server as it's designed for that very purpose. You absolutely must get your DNS situation working first. There's a guy in this forum named Mr. Hoffman who is particularly useful (there are others) in this area. He has a website with lots of helpful advice and, in particular, this: http://labs.hoffmanlabs.com/node/1436.
However, before you embark on that journey, this is what you'll basically need to do:
You're going to need a public (external/public facing) DNS and a private (internal) DNS. Your private DNS (served by your os x server) needs to live behind some kind of hardware firewall/router to prevent the great unwashed and curious from venturing into places they probably shouldn't be venturing. It's port(s) should never be exposed to the outside world.
Get a static IP from your ISP and register a domain name.
Let your domain registrar provide the external DNS.
You'll want to set up an internal DNS using OS X Server in the 10.0.0.0/16 subnet (it doesn't seem to let you use 10.0.0.0/8 and it really hates 192.168.0.0/24).
The server itself will need to be "self-aware" by setting it's System Preferences > Network Preferences > DNS Server to 127.0.0.1.
Of course, once you get the DNS working you'll want to turn on File Sharing and then (and only then) Open Directory. THen you can begin adding other services such as web, mail, vpn, etc...
I'm sure there is lots more that I've missed but this should do for now. Good luck.

The operation can not be completed because of an internal failure. A secure network communication has not been cleaned up correctly ... Iget this message when closing firefox. It obviously has been a problem in the past but I'm using FF 6

'''"The operation can not be completed because of an internal failure. A secure network communication has not been cleaned up correctly ... '''"Iget this message when closing firefox. It obviously has been a problem in the past for others but it has only happened to me since updating to firefox6'''

Try to clear the "Active Logins" via Clear Recent History
*https://support.mozilla.com/kb/Clear+Recent+History
You can also try to delete the file secmode.db in the Firefox Profile Folder
*http://kb.mozillazine.org/Profile_folder_-_Firefox
*Help > Troubleshooting Information > Profile Directory: Open Containing Folder

Do I need to open ports for my services if I am connecting through VPN

Hi,
I work in a small office and we are trying to connect people remotely to our server through VPN.
Using the Server App I managed to make VPN work and successfully connected to our file share points, so that means file sharing worked without opening ports for afp on my Airport router.
On the other side I cant connect to other services as iCal and Address Book as I am locally in the office. Does that mean I have to open the ports for those services on the router, if yes then why use VPN in the first place.
Thanks,

If I understood you correctly:
External client -> (server.domain.name) -> Router -> Server: is working
Internal client -> (server.domain.name) -> Router -> Server: is not working
Internal client -> (local ip) -> Server: is working
If yes, you can implement a-la "split zone DNS".
1. On the external DNS your domain name server.domain.name resolved to the external router IP.
2. You should add record (and zone) server.domain.name to your OS X Lion Server DNS pointing to local IP
When you are connected to VPN, system sets DNS server to your Lion server and server.domain.name is resolving to local IP.
When you are working without VPN, system use external DNS and server.domain.name is resolving to external IP.
Of course, you should open ports for your services on the router is you want to use them from external network.
I am using this configuration and it works perfectly.

Is it possible to assign fixed internal IP address for Azure VM ?

I setup win2008R2 Application server on Azure VM and setup Azure VPN for local address 10.0.0.0/24 and VNET? for 10.0.1.0/24 and default gateway 10.0.1.0/25 though I do not get exact meaning of this network settings.
By default VM OS IP setting, it get IP address through DHCP.
1
If I make Azure VPN, it is assigned the specified range automatically ? ( in this case, 10.0.1.0/24 ).
2
If I do not use Azure VPN, which range of address is assigned as internal IP to Azure VM through DHCP ?
3
If I set fixed IP address in that VM from OS setting , it will survive and IP address is not assigned by DHCP both using Azure VPN case and not using Azure VPN case after OS reboot from OS and from Azure
Portal ?

