Last updated Jan 16 2007
Configuring your SMTP server to allow a single host to relay.
And other SMTP fun


1.  FreeBSD 4.7 and sendmail
2.  Microsoft Exchange 2000/2003 on Windows 2000
3.  Lotus Domino 5.0.1 and 6.5.3 on Windows 2000
4.  Microsoft Exchange 5.5 on Windows NT4
5.  Windows based SMTP Server Applications
6.  How do I see if the IP address the customer gave me really goes to a SMTP server?
7.  There is a SMTP server, how do I see if it is an open relay?
8.  Can you show how to send an email using telnet?
9.  There is a SMTP server, how do I see if it requires SMTP authentication?
10.  I'd like to check an SMTP server status and capabilities with a Windows GUI
11.  Understanding SMTP Auth Login


Update:  The newest copiers from Canon now have SMTP authentication.
 

Many of the new Canon copiers come with an option to "send" the document in the feeder to an email address or I-Fax with T.37 specifications.  This is achived by sending the scanned image as an attachment on an email.  You must configure the copier to use your companies SMTP server to send these emails.  If you are only emailing to accounts on your SMTP server, you should have no problems. However, if you wish to email to someone who's account is not on your SMTP server, your SMTP server must allow relay.

For security and spammer reasons most companies do not allow an open relay.  In the old days...  open relays used to be very common and some sites still run an open relay on principle.  Sorry I got off topic there for a second.  Anyway, there is no way for the current Canon copiers to authenticate to your SMPT server and most sys admins won't let you run an open relay and that is what prompted this document. Configuring your SMTP server to allow a single host to relay.  

There are many SMPT servers on many platforms.  This document contains the ones I have tried.  If you know how to do this on one not mentioned, please send it to me at to add to this page.  Thanks eh.


 
1.  FreeBSD 4.7 and sendmail
Like with any UNIX you can run any SMTP server.  FreeBSD comes with sendmail preinstalled.  Assuming you are using the preinstalled sendmail, to allow a single IP address to relay, do the following (as root).

    # cd /etc/mail

in a text editor, open access (maybe a new file)
    # vi access

insert the following
    192.168.10.125    RELAY
Replace 192.168.10.125 with the IP address of your copier.  The word "RELAY" is in uppercase.  Now save and exit.

to up date the configuration run "make" from the /etc/mail directory.
    # make

All done, give it a test.


  

2.  Microsoft Exchange 2000/2003 on Windows 2000 (Thanks Luis Oliveros)

Update:  Nick from the digitalissues forum sent us this link for 5.5 and 2000.  very useful.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/mailexch/excrelay.asp


Login as administerator.
click on
start > programs > Microsoft Exchange >  System Manager

Click to expand the tree under
Servers > choose your server > protocols > SMTP

Right click on "Default SMTP Virtual Server" and select properties.

Click the "Access" Tab

Click the "Relay" button

Click the "Add" button

Input the IP address of the Copier

NOTE:  Exchange 2000 has this setting in the Relay Restrictions tab
"Allow all computers which successfully authenticate to relay, regardless of the list above."
I'm unsure of the default for this, I think it's enabled, thus it will always relay with proper SMTP authentication

click "OK" x3

All done, give it a test.


3.  Lotus Domino 5.0.1 and 6.5.3 on Windows 2000

(Update March 3 2005 - We've recently tried Lotus Domino 6.5.3 and found the instructions are 98% similar)

There are many settings for Domino.  This document is based on a fresh default installation.  YMMV.

This section assumes you have SMTP and SMTP Routing enabled.  There are three things you need to check from Lotus Domino Administrator to make sure you are setup to do this.
    Open Lotus Domino Administrator (must have password)
    Close the welcome screen
    Make sure you are connected to the server you want to be providing SMTP
    Click on the Configuration tab
    Expand The Server menu
    Click on Current Server Document
    Under Routing tasks, check for SMTP Mail Routing
    and SMTP listener task should be enabled.
If either of these is not there or disabled your server isn't using SMTP.  See the administrator about enabling these services.

