Solved

Gwia Question

Posted on 2004-09-15
5
641 Views
Last Modified: 2006-11-17
I am going to do a upgrade to groupwise sp2 Also as part of the upgrade The client would like to have a second GWIA set up
on that box as an inward facing GWIA and have the outward facing GWIA
set to refuse connections from domain.com in an attempt to
address the recent security report.  they have 2 interfaces on the email
server and are able to commit the other port to the inward facing GWIA
so we dont have to play games with port numbers. how would I accompish this?
0
Comment
Question by:eberhardt2329
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12069893
What VERSION of GroupWise are you going to upgrade to SP2? There is an SP2 out for v5.5, v5.5EP, v6.0 and v6.5.

I'm not sure you can do exactly what you want. I would recommend that each GWIA reside in its own Secondary Domain. In the Domain(s) where the user accounts are located (probably another Secondary Domain), you would put the "outbound" GWIA as the default for Internet E-Mail (you can set this Domain-wide).

Normally, GWIA will bind to all available IP addresses when it comes up. I'm going to have to research some to see exactly how to limit this. I know it CAN be limited, but only in one direction (i.e. either for sending or receiving).

You'll need to run each GWIA in its own Address Space, also. So you need to be using NetWare v6.0 or later, preferably NetWare v6.5 SP2.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12069897
Standard Plug: You may have noted that GroupWise does not have its own TA under the E-Mail heading. If you'd like to help change this, then a nice (free) message in the New Topics request area would be helpful. http://www.experts-exchange.com/Community_Support/New_Topics/
0
 

Author Comment

by:eberhardt2329
ID: 12071656
the version of groupwise is 6.5 thank you for suggestions i will look forward to your future posting on this. i knowis a tricky one
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12075352
OK, here is the isue. The GWIA will NOT, by default, ignore a given NIC for *outbound* messages. By default, it will use *any* available address when *sending*. See the Novell GroupWise v6.5 Administration Guide at http://www.novell.com/documentation/gw65/index.html, specifically Page 641.

In order to force the GWIA to bind to a specific IP address for outbound E-Mail, you must choose the "Bind to TCP/IP Address at Connection Time" option under the SMTP/MIME tab (Settings panel) of the GWIA properties.

I note in passing that GWIA will still listen on all TCP/IP addresses on the machine for incoming E-Mail. There is no way to override that behaviour.
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 500 total points
ID: 12075719
So, to do what you want, list the *incoming* GWIA in your Domain's MX records. That will direct all external E-Mail coming to your GroupWise system to that GWIA. If you want, you can list the other GWIA as a lower-preference MX - be careful here to have anti-spam features turned on, because spammers will look at DNS records for all MXes for a Domain and send to all of them.  The advantage of making the "outbound" GWIA an MX is that if the "inbound" machine dies (critical hardware failure) you don't have to wait on DNS propogation to start receiving E-Mail. You can even have your firewall block inbound Port 25 connections to the "outbound" server, since legit senders won't use it unless your normal "inbound" server is down.

Then, in the Domain(s)  in which your users reside, go to the Properties of the Domain object, select the GroupWise tab, Internet Addressing panel, and force the GWIA for outbound Internet E-Mail to be the "outbound" GWIA.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question