Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 665
  • Last Modified:

Gwia Question

I am going to do a upgrade to groupwise sp2 Also as part of the upgrade The client would like to have a second GWIA set up
on that box as an inward facing GWIA and have the outward facing GWIA
set to refuse connections from domain.com in an attempt to
address the recent security report.  they have 2 interfaces on the email
server and are able to commit the other port to the inward facing GWIA
so we dont have to play games with port numbers. how would I accompish this?
0
eberhardt2329
Asked:
eberhardt2329
  • 4
1 Solution
 
PsiCopCommented:
What VERSION of GroupWise are you going to upgrade to SP2? There is an SP2 out for v5.5, v5.5EP, v6.0 and v6.5.

I'm not sure you can do exactly what you want. I would recommend that each GWIA reside in its own Secondary Domain. In the Domain(s) where the user accounts are located (probably another Secondary Domain), you would put the "outbound" GWIA as the default for Internet E-Mail (you can set this Domain-wide).

Normally, GWIA will bind to all available IP addresses when it comes up. I'm going to have to research some to see exactly how to limit this. I know it CAN be limited, but only in one direction (i.e. either for sending or receiving).

You'll need to run each GWIA in its own Address Space, also. So you need to be using NetWare v6.0 or later, preferably NetWare v6.5 SP2.
0
 
PsiCopCommented:
Standard Plug: You may have noted that GroupWise does not have its own TA under the E-Mail heading. If you'd like to help change this, then a nice (free) message in the New Topics request area would be helpful. http://www.experts-exchange.com/Community_Support/New_Topics/
0
 
eberhardt2329Author Commented:
the version of groupwise is 6.5 thank you for suggestions i will look forward to your future posting on this. i knowis a tricky one
0
 
PsiCopCommented:
OK, here is the isue. The GWIA will NOT, by default, ignore a given NIC for *outbound* messages. By default, it will use *any* available address when *sending*. See the Novell GroupWise v6.5 Administration Guide at http://www.novell.com/documentation/gw65/index.html, specifically Page 641.

In order to force the GWIA to bind to a specific IP address for outbound E-Mail, you must choose the "Bind to TCP/IP Address at Connection Time" option under the SMTP/MIME tab (Settings panel) of the GWIA properties.

I note in passing that GWIA will still listen on all TCP/IP addresses on the machine for incoming E-Mail. There is no way to override that behaviour.
0
 
PsiCopCommented:
So, to do what you want, list the *incoming* GWIA in your Domain's MX records. That will direct all external E-Mail coming to your GroupWise system to that GWIA. If you want, you can list the other GWIA as a lower-preference MX - be careful here to have anti-spam features turned on, because spammers will look at DNS records for all MXes for a Domain and send to all of them.  The advantage of making the "outbound" GWIA an MX is that if the "inbound" machine dies (critical hardware failure) you don't have to wait on DNS propogation to start receiving E-Mail. You can even have your firewall block inbound Port 25 connections to the "outbound" server, since legit senders won't use it unless your normal "inbound" server is down.

Then, in the Domain(s)  in which your users reside, go to the Properties of the Domain object, select the GroupWise tab, Internet Addressing panel, and force the GWIA for outbound Internet E-Mail to be the "outbound" GWIA.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now