Running mail server, should I use VPN or just public IP?

Hey everyone this might be a dumb question but here's my setup. I have Leopard Server at my office, and a static ip address there for my Internet. I've set up VPN as well and I can VPN in from my home using my MacBook, or using my XP based laptop.
Right now the ports for mail are closed, so if I try to add an email account on my blackberry, or on my PC using the static ip, it doesn't find the ip which is fine. Once I'm VPN'd in though, if I add a mail server "10.0.0.25" which is my server IP, it adds it fine.
Here's my question, the setup above is what I'm used to with my corporate job. To get my email from home I VPN in, then load my email. I don't mind having to do this, but what are the benefits/disadvantages here? I'm trying to figure out how I would set up my blackberry without BIS since I'm a small business of 3 employees.
If I leave the ports for mail open, and just set up my blackberry to my static ip as well as my email client, is that a huge security risk?

If your mail server is configured properly, it's not a huge security risk to allow external clients to connect - the vast majority of email servers on the internet are already configured this way and there are much bigger targets than you.
Things to check are that you're not running as an open relay - meaning you don't accept mail from just anyone and send it on. Your mail server should only accept mail from local clients (i.e. machines in the office) or from connections that authenticate. This will prevent some spammer trying to bounce bogus emails through your mail server, and it's pretty easy to setup given the options in Server Admin.

Similar Messages

TS3899 What out going mail server should I use?

What out going mail server should I use with 1, 3G , 2, using wifi at home with telecom, 3 using wifi at work using call plus ( slingshot)

Ask the email service provider.
No one here can tell you as you've provided no information.

What outgoing mail server should i use

I am trying to set up an icloud account on my mac and when i try to send emails i get a message that both incoming and outgoing mail servers are incorrect and are also showing offline even though i go to mail and "take all accounts on line" if i go to the internet icloud.com i have my mail, but i can t get teh mail through mail app on new mac

As you have Mountain Lion your best bet is to sign out in System Preferences>iCloud and then sign back in again, enabling Mail and any other data types you want synced in the checklist there. This should set Mail up properly for you. Your data will disappear when you sign out but will reappear when you sign back in.
The correct email settings are listed here:
http://support.apple.com/kb/HT4864
but you shouldn't need to set them up manually.

Connect to server thru DNS using VPN

I want to do the following :
- connect to my server thru VPN (this is working) using VPN server of the OS X Server
- command -K connecting thru the fileshare on the same server using the dns name of my server. (not working)
when i see the settings of the VPN connection i see my DNS server in the tab DNS. But connection is not established.

Are you typing the hostname of the server in the 'Connect to Server' dialog? or are you hoping to see the remote servers appear in the list when you Browse?
The former should work. The latter will not (at least not without extra significant hoops).
If you are trying the former, and you can't hit the server by name, check whether you can hit it via IP address. Also check whether you can resolve the name via some other means (e.g nslookup or dig in Terminal.app, or Network Utility.app). That will at least help pinpoint the problem.

Running mail server on Worker Role

I'm trying to use a Worker role to setup an SMTP server. I used Visual Studio to provision the worker role, assigned a ReservedIP address to it, setup ReverseDNS, and specified an inputendpoint for SMTP on port 25.
Question, when you specify an InputEndpoint, does it poke a hole in the firewall of the VM? Or does it assign that to the WorkerRole application? I wanted to use a Web Service instead of a regular VM to install an SMTP server, but I'm not having any
luck. I installed SmarterMail on the Worker Role service and cannot get port 25 to respond for Smartermail. It sends mail just fine, but is blocked for inbound SMTP.
Any ideas?
Jim Braun

Hi,
Thanks for Posting.
Yes, Input Endpoints enable External Traffic to be load balanced to your Web/Worker Role VM through the Firewall.
You might want to check this thread for additional information :
https://social.msdn.microsoft.com/Forums/en-US/1e284bf7-2f9d-44ca-b5f8-f29a8654633a/receive-email-using-worker-role?forum=windowsazuredevelopment
Also refer to this Link which talks about setting up SMTP on worker role :
http://blog.smarx.com/posts/emailtheinternet-com-sending-and-receiving-email-in-windows-azure
Regards,
Nithin.Rathnakar

Which server should i use JBoss or Sun one?

I just want to try out some EJB applications ,I use Eclipse as my ide my question is which application server should i useJBoss or Sun one? .it is purely for studying purpose

Whichever you want to. It shouldn't matter.
Sun's one is tied into their tutorial, but they hide a lot of the stuff behind their specific IDE.
I would go with JBoss, because I think there is more of that out there in the "real world" then there is the Sun application server.

