?
Solved

IIS 6/7 SMTP - Sending emails from different IP addresses

Posted on 2011-05-03
38
Medium Priority
?
2,933 Views
Last Modified: 2012-05-11
Hi there

I have web sites on the following platform:-

- Windows Web Server 2008 R2 x64
- IIS 7.5
- Classic ASP 3.0
- SMTP server from IIS 6 platform (this is necessary to send emails from Classic ASP)

I would like to:-

1) Send bulk emails or spam-like emails from one IP address, 80.82.137.216
2) Send *normal* or important emails from a different IP address, 80.82.137.208

Using the IIS 6 Manager I can create two seperate virtual SMTP servers, bound to the appropriate IP addresses, with the outbound FQDN pointed to the right place, and with the SMTP servers outputting the correct record on the EHLO response when you telnet to them.

Everything works great, apart from that when you look at the message headers of any received emails, the outbound IP address always shows the first IP address configured on the NIC (80.82.137.208), even for emails sent on the other virtual server (80.82.137.216)

Is there anyway around this? Or any other solutions?

Many thanks
0
Comment
Question by:ph9ltdrob
  • 19
  • 8
  • 6
  • +1
37 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 35513272
There is no way around that.  It is doing exactly what it is supposed to do exactly the way it is supposed to do it,...and the only way it does it.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35513293
There is also no point in creating two SMTP Virtual Servers.  It isn't doing anything different and is service no purpose that way
0
 
LVL 5

Expert Comment

by:jkeegan123
ID: 35513873
You can DEFINITELY do this with NAT-POLICY rules and sending emails to the different internal email SMTP servers.

the rule would look like:

if source IP is 192.168.1.10 (SMTP 1), NAT to 80.82.137.216
if source IP is 192.168.1.11 (SMTP 2), NAT to 80.82.137.208

Of course these (2) IPs would have to be on your firewall outside.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:pwindell
ID: 35513908
You can DEFINITELY do this with NAT-POLICY rules and sending emails to the different internal email SMTP servers.

Read the question.  This is about outbound mails,...not inbound mails.

0
 
LVL 29

Expert Comment

by:pwindell
ID: 35513936
You rules in your example wouldn't accomplish anything because the Source addresses (192.168.1.x) are not going to show as two different addresses because the mail server is always going to present the SAME IP# no matter which SMTP Virtual Service is being used.  The different IP for each Virtual SMTP Service is only for receiving,...not sending.
0
 
LVL 5

Expert Comment

by:jkeegan123
ID: 35513946
I read it, read and understand my answer please before you accuse....I do this all the time to route different INTERNAL IP addresses to different EXTERNAL IP addresses.  It's called NAT-POLICIES.  This is how I get my email server to send out on a different IP address than the default global IP.  
0
 
LVL 5

Expert Comment

by:jkeegan123
ID: 35513973
I DO exactly this with (2) SMTP servers on an Exchange server.

(1) is for sending TLS email out one IP
(1) is for sending non-TLS email out another IP

The firewall takes care of the hard stuff, the server has (2) IPs assigned to it's ONE SINGLE NIC, and each SMTP server is bound to ONE SINGLE IP, not ALL UNAVAILABLE.
0
 

Author Comment

by:ph9ltdrob
ID: 35514011
Hi jkeegan123

Thanks very much for your answer. Your answer relates to NATs, and changing the appearance of one IP address to another IP address. Unfortunately your answer wont help as all email is being sent out from the same IP address, regardless of which I specificy, so there would be no way to tell a NAT policy how to differentiate between.

I am also not using a NAT, so again, your answer isn't relevant. But thank you very much for your time.

All the best
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514014
It won't send from the IP#,...only receive on them

Sending is always done from the Default IP of the Nic which is the first IP listed on the Nic.

Also on the Firewall,...not all firewalls will do the NAT as you describe,...many will not and will always show coming from the Primary Public IP# of the Firewall no matter what the inbound traffic does.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514017
Thanks very much for your answer. Your answer relates to NATs, and changing the appearance of one IP address to another IP address. Unfortunately your answer wont help as all email is being sent out from the same IP address, regardless of which I specificy, so there would be no way to tell a NAT policy how to differentiate between.

Exactly.  Exactly my point
0
 

Author Comment

by:ph9ltdrob
ID: 35514018
The firewall can't take care of this problem, because the SMTP server is sending everything from the same ip address. Please check my answer, and take a look at the question again

Many thanks for your time anyway.
0
 

Author Comment

by:ph9ltdrob
ID: 35514021
pwindell - do you know of any work-arounds for this issue?
0
 
LVL 5

Expert Comment

by:jkeegan123
ID: 35514040
PWINDELL is correct, if you are using a basic home firewall you cannot do advanced NAT policies like this, you need a Cisco ASA or a Sonicwall with Advanced OS, or something more advanced.

