| ArGoStuff User to User Support Forums |
Limit POP3/SMTP access Last Post 23 Jun 2010 08:45 AM by Steve Topilnycky. 6 Replies. | Sort: |
|  Prev Next | You are not authorized to post a reply. | |
Warnestam
New Member
Posts:11
 | | 07 Jun 2010 05:34 AM |
| Hi, We are using ArGoSoft Mail Server 1.0.7.0 for sending notifications to external customers (at external mail addresses). We would like to strengthen our security by only allowing certain IP-addresses. This is what we would like to do; - Our "sending" application are located on two computers and are using POP3 before SMTP. How can we limit the mail server so that only SMTP from certain addresses is allowed (I tried to use the trusted hosts without any luck. Our applications sends mostly to external e-mail addresses so we have enabled remote deliviery.
- Sometimes the mail we sends is bonunced back (old users or they go for a vacaction). Is it possible to automaticly remove bounced messages?
- I have one administrator account that is used only for receiving mails with POP3. This account is also fixed to a single IP-address. Can we limit the POP3 access so that only certain addresses is allowed?
- Can the POP3 and/or SMTP service be configured so that clear text is not transffered?
Best regards Robert Warnestam | | |
|
|
Steve Topilnycky
Forum Administrator
Veteran Member
Posts:1277
| | 10 Jun 2010 08:23 PM |
| Hi Robert,
First, you stated that you are using 1.0.7.0. Version 1.0.7.7 is the current version. You may consider upgrading to the latest version.
Does your application support SMTP authentication. That would be the more secure way of accessing the server to prevent unauthorized access. In reviewing the Mail Server revision history, there was one fix for trusted IP's, but I am unsure if it fits your exact scenario. Another option: eWall. eWall from Server Side Solutions it a proxy front-end that can be used with ArGo Mail Server. From eWall you can create all types of rules, including Trusted IP hosts. You could probably create a rule to handle the bounce backs. I'm not sure about item #3 in your list. As for #4, I have not seen any SSL/encryption in the mail server. Are the severs and workstations within the same network? If so, you could probably configure something were some items are only accessible via the internal IP addresses.
| | - - - - - - -
Regards,
Steve Topilnycky
Top Cat Computing
http://www.topcatcomputing.com/ | |
| Warnestam
New Member
Posts:11
| | 17 Jun 2010 11:22 AM |
| Hi Steve and thanks for your reply,
I haven't been able to update to the latest release (error 2869 shows up during installation, propably because I lack the neccessary rights). But I guess that the function "Trusted Hosts" doesn't deny all calls from other IP-addresses anyway. Even if eWall could solve the problem I really don't want another application installed. I think I just add a rule in my firewall:)
Regards
Robert | | | |
| Steve Topilnycky
Forum Administrator
Veteran Member
Posts:1277
| | 17 Jun 2010 09:44 PM |
| Robert,
You're most welcome. Have you tried the upgrade using an administrator account? The trusted host feature does work. I have one internal IP address that requires it because the sending application does not support SMTP authentication. Trusted hosts will accept connections without authentication. To deny IP addresses, you would have to use the BAN hosts feature. | | - - - - - - -
Regards,
Steve Topilnycky
Top Cat Computing
http://www.topcatcomputing.com/ | |
| Warnestam
New Member
Posts:11
| | 23 Jun 2010 08:19 AM |
| Hi,
Since we are using co-location for our server I have to order an temporary elevation of my rights. You're right that the trusted hosts will accept connections witouth authentication and can therefore not be used by us. We must stop all connections except from a single address - sounds more and more like a firewall rule to me.
Regards
Robert
| | | |
| Warnestam
New Member
Posts:11
| | Steve Topilnycky
Forum Administrator
Veteran Member
Posts:1277
| | 23 Jun 2010 08:45 AM |
| Robert, Yes it does. Keep in mind, Argo does have a second SMTP port. Depending on exactly what you are trying to do, you can use that port, so it would be unknown to the outside, and maybe easier to configure between your applications and firewall. Just a thought | | - - - - - - -
Regards,
Steve Topilnycky
Top Cat Computing
http://www.topcatcomputing.com/ | |
|
| You are not authorized to post a reply. |
|
|
|  | | Mail Server v1.0.8.3 |
- Added support of STARTTLS (STLS) command for SMTP, POP3, IMAP, and SMTP relay and delivery, which will
allow secure, fully encrypted connections, when possible;
| | 11/6/2011 1:10:34 PM |
| Mail Server v1.0.8.2 |
- Optimized delivery speed. In earlier versions each "tick" which was checking whether messages were
in the outbox queue, was picking up only one message at a time. Now it will attempt to pick MaximumAllowedThreads-ActiveDelivery threads
messages, which should considerably increase deliver speed;
- Optimized SEARCH and STATUS IMAP commands. They appear to be used very extensively by Android, and (not that extensively, but still) by
iPhone. Now users who use mobile phones to access their IMAP accounts will see considerable improvement;
- Optimized STORE IMAP command. Before storing of IMAP flags was occuring one message at a time, which seemed to be fine
with SQL server, but proved to be slow for SQLite... Now it happens with single SQL call.
| | 10/8/2011 7:59:35 PM |
| ArGoSoft Mail Server v1.0.8.1 | -
Fixed a bug: when using IMAP via Firefox with "When I delete a message, move it
to Trash folder" option, marking messages in the trash folder was causing high CPU usage,
and was taking some time, making the server pretty much non-responsive. The problem was
happening only when using SQLite.
| | 6/6/2011 9:33:36 PM |
| ArGoSoft Mail Server v1.0.8.0 |
- Fixed a problem with web interface - was showing only first page of messages, and would not
switch to other pages; In order to fix the web interface, mail server itself has to be updated;
- When installint initially, was still using SQLite, even when SQL was requested;
- There was a problem with switching from SQLite database engine to SQL server database engine:
the SQL database was not being created;
| | 5/23/2011 5:53:55 PM |
| ArGoSoft Mail Server .NET v1.0.7.9 |
- The server no longer requires Microsoft SQL Server. If SQL server is not found, it will use
SQLite engine, which does not require separate installation. If SQL server is found, then user will be
prompted whether he wants to use it;
- Made other improvements, such as, now mailbox rebuild indexes orphaned records, rather then deleting them,
also added an opotion to increment UIDL validity of folder (both on the Mailbox viewer box);
- Made minor improvements on web interface;
| | 4/26/2011 9:47:25 PM |
| |
|  |  | |  |
|