Solved

Problems sending POP3 email on Groupwise 6.5

Posted on 2004-08-31
24
600 Views
Last Modified: 2012-05-05
I have setup POP3 on a Groupwise 6.5 server.  I have no problems sending or receiving email inside the network using Outlook or Outlook Express.  If I go outside the network and use Outlook or Outlook Express, I can send mail to anyone on the outside, I can receive mail from people on the inside of the network or outside the network, but I cannot send to anyone on the inside or reply to a message that they have sent me.

I tried adding an exception to the SMTP Relay settings to include the domain POP3 is setup on.  I added an MX record to the Internal DNS server.  Very weird and not sure why I can't send to anyone that is on the same domain as the POP3/Groupwise server.  
0
Comment
Question by:jayknight
  • 13
  • 11
24 Comments
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
The MX record has no effect. What matters is the SMTP Server you have defined in the OE configuration.

If that SMTP server is not available from outside the network where it resides (i.e. is on a private network and cannot be directly reached from the Internet), or is available but has been configured to not relay unauthenticated connections from outside the network where it resides (or does not support such authentication); then it will reject OE when OE tries to send E-Mail thru it.

0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
I setup the email in Outlook 2003 and ran a test and it can find the mail server but when it tries to send a test message, it is rejected.  I have looked all over the place.  Where do I need to go to set this up to accept the email?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
When you say "it can find the mail server", do you mean the GWIA or the SMTP Relay?

If you mean the SMTP Relay, what is running on that Relay? sendmail? postfix? Qmail?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Note that there are inherent security dangers is opening up a mail relay - any mail relay - to relaying for any host on the Internet. Care must be taken, or you'll end up with an open relay, which spammers love and which will end up with you on black-hole lists, your E-Mail being rejected across the 'Net.
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
I posted a reply and I see it didn't take.

I understand what you're saying and I'm very familiar with the risks involved with doing this.  The only email server involved is the Groupwise server.  I have setup the account in Outlook 2003.  I put in mail.domain.com for the POP3 and SMTP servers.  When I run the test built in for Outlook 2003, everything comes back fine except it rejects the test email.  
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
OK, so you need to open up GWIA for relaying.

In ConsoleOne, in the GroupWise view, go to the Domain that host the GWIA and change the object type to Gateways. The GWIA object should appear. Right-click, select Properties. Click the Access Control tab and select the SMTP Relay Settings panel. Select the "Allow message relaying" radio button. Click OK. Either restart the GWIA or wait for it to detect the change and restart itself.

GWIA will now relay any SMTP connection. ANY connection.

If you know the specific IP address(es) or range(s) that you need this to work from, you can leave the "Prevent message relaying" radio button selected, and instead Create Exceptions in the Allow window. Your "From" will be the address(es) or range(s), the "To" will be "*".

So to Allow relaying from 123.123.123.0/24, you would have a "From" value of "123.123.123.*". Your granularity it basically by Address Class, you can't use CIDR notation.
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
I know how to do that but you're telling me I have to open up the gates to allow me to POP3 into the server?  I can't believe I am the only person that has ever had to POP3 into a Groupwise server and the only way is for me to open it up for everyone to spam off of it.

I still don't think that would work anyway because I setup my account in Outlook 2003 with xyz.com which is the domain of our corporate email system.  I went into the GWIA SMTP Relay Settings and added xyz.com as an exception.  It still didn't work.  
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
I tried it again this morning.  I added xyz.com to the exceptions list on the GWIA SMTP Relay settings.  That didn't work.  I then added the IP of where I was coming from that showed up on the GWIA to the exceptions list and that didn't.  This doesn't make any sense.  
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
No, you do NOT have to open up the GWIA for SMTP Relaying in order to use POP3. However, POP3 is a unidirectional protocol. It is designed to allow the client to doanload messages from the server. It is NOT a sending protocol - you cannot use POP3 to xfer *outbound* messages. This is not a failing of GroupWise or GWIA - it is a (probably deliberate) protocol limitation in POP3. If that limit distresses you, well, gotta talk to the people who wrote POP3. Novell just implemented their spec.

For SENDING E-Mail from your client, you need to use the SMTP protocol. And you need an SMTP server that can relay for you, since your client software does not have SMTP relay capability, it just generates an SMTP-compatible message and hands it to a relay server equipped for that task. GWIA, in this case.

If you just want to RECEIVE your E-Mail onto your client (receive ONLY, not send) then you do NOT have to open your GWIA for SMTP relay. Only if you want to SEND from your client do you have to do that.

Instead of "xyz.com", you should use the IP address range(s) of your corporate network. If your company has a Class C of public IP addresses (lucky you), then put in 123.123.123.* (or whatever the proper octets are instead of "123.123.123". Putting a Domain Name only works if it can be resolved for the client attempting to connect.