However, if you bind multiple SMTP servers specifically to specific IP addresses and send to those specific internal IP addresses the specific jobs that you want, they should come OUT from that same IP address.  As I said, I do this exact scenario on a single homed Exchange 2003 server with (2) IP addresses on the NIC and (2) SMTP servers in the Exchange server.  This is also done with a cisco ASA 5505.  
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514041
You could build an SMTP Smart Host on a separate machine and set the one Virtual SMTP Service to "always use a smart host"  and pass it to the Smart Host that you built.  Then the Smart Host's IP# is the one that that particular mail would show coming from.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514081
they should come OUT from that same IP

No it will not.  It is not about Exchange,...it is about the Windows OS's networking stack.  Inbound and outbound are treated entirely separately.  It will receive on the IP you set the Service to listen on,...but will leave outbound based on the Primary IP# of the Nic being used according to the Routing Table of the OS.

0
 

Author Comment

by:ph9ltdrob
ID: 35514088
jkeegan123 - unfortunately it looks like IIS works differently to Exchange, and this question relates to IIS. The firewall is irrelevant.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514102
IIS/Exchange = same thing.  Exchange "uses" (or you could say hyjacks) the SMTP Service from IIS,...so when Exhcange does it,...it is really IIS doing it.
0
 
LVL 5

Expert Comment

by:jkeegan123
ID: 35514108
This may be an issue of difference with IIS / Exchange stacks, but this is working as described above with Windows 2003, Exchange 2003, and a Cisco ASA.  Without this solution in place we would not be able to be doing what we are doing without having a second SMTP server on another box, which we definitely do not.  

Another users suggestion of putting another SMTP server on a second server (or even a workstation, as IIS on Windows XP includes SMTP if I'm not mistaken) might work, but this gets to be a little rigged IMHO...
0
 

Author Comment

by:ph9ltdrob
ID: 35514112
pwindell - thanks. this solution would work, but would require a seperate machine, which is a bit of a pain.

is there anyway to create "virtual nics" !?!

or, if I installed another NIC, can I bind one of the IIS SMTP services to one NIC, and the other to the other NIC?
0
 
LVL 5

Expert Comment

by:jkeegan123
ID: 35514128
You can bind SMTP servers to differnet IP's or differnet NICs.  The default binding is to "ALL UNASSIGNED".
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514213
pwindell - thanks. this solution would work, but would require a seperate machine, which is a bit of a pain.
is there anyway to create "virtual nics" !?!


No, you could have 50 nics in the machine,...virtual or physical and it is still going to send via the machine's Default Gateway,...and the Default Gateway is going to tie to the Nic from the same subnet as the Default Gateway,...and hence it will still come from the Default IP of that particular Nic associated with the Default Gateway.  No you can't have two nics in the same subnet (I feel that question coming next).  Well, actually you can,..but there is a word for that,...it is called a Misconfiguration.

You can bind SMTP servers to differnet IP's or differnet NICs.  The default binding is to "ALL UNASSIGNED".

He has already done that,... his is already configured that way from the beginning,...see the very first post.

IIt only works for inbound,...for messages coming to the SMTP Server,...not leaving it.  That has already been clearly demonstrated.  If you think your system is doing it differently then you need to look closer at your system to see what it is really doing because there has got to be more to that particular story.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514285
Another users suggestion of putting another SMTP server on a second server (or even a workstation, as IIS on Windows XP includes SMTP if I'm not mistaken) might work, but this gets to be a little rigged IMHO...


I agree. I don't like it either and would never do it myself.   I would never even gotten myself into the situation to start with.  I would either let it all run from the same mail server and not care squat about them all coming from the same IP# or I would just run two entirely different independent mail servers in the first place,...but the latter would be the least likely.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35514418
For the record,..I would like for what jkeegan123 says to be true, I really do.  But your systems behavior and what I have experience over the decade I've been doing this bear out exactly what is happening with your setup.  If there is a way for it to behave differently with the products you are using I would like to know, but I have no convenient way to build a lab to sufficiently test it that would not take days or a week to accomplish.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35516290
Thank you sir!
0
 

Author Comment

by:ph9ltdrob
ID: 35689040
letenglandshake - this has nothing to do with exchange.

do people actually bother reading the questions!?!
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35689715
I don't think it is Exchange,...I don't even think anything is "wrong",...I think it is the way the OS handles the networking stack and is working exactly like it should.  I do not think that Exchange (or IIS) overrides the OS behavior,...but at the same time it does not hurt to let people more knowledgeable than me weigh in their opinions.  Hence I asked that it be opened up to the Exchange forums.
0
 
