MITM Security Registry Edit Causing SMTP Relay Issue

Similar Messages

• Use Exchange 2010 Hybrid Edition for SMTP relay

  Thanks guys.
  hmmm.
  I did try and telnet on port 25 to the hybrid and get the welcome, when i enter the mail from command and enter a valid email address, i get "530 5.7.1 Client was not authenticated"
  I have exchange 2003 admin experiance and and learning my way around the 365 environment still
  

  Hi all,
  we recently moved our Exchange 2003 to Office 365 using a Hybrid Exchange 2010 to migrate the users.
  the migration is complete and we have kept the Exchange 2010 Hybrid Edition running to enable us to mail enable new AD users after the DirSync has synchronized the user to the tenant.
  has anyone used this limited version of Exchange as an smtp relay for network devices, copiers etc?
  This topic first appeared in the Spiceworks Community

• BizTalk SMTP Relay Issue

  We go to send mail via SMTP from all of servers, we are only able to send mail to @Dell.com addresses only.(same network)
  We would not able to send to all address (like an @Microsoft.com or an @csc.com address)
  I am able to send an email to all address through dot net application but not Biztalk
  Please share your thoughts how to resolve the issue 

  I hope your .Net Application sending e-mail is NOT OUTLOOK? :D
  From the BizTalk Server can you do an interactive SMTP session with the SMTP server and check if relay is permitted? If you get relay denied then very clearly the SMTP Server configuration requires modification. (the responses from the SMTP server are in
  BOLD)
  > telnet <your smtp server name/ip> 25
  220 <your SMTP Server name> Microsoft ESMTP MAIL Service, Version: 7.5.7601.17514
  ready at  Fri, 6 Mar 2015 11:45:03 +0530
  HELO <your BizTalk Server FQDN>
  250 <your BizTalk Server FQDN> Hello [<ip of your BizTalk Server>]
  mail from: <some-email-address>@dell.com
  250 2.1.0 <some-e-mail-address>@dell.com....Sender OK
  rcpt to: <[email protected]>
  What is the response? do you get "250 2.1.5 <[email protected]>" or "relay denied".
  Either way you should get someone who know mail & messaging involved to help to ensure that it is not a SMTP issue.
  I agree with Ashwin on this NOT being a BizTalk related issue.
  Regards.

• Secure way for SMTP relay for DMZ server

  Hi,
  I would like to know if there is a secure way to allow SMTP relay from server in DMZ.  This is our Exchange server configuration.
  All Exchange server roles installed on a single server.
  No Edge server.
  Thanks in advance.

  Hello
  if haven't got relay connector, need create one receive connector add only one dmz ip and if application can authentication use that authentication method, if cant use any auth method  enable anoynous relay.
  sorry my english

• Registry edit Apple requires is causing windows to not detect files on the DVD drive

  Registry edit Apple requires is causing windows to not detect files on the DVD drive. If I set up the registry it requires then the files will not be dected & if I do it the way windows requires then the files will be detected but ITunes will not be able to use the optical drive. Is there any kind of patch or something someone can help me with?
  Thanks O'Bie

  To fix registry, refer to this article:
  iTunes for Windows: "Registry settings" warning when opening iTunes
  http://support.apple.com/kb/TS3299

• SMTP relay authentication issue with DynDNS MailHop Outbound

  Hi,
  I'm trying to use the SMTP relay functionality of my OS X Server but I get following log message:
  Apr 4 21:40:21 mydomain postfix/smtp[7629]: 4EE3686F529: to=<xxxx@xxxxx>, relay=outbound.mailhop.org[204.13.248.71]:465, delay=140731, delays=140130/0.06/600/0, dsn=4.4.2, status=deferred (conversation with outbound.mailhop.org[204.13.248.71] timed out while receiving the initial server greeting)
  I configured the relay settings in Server-Admin for host: outbound.mailhop.org:465 and added my dyndns username and password.
  I would appreciate if someone could help me to figure out what I'm missing.
  Thanks

  If you're getting a 550 error then it indicates an issue with the SMTP server you're using / how you're connecting to it. Either the mail server you've got configured for SMTP isn't setup to handle email for you, or in addition to setting the server address
  in the SMTP settings, you also need to configure it to configure authentication on the email accounts. In the account settings you need to select More settings (I think, I don't have an Outlook 2007 copy to check on), then you'll see an Outgoing
  Server tab, within which you can configure the required authentication. It will either be the same as the POP3 login, in which case you can select "Use same settings as my incoming mail server", or if they're different you can enter the specific details that
  are required to send.

• Have to add 0.0.0.0/0 to "Accept SMTP relays only from these"?