Note that the IP address(es) you provide to the GWIA in the Exceptions list must be able to reach the GWIA. You stated that these connections failed - what error messages showed up on the GWIA. As long as you have the GWIA in either Verbose or Diagnostic Logging mode, you should see the connection attempts from the client and any error messages. What *exactly* is the GWIA seeing and why *exactly* is it rejecting the connection (if it is indeed seeing it)? Use the logging capabilities at your disposal - resolving this will go a lot faster. If the connection never reaches the GWIA, then that's a communications problem and its not the GWIA's fault, is it? If the connection does reach the GWIA and it rejects it, you need to know WHY it rejects it to determine where the problem is.
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
I promise you that I am not trying to be difficult but I don't think we are on the same page.  

I can send to anyone outside the network but cannot send to anyone inside the network.  Isn't SMTP relaying in the same fashion whether I send inside or outside the network?  

When I try to send an email to someone inside, everything looks fine on the GWIA.  It accepts the connection.  
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
" Isn't SMTP relaying in the same fashion whether I send inside or outside the network?"

Maybe. Maybe not. If you have a firewall, it may not be permitting the connection thru.

If GWIA has not been configured to permit relaying for hosts outside of your network, then it will act differently for hosts outside your network.

What do you see in the GWIA log when you try to relay from OUTSIDE your network? If nothing shows up, then the traffic is not reaching your GWIA, and you have a network  issue (firewall config, routing/port forwarding config, whatever). If the GWIA sees the connection from the outside but rejects it, the error message will tell us WHY. We can then address the GWIA configuration issue resulting in the rejection. Be sure to use either VERBOSE or DIAGNOSTIC logging on the GWIA.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
And be sure you're logging to a file and not just the screen so you can go back and excerpt the relevant portions of the log.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:jayknight
Comment Utility
I tried Verbose mode and it didn't give me any different information.  

Here is the information from the log in Diagnostic Mode:

Accepted connection with: <IP Address>
POP3 command: USER Administrator
POP3 command: PASS
POP3 command: STAT
POP3 command: LIST

{GWEACCT: GweAcctSpoolFunc
}GWEACCT: GweAcctSpoolFunc
OK

POP3 command: UIDL 1
POP3 command: UIDL
POP3 command: QUIT

{GWEACCT: GweAddAcctDestFromParms
}GWEACCT: GweAddAcctDestFromParms
OK

POP3 session ended: <IP Address>
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Hmmm....looks fairly benign. You connected as "Administrator", and it accepted your password. You got a mailbox status and downloaded a headers list.

Am I missing something?
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
Not that I can see.  I can connect fine as the Administrator, download mail from the Administrator's account, send an email from the Administrator's account to anyone not on the same network but the mail will not send to any recipient on the same network.  
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Ah! OK. That log snippet just showed the POP3 session. What about the SMTP session? What shows in the log when you try to send to someone on the same network?
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
That's all it showed when I tried sending an email to someone on the same network.  

I tried it again and I don't see any SMTP commands when I send a message to someone on the inside.  

I also just sent myself a test message to my outside email address and I got it but I still didn't see any SMTP commands on the GWIA.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
" I got it but I still didn't see any SMTP commands on the GWIA."

Hmmm....well, I dunno what to say. Your Logging Level was Diagnostic, right? Is this the only GWIA in the GroupWise system?
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
Yes.  We only have 1 GWIA.  The logging was set to Diagnostic.    
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
I allowed message relaying on the GWIA just to open it up wide and it still did not work.  I guess that rules out a message relaying problem, doesn't it?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Yeah.

Frankly, I don't think the traffic is reaching the GWIA. I don't know how/why, but I don't think the GWIA is seeing it.

Do you have multiple accounts defined on Outlook? Do these accounts have differing configurations with regard to outgoing SMTP server?
0
 
LVL 1

Author Comment

by:jayknight
Comment Utility
I tend to agree with you.  I am going to setup a new SMTP service on the firewall and open up incoming and outgoing with no restrictions.  I looked through the logs on the firewall to see if the traffic was being denied but didn't see anything.  

I have only been testing with 1 account.  I set it up the normal way.  I put in the POP3 and SMTP server names which are both the same.  I set it to keep a copy of the message on the server.  I do not select the option that says My Outgoing Server requires authentication but I have selected it and it still didn't work.  

I am stil confused as to why I can send mail to the outside but can't to anyone on the same domain.  If I can send to the outside, wouldn't it be sending the mail out over the mail server and wouldn't the traffic be getting to the server.  

I opened up SMTP completely on the firewall and it still didn't work.  
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 500 total points
Comment Utility
Well, I'm like the tree right now - I'm stumped. It would be helpful if you could put a sniffer on the network segment on which the Outlook machine is located and see where it is trying to send the SMTP traffic. Can you ask the firewall to log the SMTP (port 25) traffic headed for the GWIA that it PERMITS?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
jayknight,

Thanks for the points, but if I didn't answer your Question, I woulda preferred that you had a Moderator delete it and refund your points rather than giving me a grade of C.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

This article will describe some of the best ways to process an ex-employee from an Office 365 subscription. I will describe the methods I would recommend when the data needs to be kept for the ex-employee as well as how to manage any new email as we…
This article is essential to make secure Yahoo Mail connection without facing any issue. It is providing simple steps to configure your Yahoo Mailbox to Hard drive using Microsoft Outlook.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now