SMTP Outgoing Mail Server does not use password so I can not send mail..

Hi All
Can anyone help me with this?
My POP email accounts on Hosting.365.ie do not use a password to authenticate outgoing mail. They rely on a prior authenticated download to enable the outgoing mail server.
On my MacBook Pro there is an option in the SMTP server settings under authentication for "none' and all my accounts work perfectly on the MacBook.
However my iPhone4 (brand new) and iPad (both up to date) there is no option under the SMTP server settings for "none". I think this is the root of the problem. Has anyone else come across this or is there a workaround?
Many thanks if anyone has any insights.
Peter

Yeah, I don't know why the difference. Interestingly for me, the iOS version in iOS4.2 is "better" than the OSX version of Mail because now I can have more than one Exchange account.
I am sympathetic with your need to separate your lives. I have a client that accidentally got one of my alternate email addresses and cannot/will not update his address book with the "correct" address, despite my requesting several times over the course of a year. In any case, I don't think there is any way around this other than completely changing your email address. (If not a second Gmail, then Yahoo, Hotmail or other email provider.)
The only time I've ever seen a "no password" SMTP server was as I previously said, it used a "network authentication" method. Many, many moons ago, SMTP servers often didn't have password authentication so would often be used for spam relaying. Before mobile users, "network authentication" by ISPs was fine since they could figure out which user was spamming since they could trace the IP addr, MAC addr, etc back through the physical link to the user. But with mobile users who change networks constantly, the general trend was to password authentication, even for wired ISPs since their users would want to have access to send mail while away from home. (e.g.: you're a RoadRunner customer, but want to send mail while using your laptop on vacation in Italy.) This "prior authenticated download" I've never heard of anyone else doing.

Outgoing mail server rejected password - using microsoft exchange email

hi everybody,
so i have a microsoft exchange outlook email account from my school. i recently have started having troubles with apple mail sending messages. it rejects the password of my email account. i have gone to outlook.com several times and changed the passwords but to no avail. i know it used to work. i went on a trip to guatemala and came back and now it seems to hate me. i cant remember if the problem arose after my switch to snow leopard either..
i went to the help section on the outlook page after i log in but after i change to those settings its still rejects my outgoing mail password.
is there a bug with snow leopard? oh good as i am writing this mail just 'quit unexpectedly'..aww the joys of just having microsoft email- imagine a whole operating system based on such inadequacies (i must vent.. this is extremely annoying that i have to reply back to people with my gmail account)..
thanks in advance!

It is likely the Port setting for the SMTP has either gotten changed while you were away, or your provider has changed what settings are needed. Check the settings carefully. If you know exactly what Port should be used, change to Use Custom Port, enter the Port manually, and proceed to test again.
Ernie

What server should I use to support 150 user connection

We use Developer 2000 to develope our application, we want to use the Oracle Application Server to connect 150 external users through internet, can you tell me that is it fast enough if I use the following server for Application Server:
-     Pentium III Xeon 1GHz with 133MHz GTL Bus
-     256K level two ECC cache
-     4GB ECC RAM
-     2 x 36GB Harddisk
-     Integrated Dual Wide-Ultra2 controller
The user connects to our server will only run some simple input screen, no large job. Is there any standard figure for us to calculate the required RAM?

My suggestion is to double check your actual requirements:
- are they related mainly to a network issue, in such case your problem might find a solution with connection pooling / connection manager to run shared rather than dedicated connections on the database server ? Have a close look at this if you are running behind a firewall.
- you mention app server, but you seem to refer to a database server. If this is the case, a big part of the answer will lie in tuning the performance of your database server, with a close look at memory caching (buffer and library cache) , Disk I/O . The initial choice of your database block size is equally important and will depend on the nature of your application (DSS or OLTP)...

What mailing address should I use to send a support donation?

I want to mail in a support donation for Mozilla but could not find the correct mailing address to do this on your website. Can you please send me the correct mailing address so I can send some money in? Thank you, Christine Long
<sub>edit: removed your mail address from public display, since the only thing it will attract are spam bots. you will be notified per mail once somebody replies to the thread. (philipp)</sub>

JWSDP is more a web services package and I doubt if it'll be any use in developing a web application.
You would require a j2ee web server - tomcat is the most widely used open source server and it comes bundled with the necessary j2ee apis (servlets and jsps) that'll help you set up your web application. NetBeans is an ide that'll probably help you speed up development - I havent used it, so I cant say for sure. Eclipse is another such ide which you could configure to start the web server from within it, but all that would come later in your learning curve.
ram.

