Friday, 6. April 2007
PermaLink SMTP and Internet Site Documents
Bas writes with a useful tip on the subject of SMTP with Internet Site documents, which we already know to be problematic.

If you run multiple web sites on multiple domains on one domino server, you typically need the Internet Site documents. Domino however gets really confused when you create multiple SMTP inbound site documents for multiple separate domains, while these domain names resolve to the SAME ip address. For website documents, creating one for every domain name is an absolute necessity, for SMTP inbound site documents it is potentionally killing. If your domino server has separate IP addresses mapped to each domain, everything works just fine. The solution was simple, remove all SMTP site documents but the one belonging to the default site and put all the interface addresses of all sites in that one document. After restarting the server, the "Authentication is not enabled" errors in the log dropped to a near zero.

That's a good tip. I'll summarise.

Regardless of how many domains you are using on your Domino server, you only need one SMTP Inbound Site document on that server. Having more than one will not work reliably and, so far as I am aware, is not supported.

While I have this particular bit between my teeth, I'll just mention one other thing.

We still regularly see "Authentication is not enabled in the SMTP Internet Site Document for" on one of our servers here despite the fact that, while it does handle inbound SMTP, it does so using a single, correctly populated SMTP Inbound Site document and most inbound connections to it succeed.

Why?

Because this server has multiple IP addresses some of which are used for SSL web sites in different domains. Only one of these IP addresses is identified in the SMTP Inbound Site document. While SMTP is bound to all of them, attempts to connect to port 25 on any IP address but the one named in the SMTP Inbound Site document cause the remote client to see "421 domino.example.com SMTP service not available, closing transmission channel" and the famous "SMTP Server: Authentication is not enabled in the SMTP Internet Site Document for" console message.

These addresses do have names and it seems likely that some remote system or user is attempting to connect to port 25 of these fully qualified names for who knows what reason? To test for relay? To send spam to webmaster? Nothing good anyway.

Memo to self: Ask firewall guy why port 25 is open inbound to those IP addresses in the first place.

Category: Domino 7
Technorati:

Comments :
None yet...
Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Contact Me
email - Chris Linfoot
skypeme
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info


My Amazon wish list Wishlist


Wikio - Top Blogs - Technology
Like what I do?
Research Autism Then please consider a donation to support the work of Research Autism.
Idea Jam
Planet Lotus
Dilbert