For general information:
Gateway - Usually this is your router. When you talk about your gateway, generally you are talking about the ip address your router uses.
NAT - Network Address Translation. When your router is using nat, it is taking data from one Public IP address, and breaking that data into multiple private ip addresses. Data is sent to your network on a public ip address, from the internet. Using nat your router then directs that data, to multiple internal private ip addresses. Nat basically breaks one ip into many.
IP Addresses :
1-External (Public) IP Address - Every computer/server that has a public ip address is directly connected to the internet. Usually DLS/cable routers are assigned a public ip address by the ISP they are connecting to.
(The Dynamic/Static relates to how an ip address is assigned.)
a) Static : Your ISP assigns an IP number and cannot be change by user (client).
To do : If you want to change it by any reason, call your ISP and ask them to change your IP number.
b) Dynamic : Your ISP assigns an IP number and you can change it. This means that every time your DSL modem is rebooted, your ISP assigns a new IP number for it.
To do : Turn your modem off/on. (Wait for 15 seconds between off/on.)
2-Internal (Local) IP Address - If you are using NAT, every computer on your network has one of these ip addresses. These IP addresses are provided by your router. Your entire network can see this ip address. Computers on the outside of your network can not, because your router "hides" private ip addresses.
Hope this helps you.
Fatih
iMac G5 20"-2Ghz 1GB RAM / PB G4 1.67-1GB RAM/PB G4 400-768 RAM/iMac DV G3 400 Mac OS X (10.4.4) Ext.FW 1204030 - iSight

Server 2008 R2 SP1 with RRAS takes down entire network

We have a Hyper-V server (2008 R2 SP1) that is running several DC's. These DC's are for different domains and establish outbound VPN connections using RRAS to sync with remote DC's. We have a few of this with 20-30 DC's running on each Hyper-V
server.
Application of SP1 to the host OS went without issue and everything remained normal.
Upgraded a single Hyper-V VM from 2008 R2 to 2008 R2 SP1 and everything connected to the physical switch went down. Ping times went through the roof and timeouts were happening on the local physical network. All Hyper-V guests on all
Hyper-V machines had CPU usage that went from about 0% up to averaging 5% to 7%. The processing taking all the CPU was the LocalServiceNoNetwork one which is related to packet inspection.
Using the process of elimination, we found that if we stopped RRAS on the Hyper-V guest running 2008 R2 SP1 then everything went back to normal. We duplicated the same scenario with a different machine...and again, just stopping RRAS fixed everything.
As soon as RRAS starts, the network crashes.
Has anyone else seen anything like this? I plan on opening a case with PSS tomorrow but thought I'd ask.
Rob
Rob

PSS is useless. They work on the ticket when convenient for their overseas hours and have no idea what is wrong. They keep asking for the same information over and over. We've decided to remove the RRAS component from our VM's. Instead
we've decided to set up a VPN configuration where we use IPSec tunnels for each VM. This allows us to remove all the RRAS roles and the issue goes away with SP1 applied.
There is definitely something wrong with SP1, RRAS and Hyper-V. Maybe Microsoft can figure it out on their own time. It is easier and simpler for us to just remove the component.
For historical reference, the issue seems to be that RRAS with SP1 picks up packets that are not destined for the RRAS tunnel and attempts to retransmit them. This, in turn, saturates the switches with retransmit packets and takes down the entire network.
Microsoft has absolutely no clue on how to resolve the issue and the techs have so little knowledge in real networking troubleshooting that it is laughable.
Rob

[SOLVED]Couldn't open file for 'Log debug file /var/log/tor/debug.log'