Help: which LDAP server should I use with weblogic 5.1

Hi:
I try to use LDAP for user profile management. I am free to use any LDAP
server as long as it is easy to work with weblogic 5.1 or 6.0.
Any suggestions?
Thank you.
li

This is what I did for my DS settings
1. select Oracle JDBC Driver
2. set Classes12.jar in Websphre classpath - (Oracle thin driver)
3. create DS with option User defined JDBC provider
means I have added Thin driver provided by Oracle , instead of deprecated Thin driver from IBM.

Which Application Server should I Use

Hi All,
I am learning the EJBs for the first time. I tried to search for tutorials and found a few tutorials in SUN website. For some they asked me to install weblogic server. Then in another link they are showing sun application server.
Please advise which application server is better or more widely used. I am learning EJB's to improve my job prospects.
Thanks

You can use the Sun application server. Please checkout the following links:
http://glassfish.dev.java.net
https://glassfish.dev.java.net/javaee5/ejb/
and
http://java.sun.com/javaee/5/docs/tutorial/doc/

Which 3rd party server should I use to host my labview VI from my PC

I have developed a Labview application, that I want to host from my PC. So that I can access it from other PC thorough internet.
Now It can be accessed from the connect "remote panel" option in OPERATE tab.
But I cant give a labview to my client so I want to access it through browser.
Using web publish tool I can access it on LAN through web browser.
But now I want to host that HTML page on internet.
so can you folks please help with the third party server suggestion that can host remote panel.
Thank you.

If you are wanting to display your front panels the answer is easy: There are no 3rd party servers that can display a dynamic LV front panel. What you will have to do is a conventional Web application where your LV code sends data to the web user interface using HTTP client calls to "Get" and "Post" methods.
The client-side will be orchestrated through JavaScript and some sort of messaging scheme you work out.
Mike...
Certified Professional Instructor
Certified LabVIEW Architect
LabVIEW Champion
"... after all, He's not a tame lion..."
Be thinking ahead and mark your dance card for NI Week 2015 now: TS 6139 - Object Oriented First Steps

WCF client consumes JAVA web service - should I use WCF or just create a custom parser/message factory?

We've a business partner who requires us to create a service request message with a SAML 2.0 assertion. The partner's supplied two certificates and a test harness for their JAVA webservice.
I've created a WCF client with a `CustomBinding` to try and recreate the request and consume the service, but I'm getting so frustrated with the nuances of WCF (and the lack of intrinsic support for SAML 2.0) I'm wondering am I better off using something like
a `WebClient` or `HttpWebRequest` and encrypting/building & signing the XML web request and doing the same for the response. I know there's a lot of work involved on this but at least I'd be in full control.
Your advice would be very much appreciated, what I'm working with is displayed below
**Note: I was supplied with a SoapUI Test harness for the Java service**
**The vendor supplied me with this request (ran though SOAPUI and extracted via Fiddler)**
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:EncryptedKey Id="EncKeyId-29B98C291D1FDFB39113352984774895">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=test_server</ds:X509IssuerName>
<ds:X509SerialNumber>12356789</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>

</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-3"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-29B98C291D1FDFB39113352984773591" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> </wsse:BinarySecurityToken>
<ds:Signature Id="Signature-1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>

</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>

</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-29B98C291D1FDFB39113352984773792">
<wsse:SecurityTokenReference wsu:Id="STRId-29B98C291D1FDFB39113352984773893" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#CertId-29B98C291D1FDFB39113352984773591" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<saml:Assertion ID="_54d0c8395de26c3e44730df2c9e8d3e9" IssueInstant="2012-02-17T10:40:36.806Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>CN=test_client</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_54d0c8395de26c3e44730df2c9e8d3e9">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>

</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>

</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>

</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml:NameID>
</saml:Subject>
<saml:Conditions NotBefore="2012-02-17T10:40:21.806Z" NotOnOrAfter="2012-02-17T10:41:06.806Z"/>
</saml:Assertion>
<wsa:Action SOAP-ENV:mustUnderstand="1">http://www.xxxxxxx.xxx/ws/schemas/xxxxxx1/xxxx/xxxxxxxxxxxxxx</wsa:Action>
<wsa:MessageID SOAP-ENV:mustUnderstand="1">uuid:bffc27ba-68d9-44e6-b1f0-e2f852df7715</wsa:MessageID>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="id-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="EncDataId-3" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-29B98C291D1FDFB39113352984774895"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>