We are not done yet, now
    Expand the Messaging menu
    Click on Configurations
    Double click on the server you want to be providing SMTP (to view setting instead of edit settings)
    Click to the Router/SMPT tab
    Under the Basic tab, "SMTP used when sending messages outside of the local internet domain: enabled"
If this is disabled you won't be able to route the SMTP to the internet.

If all these services are enabled we can continue.

By default Domino is an open relay, meaning anyone can relay without authenticating to the server.  However many administrators will close the relay for the reasons explained above.  Below we will look at the setting for the relay and  open the relay for a single host.

We need to check the security setting.  Assuming you are still at the screen above in the Lotus Domino Administrator (if not follow the directions above to get there)
    Click on the "Restrictions and Controls" tab
    Click on the "SMTP Inbound Controls"
    Under "Allow messages only from the following external internet hosts to be sent to external internet domains:"  add the IP address of the Canon device you are using for send functions in square brackets.  Example [192.168.10.97]

Now only that host can relay.

Troubleshooting?
There are many other setting which could cause problems.  Too many to go in to here but your Domino administrator should be able to help you out.  One That I am aware of is if you force authentication for SMTP, since there is no way for Canon machines to do this.  To check it do the following.

    Open Domino Adminitrator
    Click on the Configuartion tab
    Expand the Server menu and select Current Server Document
    Click on the ports sub menu tab
    Click on the Internet ports sub sub menu tab
    Click on the Mail sub sub sub menu tab

    Under the Authentication options: for Mail (SMTP Inbound)
    Name & password should be No
    Anonymous should be Yes

That's it.  If you have any hints, tips, or corrections please email me at




4.  Microsoft Exchange 5.5 on Windows NT4 (Thanks Kevin Potvin)

There was a thread on cslist2 where after the settings where made, relay still didn't happen.  Changing the mask to 255.255.255.255 fixed it.

Kevin Potvin has sent us this MS Word document.  (zipped 95k)

YMMV = Your Mileage May Vary



5.  Windows based SMTP Server Applications

As a temporary or perhaps permanent SMTP relay solution, you may want to install a SMTP server application on a Windows Box

With a little research, we found some free applications.

The first is Free SMTP Server
This small application can be used as a completely open SMTP relay
There is very little configuration required.

If you want alot more features and security, why not try Procast Server
The Procast Server Free Edition is loaded with features
It also includes settings to accept email only from specific IP's

Procast Server Installation and configuration for a single IP relay
Select a Windows box
Ensure the machine has internet access
Install Procast Server
After installing, launch the application
The setup wizard will ask you who to allow incomming connections from
The local IP address and loopback is set by default
No IP address's means accept all connections (open relay)
If you want to allow only one machine (Perhaps only 1 iR product) , remove all IP's except the iR's IP
The rest of the configuration is simple
Now simply point your iR's SMTP server settings to the IP address of the Windows box providing the Procast Server application
Bada bing bada boom, you are done
Be nice now, don't spam :-)



6.  How do I see if the IP address the customer gave me really goes to a SMTP server?

Why now simply Telnet to the port the customer says SMTP is running on. 
If you don't know what that means and the customer is scratching thier head when you ask, just telnet to port 25.
BTW, the Windows 2000 telnet client kinda stinks.  Why not use Putty or Puttytel from here

With Puttly or the command line from just about every OS type: telnet <ipaddress> 25 <enter>
The response you get will speak volumes.

Case one - SMTP is running on port 25 and the client IP is permitted to connect
telnet 192.168.10.3 25
220 PostCast SMTP server (http://www.postcastserver.com/) ready at Fri, 04 Mar 2005 7:29:06
This tells me that yes one is running and I can connect

Case two - SMTP is running on port 25 and the client IP is not permitted to connect
telnet 192.168.10.3 25
550 access denied
Connection to host lost.
This tells me that yes, an SMTP server is running but I cannot connect.
In this case, it is because I configured the SMTP server to not accept this IP address

Case three - SMTP is not running on port 25
telnet 192.168.10.3 25
Connecting To 192.168.10.3...Could not open a connection to host on port 25 : Connect failed
This tells me that no SMTP server is running on this IP at port 25



7.  There is a SMTP server, how do I see if it is an open relay?
Since you are already connected to the SMTP server with telnet, why don't we run a couple of commands. 