  To reach the server via vpn I had to add a virtual IP (192.168.1.1) to the ethernet port. Since then mail acts a bit strange: I have to add 0.0.0.0/0 to "Accept SMTP relays only from these" in SA. Otherwise i get a "[/var/imap/socket/lmtp]: Connection refused" in the smtp log and the server does not accept any delivery of mails from the internets.
  I'm not quite sure if it's a good idea. Can anyone please tell if this is still a security risk (while having access restrictions on the mail service)?

  After a few telnet tests I can answer my own question: It makes an open relay server to spammers! But to solve the former issue with the connection refuse, I had to switch to virtual hosting in the advanced tab of the mail service and add my own domains.

• IIS SMTP Relay

  We are using windows server 2008 Server R2. We installed IIS and the SMTP relay component. It is setup to relay mail to our exchange 2010 CAS server. All internal mail is relaying properly on this server to the exchange 2010 CAS server to internal email
  addresses. When someone tries to send to a recipient outside the organization such as to domain name hotmail.com, gmail.com microsoft .com, it does not relay the message. When I check the logs it looks like it does not even relay the external email address
  to the cas server.
  The error message we get is below. Please assist in what is wrong.
  Delivery has failed to these recipients or groups:
  [email protected]
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
  Diagnostic information for administrators:
  Generating server:PRI.cross.com
  [email protected]
  #< #5.7.1 smtp;550 5.7.1 Unable to relay> #SMTP#
  Original message headers:
  Received: from HH-DATAserver ([192.111.111.2]) by PRI.cross.com with
  Microsoft SMTPSVC(7.5.7601.17514); Wed, 7 May 2014 20:12:03 -0300
  From: hh-dataserver <[email protected]>
  To: <[email protected]>
  Date: Wed, 7 May 2014 18:12:03 -0500
  Subject: test messase
  X-Mailer: SMTP Mail Component
  MIME-Version: 1.0
  Content-Type: text/plain; charset="us-ascii"
  Return-Path: [email protected]
  Message-ID: <[email protected]>
  X-OriginalArrivalTime: 07 May 2014 23:12:03.0714 (UTC) FILETIME=[C2029620:01CF6A49]

  Hi,
  Is there any update on this thread?
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• On-premise Exchange 2010 SMTP Relay to O365 mailboxes does not resolve Display Name

  Dear All,
  We have SMTP relay receive connector in our on-premise Exchange 2010 server that accepts emails from anonymous users.
  The Externally Secured check box is checked. Display Name of the sender in Emails to mailboxes in on-premise is resolved correctly. 
  But the display name of the sender in the same email to mailboxes which are migrated to O365 is not getting resolved.
  Please let me know if anyone has seen this issue. Some of our mailboxes are in O365 and some are in On-premise server.
  Thanks
  Fred

  Do you have a hybrid configuration set up, and if not, is there any particular reason?
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Cannot get db mail to work via SMTP Relay for Office 365 in SQL Server 2014 on Windows Server 2012 R2

  Our company recently moved to Office 365 which mean our on premise exchange server went away as well with the move.  I am trying to configure my new sql server (OS-Windows Server 2012 R2, DBMS- SQL 2014 Std Edtion).  After some searching I found
  this article (http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx) and have followed these steps exactly, but to no avail.  I did some further research
  on the SMTP relay I setup and found a way to test it (listed here http://technet.microsoft.com/en-us/library/dn592151(v=exchg.150).aspx at the bottom of the article).  If I drop the email.txt file in the pickup folder, it gets sent out no problem.
   I have configured my db email exactly as describe here(http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx).  But keep getting an unable to connect
  to SMTP server error.  I have even tried completely shutting down firewall to see if that is the issue and multiple restarts.  Any ideas how to get this to work on Office 365?
  DB Mail error log:
  Date 6/10/2014 10:28:41 PM
  Log Database Mail (Database Mail Log)
  Log ID 46
  Process ID 2196
  Mail Item ID 19
  Last Modified 6/10/2014 10:28:41 PM
  Last Modified By xx
  Message
  The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-10T22:28:41). Exception Message: Cannot send mails to mail server. (Failure sending mail.).

  Hi,
  I followed this blog and got the below error message in the Database Mail Log.
  “The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-11T19:34:00). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.7.1 Unable to relay
  for [email protected]).”
  If you are getting the same error message, you can try the below steps to resolve the issue.
  1. Open the IIS 6.0 management console. Right click on the SMTP server and open the properties window.
  2. Click on the Access tab, click Relay button under Relay restrictions. loopback IP address (i.e 127.0.0.1).
  Then the email should be sent out from Database Mail without problem.
  Thanks.
  Tracy Cai
  TechNet Community Support

• Updating link to Word Doc is causing a permissions issue

  Hi.  I am attempting to update a link to a Word file, and it is causing a permissions issues in Word when I try to open the Word document back up while the InDesign file is still open.
  Is there any way to link to a Word document that can be worked on while the InDesign file is being worked on?  I think I can use buzzword as an alternative, but I'm looking for the easiest possible solution.
  Thanks!
  Alicia

  Word checks for locked files. In that if another app is using the file, you can not open the file until the other app closes the file. It does this to make sure word has the lastest version of the file. This is partly due to word being using in an office environment were multiple people can be working on the same document.
  Since word is fairly quick to open. You could use the edit original icon in the links panel of InDesign. Make your changes in word once the document opens, then use the keyboard shortcuts ctrl-s to save and alt-F4 to close word.