</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
**This is as close as I've gotten with my WCF client. Issues I can immediatley is that the `<o:SecurityTokenReference>` element should contain the Issuer and Serial, instead it contains a `KeyIdentifier` element?**
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_3"/>
<a:MessageID u:Id="_4">urn:uuid:fc8ef84b-dbf5-4150-a0c3-d4cc986333d1</a:MessageID>
<ActivityId CorrelationId="a9e1fec4-32bc-4633-909e-3d601c809b3c" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">d1909115-8922-46f3-a96c-db15bf91c599</ActivityId>
<a:ReplyTo u:Id="_5">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo27oY4/3mnBOry0YL4StqvcAAAAA0UM+eVt4fU2AOe9/B3lPDZNf/2HmAuNEvzAoW0eKVSUACQAA</VsDebuggerCausalityData>
<a:To s:mustUnderstand="1" u:Id="_6">https://localhost:8089/ws</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-e5592f06-32af-40fb-996e-a0a469c7ed5e-2">
<u:Created>2012-04-24T20:41:50.447Z</u:Created>
<u:Expires>2012-04-24T20:46:50.447Z</u:Expires>
</u:Timestamp>
<e:EncryptedKey Id="uuid-e5592f06-32af-40fb-996e-a0a469c7ed5e-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">lU10DQn4lSpE4fRpE9gslm5QDt0=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>

</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
<e:DataReference URI="#_7"/>
<e:DataReference URI="#_8"/>
</e:ReferenceList>
</e:EncryptedKey>
<o:BinarySecurityToken u:Id="uuid-fad0c01f-ab4b-4a5f-bec6-93aa8c2d5a52-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"></o:BinarySecurityToken>
<e:EncryptedData Id="_7" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<e:CipherData>
<e:CipherValue>

</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
<e:EncryptedData Id="_8" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<e:CipherData>
<e:CipherValue></e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<e:CipherData>
<e:CipherValue></e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
Using this configuration for the WCF CustomBinding
<system.serviceModel>
<bindings>
<customBinding>
<binding name="WSHttpBinding_IEnquiryRequest" >
<transactionFlow />
<security defaultAlgorithmSuite="TripleDesRsa15"
authenticationMode="MutualCertificate"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireDerivedKeys="false"
>
<secureConversationBootstrap authenticationMode="CertificateOverTransport"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireDerivedKeys="false" />
</security>
<textMessageEncoding messageVersion="Soap11WSAddressing10" />

<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="certBehaviour">
<clientCredentials>

<clientCertificate x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" findValue="test_client" />
<serviceCertificate>
<defaultCertificate x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" findValue="test_server"/>
<authentication revocationMode="NoCheck" certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint
address="https://localhost:8089/pvs/ws"
binding="customBinding"
bindingConfiguration="WSHttpBinding_IEnquiryRequest"
contract="XXXService.enquiryRequest"
name="WSHttpBinding_IEnquiryRequest"
behaviorConfiguration="certBehaviour"
>
<identity>
<dns value="test_server"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
I've no idea how to insert the SAML 2.0 assertion in there before it's signed. That and the Key Issuer/serial issue above is where my main problems lie with the request.
Any and all help appreciated