LVL 4

Expert Comment

by:eli_cook
ID: 35690884
How about your webpage code that execute the sending of emails, how do you 'connect' to the smtp server do you use localhost as the server or 127.0.0.1? What if you replace your servername entries with the desired send from IP address? I'm not sure if the above would work but you could try it as a test on one of your forms.
0
 
LVL 4

Expert Comment

by:eli_cook
ID: 35690943
Also you could check the following link from the IIS.net forums they suggest disabling socket pooling or using a different mail server.

http://forums.iis.net/t/1177600.aspx
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35690946
Hi, Eli,
There is really no relationship between the IP# a "mail client" (which the web app is acting as a mail client here) is communicating with the mail service and the Source IP the mail service uses when it establishes it's own separate connection to the destination server or "next hop" smart host.  I'm not saying it can't be tried of course,...but I already know what the result will be.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35691015
IIS is free on any Windows Server OS,...and the SMTP is a free part of IIS.

So just add IIS/SMTP to some other server on the LAN (just pick one).   Use one server for one type of mail,...use a different server for the other type of mails and then follow what jkeegan123 suggested in his examplewith the firewall (assuming the firewall is capable)

if source IP is 192.168.1.10 (SMTP 1), NAT to 80.82.137.216
if source IP is 192.168.1.11 (SMTP 2), NAT to 80.82.137.208
(credit to jkeegan123 for this example)
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35691069
Wait, I think I remember you saying that your mail server was dual homed with a "public nic" and didn't use a firewall.  It that's true then whatever other server you use for this would have to be able to get out to the Internet to send the SMTP traffic,...how you accomplish that with that particular server is up to you.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35691258
ph9ltdrob,
Something else to consider. Depending on the load created by the "bulk" mailing the SMTP Service could crumble under the load.  In addition to that your are using ASP Classic (as I have used too) and is subject to collapsing under the load or timing out before all the messages can be passed to the SMTP Service by the ASP engine.

You're better off using a true bulk-mailer product or a List Server.  Many ISPs provide these to their customers if they are a true full service ISP.  Then your ASP application would just have to work with the List Server or Bulk-Mailer.
0
 
LVL 4

Expert Comment

by:eli_cook
ID: 35710635
ph9ltdrob,
As pwindell has pointed out this task is simply not possible with IIS, the smtp engine is not built for it. Even if you specify a smart host as pwindell suggests the mail will still be sent through the IIS SMTP engine and it will be relayed through the other mail servers (showing the default original IP that you don't want). You mentioned in your question
- SMTP server from IIS 6 platform (this is necessary to send emails from Classic ASP)
could you use a different SMTP engine on the same computer? Exim is a mail server which could be installed to send your email messages from the appropriate IP addresses. Is this a possible solution for you? You can find out more about Exim here http://www.exim.org/.
If it is a possible solution here are the instructions for installing Exim on Windows for you to check out, please review them to see if they are within your technical scope. http://chinese-watercolor.com/LRP/exim/exim-cygwin.html
0
 
LVL 29

Accepted Solution

by:
pwindell earned 1500 total points
ID: 35720307
- SMTP server from IIS 6 platform (this is necessary to send emails from Classic ASP)
could you use a different SMTP engine on the same computer?


That was going to be my next suggestion (if I didn't already say it).  Except I would say just use the SMTP Service that is already part of IIS that is already on the machine.
0
 

Author Comment

by:ph9ltdrob
ID: 35727767
Does Exim support the functionality I require? Is it likely to cause any problems or adverse effects? Have you tried this solution yourself?

Many thanks
0
 
LVL 4

Expert Comment

by:eli_cook
ID: 35729105
I have not tried Exim on Windows - I have used Exim on Linux (CentOS builds) and Exim can support the functionality that you are looking for; see the following link for the configuration for Exim to send email out multiple IP addresses by means of separating domain names. For bulk mailing it is a best practice to use a separate domain from the personal email accounts. So if you had xyz.com for your office you should register xyzmail.com and send your bulk mail through a separate IP and the xyzmail.com domain. The link below details how that can be done.
http://www.readmespot.com/question/f/4675/linux-email-server-for-sending-email-from-multiple-ip-addresses
I do not know of any problems or adverse effects and Exim is a very powerful mail system, it is in use on many Linux servers as it is installed by cPanel (a hosting control panel).
There is also more information from Cygwin (http://www.cygwin.com/) This is the Linux API that they use on Windows to run (re-compiled) Linux programs.
0
 

Author Closing Comment

by:ph9ltdrob
ID: 35883239
No actual solution was found. But pwindell was very helpful
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
How to effectively resolve the number one email related issue received by helpdesks.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question