Hello,
I'm trying to run a tor relay on my arch linux box. Trying to launch the tor daemon, here's the log via
$ systemctl status tor.service
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.877 [notice] Tor v0.2.4.21 (git-505962724c05445f) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1g.
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.877 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.877 [notice] Read configuration file "/etc/tor/torrc".
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.909 [notice] Opening Socks listener on 127.0.0.1:9050
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.909 [notice] Opening OR listener on 0.0.0.0:9798
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [warn] Couldn't open file for 'Log debug file /var/log/tor/debug.log': Permission denied
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [notice] Closing partially-constructed OR listener on 0.0.0.0:9798
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [warn] Failed to parse/validate config: Failed to init Log options. See logs for details.
May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [err] Reading config failed--see warnings above.
May 20 11:53:10 arch systemd[1]: tor.service: main process exited, code=exited, status=255/n/a
May 20 11:53:10 arch systemd[1]: Unit tor.service entered failed state.
Why the tor daemon cannot write into /var/log/tor/debug.log ?
Here's my /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon,nue
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root,nue
ftp:x:11:
mail:x:12:
uucp:x:14:
log:x:19:root
utmp:x:20:
locate:x:21:
rfkill:x:24:
smmsp:x:25:
http:x:33:
games:x:50:
lock:x:54:
uuidd:x:68:
dbus:x:81:
network:x:90:
video:x:91:
audio:x:92:
optical:x:93:
floppy:x:94:
storage:x:95:
scanner:x:96:
power:x:98:
nobody:x:99:
users:x:100:
systemd-journal:x:190:
nue:x:1000:
avahi:x:84:
lxdm:x:121:
polkitd:x:102:
git:x:999:
transmission:x:169:
vboxusers:x:108:
tor:x:43:
mysql:x:89:
Last edited by giuscri (2014-05-20 12:18:56)

SidK wrote:You must have modified your torrc to print to that log file. systemd starts the service as the tor user (see /usr/lib/systemd/system/tor.service). So if if you want to log to a file the tor user must have write access to it. By default however tor it set to log to the journal, which doesn't require any special permissions.
Yes. I did edit the torrc file since I wanted the log to be store in that file. Indeed
## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
Log notice syslog
## To send all messages to stderr:
#Log debug stderr
I missed the file systemd uses to choose who's the process owner.
Course, I could edit /usr/lib/systemd/system/tor.service such that root will become the process owner; or, I could add the user I use everyday in the root group, then change the permission of /var/log/tor/debug.log such that it will be writable also for the folks in the root group.
Yet they both seems to be a bit unsafe ...
What is the best choice, to you guys?
Thanks,

Delay when opening QT files on network drives

This is on Windows XP, QuickTime 7 Pro...
When I try to open any QuickTime-associated file, if that file's on a network drive, there's a delay of at least 30 seconds before the QT player opens and is ready to play the file (during the delay, there's little or no apparent network or disk activity).
It's not caused by a slow network, because when I open AVI or WMV files of similar sizes on the same network drive, Windows Media Player opens and starts to play them within a second or two.
It's not caused by my anti-virus software, because the same thing happens even if I've disabled the anti-virus software.
It's also not a general QuickTime problem because if I copy the file to my local drive and then open that copy, the QT player opens right away.
It does seem to be related to the underlying QuickTime system (rather than the higher level player), because the delay also happens if I assign Real Player to open MOV files instead of the QT player. The only difference is that instead of NOTHING happening for 30 seconds, the Real Player window opens immediately but doesn't show any video and is unresponsive until the file starts playing 30+ seconds later.
I went into the QT control panel and fiddled with the streaming and advanced settings, but nothing seems to help.
Is this a known problem and if so what's the solution?

I use a 10/100 ethernet network and notice a slight difference (but not 30 seconds) as compared to "local" files. The same happens with nearly any other file format.
On internal HD's on the network (Mac and PC) I get the slight delay. A Firewire drive on the same network seems to be about normal.
Try this:
Set the QuickTime "cache" (QT Control Panel/Advanced tab) large enough to keep a copy.
Use your current method to open the QT file (waiting if needed).
Use the QuickTime "Favorites" menu to "bookmark" the file.
Quit and relaunch QuickTime and try opening from the Favorites menu.
Quicker?
Empty the QT "cache" and try from the Favorites menu again.

Internal Open Relay For Entire Network

Similar Messages

Maybe you are looking for