• HKCU Registry Edit fails (System as user) on RDP

  Hi folks.
  Can anyone confirm the following potential bug (or just my user error):
  Running Zenworks 11.2.3a.
  Create a empty windows bundle
  Create a REGISTRY EDIT action in LAUNCH
  HKCU / Software / TestKey
  Run as SYSTEM, but use logged in user hive instead of .default
  Perform a remote connection to a test PC using RDP (not Zenworks Remote) as a non admin user (but a user who is a member of the Remote Adminstrator Group).
  When trying to launch the above bundle, the following error occurs:
  In the action "Registry Edit", the operation on key "HKEY_USERS\\Software\TestKey" failed due to the following error - "The specified path is invalid. at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str) at Microsoft.Win32.RegistryKey.CreateSubKey(String subkey, RegistryKeyPermissionCheck permissionCheck, RegistrySecurity registrySecurity) at Microso".
  Specifically, you can see that the users SID is not referenced in the HKEY_USERS path when trying to write the key.
  If we perform the same actions when logged onto the machine with the same user, but NOT remotely (i.e. actually at the workstation), there is no problem.
  If we perform the same actions remotely with an administrative user (one who is at least in a nested local admin group), there is no problem.
  It also seems to affect the "DELETE REGISTRY KEY" action - although no error is displayed (I assume the "do not show error if attempting to delete a key that does not exist" issue was resolved), the key is NOT deleted. I would assume that any registry operation where the SYSTEM user attempts to modify the logged in user's key on a remote desktop session will results in an error.
  I'll raise an SR if anyone confirms I'm not being stupid, but I admit not many people are likely to see this issue.

  SR #10924934061.
  Seems confirmed bug.

• Smtp relay on osx 10.9.5 and server 3.2.2

  What we have
  We have a mac mini setup using 10.9.5 and server 3.2.2.    The mail server is OFF but we have a Relay Outgoing Mail through ISP checked (and the proper credentials for the outgoing relay (FQDN) and the authorization credentials.
  What we are trying to do
  Our mac mini runs a php script to generate an email that needs to be sent to users.   The mail has to use a smtp relay and we are trying to use the smtp relay provided by our email vendor.
  Settings required by our email vendor
  Instructions for configuring an email client can be found here
  https://www.namecheap.com/support/knowledgebase/article.aspx/1179/2175/general-c onfiguration-for-mail-clients-and-mobile-devices
  We set up the relay in Mail on the Server 3.2.2 to use SSL and port 465.  In our particular case the relay is configured as shown below.  Obviously the [email protected] is the proper username for our authorization.
  When we try to send mail (we test this function by sending mail from terminal by using the following command (sending mail to myself from myself)
  printf "Subject: TestnHello" | sendmail -f [email protected] [email protected]
  and then watch the mail logs the smtp server rejects our mail due to authorization issues.  The mail log text is shown below (email addresses replaced with [email protected] and IP addresses modified)
  Dec 22 11:57:03 109-218-164-81.lightspeed.austtx.sbcglobal.net postfix/pickup[16825]: 5545383231: uid=501 from=<[email protected]>
  Dec 22 11:57:03 109-218-164-81.lightspeed.austtx.sbcglobal.net postfix/cleanup[16827]: 5545383231: message-id=<[email protected]bal.net>
  Dec 22 11:57:03 109-218-164-81.lightspeed.austtx.sbcglobal.net postfix/qmgr[16826]: 5545383231: from=<[email protected]>, size=340, nrcpt=1 (queue active)
  Dec 22 11:57:03 109-218-164-81.lightspeed.austtx.sbcglobal.net postfix/error[16838]: 5545383231: to=<[email protected]>, relay=none, delay=0.04, delays=0.02/0/0/0.02, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to eforwardct3.name-services.com[216.163.176.39]:465: Connection refused)
  Dec 22 11:57:05 109-218-164-81.lightspeed.austtx.sbcglobal.net postfix/master[16824]: master exit time has arrived
  We find many self help pages on the internet that talk about modifying the main.cf file located at /Library/Server/Mail/Config/postfix.   Some even talk about modifying settings in the master.cf file in /ect/postfix.  I have tried several and none seem to work.
  Can anyone provide some guidance?
  Regards!

