I am using hMailServer as an SMTP server to send outgoing email messages from an ASP.NET web application hosted on the same server. I don't need it to house local email boxes, etc, just to serve as an SMTP conduit. I prefer it to the default SMTP service Windows provides particuarly because of the live log trace window it provides so I can watch real time email attempts.
My question is how to configure my IP Range security properly. Basically, I only want my web application to be able to send emails, but those emails need to be able to have any email address in the "From" or "To" fields. I don't want any other servers to be able to relay mail through my server. I don't quite understand what category (x to y, external to external, etc) the hMailServer is regarding my emails from my web application.
I started out with an IP Range with lower and upper IP of 127.0.0.1 with all of the "Allow deliveries from" checkboxes checked and none of the "Require SMTP authentication" checkboxes checked. This didn't work. I had to add an IP range with my specific external IP address configured similarly. Now I get a critical warning in the status window saying "W003 - Critical hMailServer is configured to allow deliveries from external to external accounts in the IP range Mail Server IP. This may make the server vulnerable to spam. It is recommended that you disable this option."
However, since my IP range is only one IP, the IP of the computer that hMailServer is running on, this shouldn't allow this vulnerability to happen, correct? I'd greatly appreciate any clarification about how I should be configuring this to avoid vulnerabilities.
Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
2 posts • Page 1 of 1
You are correct. if you are just sending out and dont care about anything else, just remove all ranges. Add one range with your ip address in and disable auth. Then allow external to external, only it will be able to send, nothing else.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