Yaron,
Thanks a million for your response, think you hit the nail on the head there. Actually figured out the first part myself this morning, I've retrieved the SymmetricSecurityBindingElement object from the binding configured in the app.config and set it explicitly,
just as you've defined. Couldnt figure out how to do this yesterday for some reason! Here's the code for anyone that's interested:
//Get custom binding reference from app.config
CustomBinding binding = new CustomBinding("bindingNameInConfig");
// Reference the symmetric security element
SymmetricSecurityBindingElement securityBindingElement = binding.Elements.Find<SymmetricSecurityBindingElement>();
// Get the x509ProtectionParams from the security element
X509SecurityTokenParameters tokenParameters = new X509SecurityTokenParameters();
tokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
tokenParameters.RequireDerivedKeys = false;
tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator;
// Set the X509SecurityTokenParameters to point to the one's just configured. This is for symetric encryption, for asymetric this line needs to change
securityBindingElement.ProtectionTokenParameters = tokenParameters;
Are you sure that SAML assertion is not signed? That makes things a lot easier! Do you think the following approach will work when inserting in the SAML 2.0 assertion? :
Create a class that inherits from IClientMessageInspector and insert the SAML as shown below
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;
using System.Text;
using System.Xml;
using Microsoft.IdentityModel.Protocols.XmlSignature;
namespace TestClient.Application
class Saml20Extension : IClientMessageInspector, IEndpointBehavior
#region Implementation of IClientMessageInspector
public object BeforeSendRequest(ref Message request, IClientChannel channel)
MessageBuffer buffer = request.CreateBufferedCopy(int.MaxValue);
// ** Add the SAML Assertion XML here **
request = buffer.CreateMessage();
return null;
public void AfterReceiveReply(ref Message reply, object correlationState)
MessageBuffer buffer = reply.CreateBufferedCopy(Int32.MaxValue);
// ** REMOVE THE SAML ASSERTION HERE **
reply = buffer.CreateMessage();
#endregion
#region Implementation of IEndpointBehavior
public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
// Add this implementation to the inspectors.
clientRuntime.MessageInspectors.Add(this);
public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
public void Validate(ServiceEndpoint endpoint)
#endregion
Also, There's a second signature being inserted into my WCF request that I need to replace with the SAML insertion - how do i get rid of the second signature?? (see updated request below)
POST https://localhost:8089/pvs/ws HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Host: localhost:8089
Content-Length: 6720
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_3"/>
<a:MessageID u:Id="_4">urn:uuid:84dc0bb8-13fd-4e90-84c4-ed1e6e831801</a:MessageID>
<ActivityId CorrelationId="07e0df62-d40a-4e24-aacc-12e626f80e8b" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">40077c44-d415-4567-99a1-1ea610c41d94</ActivityId>
<a:ReplyTo u:Id="_5">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo1f0ZJ98FOxIvULl0pmGv/wAAAAAEGu5/G7VNkia/XbStJDa+ldqi+8xxdtAiBL+Y8vCqa0ACQAA</VsDebuggerCausalityData>
<a:To s:mustUnderstand="1" u:Id="_6">https://localhost:8089/pvs/ws</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<e:EncryptedKey Id="uuid-5b1de37e-ea76-4f75-b268-ebb63b554c11-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=test_server</X509IssuerName>
<X509SerialNumber>123456789</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue></e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
</e:ReferenceList>
</e:EncryptedKey>
<o:BinarySecurityToken u:Id="uuid-d62ff21f-7e9b-460d-a0ee-d5fad221427d-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIBpzCCARCgAwIBAgIETzKMfzANBgkqhkiG9w0BAQUFADAYMRYwFAYDVQQDDA10ZXN0X2ZhY2lsaXR5MB4XDTEyMDIwODE0NTM1MVoXDTE3MDIwODE0NTM1MVowGDEWMBQGA1UEAwwNdGVzdF9mYWNpbGl0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvzdwlxcpwRKGzLvpqYoS4NEbhbx/jV6Z6kyXgJ0IWLZAW20oWmxPwumsqkKr6bWX2NWbGrka6w1e9+iZFBKiBq5zzxJKusCJQtPjuYwjaTGjVTFnixHp9sKnjIEprKyarceG00WzCVdtuI1NpNp8dgemzA6FFt1ESwwELq+rKvECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAokX6HZhhEj7Bfo0Z8ZeoZeYFB8pHrN5A6927cJx17EXWVv0Mwn/+fDgTAhtsN9DB68CFNejox8mM0+KewjsgT4z80YxMHGlpM13z4c8+iMiQcJ7cISScTBaTONOtDqK1WNtci8biNjnLn7+4Z4fw17jlttN0dPHC3fvGywh6TkQ==</o:BinarySecurityToken>
<Signature Id="_0" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>

</DigestValue>
</Reference>
<Reference URI="#_3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>

</DigestValue>
</Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>

</DigestValue>
</Reference>
<Reference URI="#_5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>

</DigestValue>
</Reference>
<Reference URI="#_6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>

</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>

</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-5b1de37e-ea76-4f75-b268-ebb63b554c11-1"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>

</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>

</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-d62ff21f-7e9b-460d-a0ee-d5fad221427d-1"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<e:CipherData>
<e:CipherValue>

</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>

Services that need mail server - Use an outside mail server

Hello,
I have a mail server somewhere on the internet, and outside my localnetwork.
Our OSX local server serves few services : DNS (for local dns name) OD, Ical, Ichat, Afp, Mobile access, vpn
Do they services use mail server locally ?
Do I need to setup a mail server localy or can I use my outside mail server ?
If needed
If I just set on every OD users, a mail as [email protected] and if my internet mail servers has an account for them, how can I define for these users the smtp/pop accounts to allow them to send mail through my net mail server ?
Do I have to setup a local mail server and accept in my internet mmail server this local mail server to relay mail in ?
In fact, what I'd like is to keep this internet mail servers, and set all my OD users using this mail server.
Thanks for your help, and sorry for my poor English. Hope you undurstood

I don't think you need mail services running to use any of those services. I can't speak for mobile access because I don't use that service. I think iCal and iChat need an email address for each user. You can set that in the info tab for each user in workgroup manager.

Running mail server, should I use VPN or just public IP?

Similar Messages

Maybe you are looking for