  The Server GUI doesn't provide for this use case.
  Take the following steps to configure Postfix to relay mail to a remote SMTP server with password authentication over SSL. Substitute as required for strings in italics below. Address is the fully-qualified domain name of the relay host. The value of port is usually either 25, 465, or 587. Username and password refer to your credentials on the relay host.
  In the current version of OS X Server (but not necessarily in older versions), Steps 1 and 3 should be done for you when you enable relaying and relay authentication in the Server application.
  1. If necessary, create or update the relayhost directive in
       /Library/Server/Mail/Config/postfix/main.cf
  It should look like this:
       relayhost = [address]:port
  2. Add these lines, above the section at the end that begins with the comment "# Mac OS X Server":
       smtp_sasl_security_options =
       smtp_tls_CAfile = /etc/certificates/relayhost.pem
       smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
       smtp_use_tls = yes
  3. If it doesn't already exist, create the password file
       /Library/Server/Mail/Config/postfix/sasl/passwd
  with this content:
       [address]:port
       username:password
  Here address must match $relayhost.
  Then create the password database:
  sudo postmap /Library/Server/Mail/Config/postfix/sasl/passwd
  This action creates the file
       /Library/Server/Mail/Config/postfix/sasl/passwd.db
  The two password files should be readable by root only.
  4. Create the file
       /etc/certificates/relayhost.pem
  with the CA certificate(s) to be trusted for authentication of the remote host. You get those certificates from the service provider. If you can't find a link to download them, try this:
  openssl s_client -connect address:port -showcerts < /dev/null | sed -n '/-BEGIN /,/-END /p' | sudo sh -c 'cat > /etc/certificates/relayhost.pem'
  The command may produce an error message that isn't necessarily significant. For servers that use the older STARTTLS protocol, rather than straight TLS or SSL, this command may need to be modified.
  5. Restart the Mail service.

• Registry editing disabled by your administrator

  Win7 Enterprise edition.  
  64Bit.  
  In a workgroup setting.
  Logged in as local ADMIN.
  GPO SETTING  -  USER CONFIGURATION/Administrative Templates/System - Prevent Access to Registry Editing Tools
  Prevent Access to the Registry is ENABLED
  Disable regedit from running silently?  Is set to NO.
  I have a batch file that looks like this below. It is a tool that we use to support the NBC software in use in over a 1000 computers some on a domain some off.
  @echo off
  cls
  echo NBC values:
  REM  note: "findstr ." removes blank lines
  REG QUERY "HKLM\System\NBC\Software\CurrentConfig" /s | find /v "REG.EXE" | findstr .
  echo Done.
  pause
  This BAT file worked without any issues in XP using the settings at the top BUT in Win7 I receive the message "Registry editing has been disabled by your Administrator" message.
  By setting the GPO setting to "Not Configured" the BAT file works but we do not want to give users any access to the Registry.
  Why does the /s setting not work in Win7 but works in XP?

  My thinking is you could achieve what you wanted if it was domain based group policy as you could filter your admin accounts from applying the GPO so it wouldn't take effect for them, but would for non-admins.
  But i don't think you can filter out the local policy in the same way - it's been a long time since i've used local policies - so there may be a way to do it - i'll take a quick look.
  It's actually possible to do exactly this kind of filtering on the local group policy nowadays. At least in Windows 7/2008 R2.
  It's not the same nice kind of filtering as you have on domain GPOs where you can select specific groups or users but you can setup different User Configuration for Administrator and Non-administrators.
  Start MMC elevated and add the Group Policy Object Editor snap-in.
  When the snap-in is added you have the possibility to change the target of the Policy Editor from the default Local Computer. Click Browse and select the Users tab and chose to edit Administrators or Non-administrators.
  You can add them both to the console to simplify editing.
  hopefully that should do it for you, if you just edit the local policy for non-admins. 
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• Registry edit

  I am trying to install two registry edits via a Zen bundle:
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\14.0\O utlook\Preferences]
  "DelegateSentItemsStyle"=dword:00000001
  and
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\14.0\O utlook\Preferences]
  "IgnoreSOBError"=dword:00000001
  In the bundle, under Advanced Settings, I have Run Action As System and checked Apply HKEY_CURRENT_USER changes to the logged in user's hive instead of .DEFAULT
  The regedits are still going under HKEY_USERS .Default
  If I 'manually' merge the .reg files, they go where they are intended so it is not the files themselves.

  Odd....
  You could just try as "Logged on User" since AFAIK these keys are not
  restricted from a general user modifying them.
  On 3/14/2013 2:45 PM, Anders Gustafsson wrote:
  > I know there were some such issues in the past that were fixed when I
  > updates to 11.2.2 IIRC. Is there any chance of you updating?
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.