First lets go over a few commands.  You will be typing commands like these
helo
mail from:
rcpt to:
quit

helo requires a domain address, so type something like helo isgsp.net

For mail from: and rept to:, they should be something like
mail
rcpt to:

After each command, you must hit enter
For the examples below, the bolded lines are what you type while the italic lines are the computer responces


Example 1 - Connecting to an SMTP server that allows relay

[preston@canonextra preston]$ telnet 192.168.10.45 25
Trying 192.168.10.45...
Connected to 192.168.10.45.
Escape character is '^]'.
220 uncle.lab.ts ESMTP Sendmail 8.12.6/8.12.6; Fri, 21 Jan 2005 13:57:17 -0500 (EST)
helo isgsp.net
250 uncle.lab.ts Hello canonextra.lab.ts [192.168.10.25], pleased to meet you
mail from:foobar@isgsp.net
250 2.1.0 foobar@isgsp.net... Sender ok
rcpt to:foobar@isgsp.net
250 2.1.5 foobar@isgsp.net... Recipient ok
quit
221 2.0.0 uncle.lab.ts closing connection
Connection to 192.168.10.45 closed by foreign host.

Example 2 - Connecting to an SMTP server that denies relay

[preston@canonextra preston]$ telnet 192.168.10.45 25
Trying 192.168.10.45...
Connected to 192.168.10.45.
Escape character is '^]'.
220 uncle.lab.ts ESMTP Sendmail 8.12.6/8.12.6; Fri, 21 Jan 2005 13:53:21 -0500 (EST)
helo isgsp.net
250 uncle.lab.ts Hello canonextra.lab.ts [192.168.10.25], pleased to meet you
mail from:foobar@isgsp.net
250 2.1.0 foobar@isgsp.net... Sender ok
rcpt to:foobar@isgsp.net
550 5.7.1 foobar@isgsp.net... Relaying denied
quit
221 2.0.0 uncle.lab.ts closing connection
Connection to 192.168.10.45 closed by foreign host.



8.  Can you show how to send an email using telnet?

Sure
[preston@canonextra preston]$  telnet 192.168.10.45 25
Trying 192.168.10.45...
Connected to 192.168.10.45.
Escape character is '^]'.
220 uncle.lab.ts ESMTP Sendmail 8.12.6/8.12.6; Fri, 21 Jan 2005 14:20:09 -0500 (EST)
helo lab.ts
250 uncle.lab.ts Hello canonextra.lab.ts [192.168.10.25], pleased to meet you
mail from:
250 2.1.0 ... Sender ok
rcpt to:
250 2.1.5 ... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Hi Rick, thanks for your helpful pages.  Have fun, Rick
.
250 2.0.0 j0LJK9mt038566 Message accepted for delivery
quit
221 2.0.0 uncle.lab.ts closing connection
Connection to 192.168.10.45 closed by foreign host.



9.  There is a SMTP server, how do I see if it requires SMTP authentication?
SMTP authentication is an enhanced SMTP capability or ESMTP
When you connect to an ESMTP server you should see ESMTP in it's responce;

telnet 192.168.10.50 25
220 server1.stsd.canon Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at  Tue, 8 Mar 2005 10:32:37 -0500

This shows this SMTP server is an ESMTP server so it could have SMTP authentication enabled.

Now type ehlo and your domain address
ehlo lab.ts
250-server1.stsd.canon Hello [192.168.10.67]
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-TURN
250-ATRN
250-SIZE 2097152
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK

Notice 250-AUTH=LOGIN, I'm pretty sure that's a giveaway that you will need to authenticate



10.  I'd like to check an SMTP server status and capabilities with a Windows GUI
There are lots on the net
I tried RelayTest Pro and found it worked quite well.  It even includes SMTP authentication
Please note:  It has an Auto test mode and Manual test mode.
The is very very very very very important
In auto test mode, it will try 47 different email tests.
The SMTP server admin won't be too happy with you if you did that
Use the Manual test mode for one at a time tests


11.  Understanding SMTP Auth Login
Here's a great page discussing SMTP Auth Login
 




Back