IIS7 SMTP: SmartHost or local SMTP Server? - smtp

I have an ASP.NET 4 application that has been in production for years running on Windows Server 2008 R2. It sends email, and is currently configured to send to a specific SmartHost.
I would like to eliminate the dependency on that SmartHost server (it might be going away). As I see it, I have two options:
Find another SmartHost - possibly in the cloud? Which concerns me because it's another point of failure and dependency.
Install & configure SMTP server on the same box as the application. I'm not wild about installing the 'IIS6-bits' that seem necessary to do this.
What's the best practice here? Are folks using external servers via SmartHost more or are you installing local SMTP servers?

I have chosen option 2, because, as you wrote, this eliminates another point of failure, namely the network path between your server and the smart host. Administering a send only mail server is not a big deal. I set up a local send only mail server about two years ago, and except an upgrade I did not do anything with it. Even the upgrade was not strictly necessary. I have to add that I was not completely new to configuring a mail server, and we already had a second mail server, giving additional safety.
On the other hand I have no experience with the SMTP server included in IIS (I only tried it once, several years ago, without success, and gave it up immediately), and I also found then that the choice of open source mail servers on Windows is limited.

I don't see anything wrong with IIS6 SMTP Server although I've only used it to relay to another SmartHost (GMail) and not had it send mail itself. It's a little tricky to set up but not that hard and has worked well for me.
Note: The IIS bits are still there even in Server 2012 and although deprecated Microsoft has provided no replacement. See my thoughts on What replaces IIS SMTP server in Windows Server 2012 on ServerFault.
I'd recommend using both IIS6 bits in conjunction with an external SmartHost (I use Gmail) for the benefits in the above referenced ServerFault answer of mine. I would think that setting up your own SMTP server is going to end up being more complicated and you may risk being blacklisted if you're not careful.

Related

Can I edit packets from my server before they reach my Client?

I made a simple Instant Message Chat Client and Server on TCP, that both run off Adobe AIR. It works great and it was a interesting way to learn basic networking programming.
My Question: Is it possible to change the data in the packet sent from the Chat Server before it arrives at the Client without using the Server or Client to do so? Like perhaps a program?
I am new to Network programming so I apologize if this is a dumb question.
Your question is very broad. So the answer is broad as well. Yes. It's possible.
For that you need to get the packets between the client and server to pass through a third program. There are quite a lot of ways to achieve that. Here's non-exhaustive list:
First, on your own machines (client/server) you could get access to the packet from the operating system using various low-level APIs. For instance iptables+nfqueue in Linux or the Windows Filtering Platform on Windows.
Second, you could get access to the packets by intentionally having them communicate through some proxy program which may or may not reside on the same server as the client or the server.
Third, you could get access to the packets by picking them up from the network itself. For instance, you could set up some Linux machine as a router and have it sit between the client and the server (as long as they're not on the same machine). That Linux machine will now have access to all of the packets that pass through it, and it can pass them to various user-space programs using hooks such as the previously mentioned nfqueue.

MySQL Community Server - Security Patches

I have been running a MySQL Community Server for a couple of years now and a new client has asked for a report from a vulnerability scanner on our network. I am using OpenVAS and the network is fine apart from the server, its returning a high threat stating that a MySQL security patch needs to be applied. I've gone onto the Oracle website and I believe that I require a Support Identifier to apply the patch, so I done some Googling and its basically a subscription from Oracle. As its a small company is there a way to apply this patch for the community edition without the need to fork out a ton of money, or shall I just filter incoming traffic to the mysql port (Its not the actual fix but at least its one)?
Cheers for the help!
A first measure would be closing the MySQL port through a firewall (iptables), or at least restricting it to the machines in the internal network needing direct access to MySQL.
As for the patch: Maybe there are newer pre-built packages for your OS/distro which already contain the bugfix.

Error:26 Cannot connect to SQL 2008 database instance

I have a sharepoint server on the DMZ and a SQL2008 server in the local domain.
When I try to get the list of .NETUsers for the Central Administration site from IIS (version 7.5) i get thrown error:26! I have tried all possible combinations in specifying the connection string.
I have also followed all directions on these links to resolve the isssue but it continues to persist.
http://blogs.msdn.com/b/sql_protocols/archive/2007/05/13/sql-network-interfaces-error-26-error-locating-server-instance-specified.aspx
AND
http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
Please advise.
Thanks
Firstly, could you check the versions in your question. IIS 6 runs on Windows 2003, but it is not possible to install SharePoint 2010 on Windows 2003.
This is a connection error, there are 2 possibilities:
The call from the SharePoint server is blocked before it arrives at the database
The call is being refused when it arrives at the database
You should start by making a drawing of the route between the Sp server and the database server. make sure to include all firewalls.
Then check the logs to see how far the call got.
You could also try monitoring the network traffic with wireshark to see exactly what is happening.
Going from the Error itself, it turned out be a quite a complicated issue that ended up being resolved after a few days on the phone with Microsoft. The error read "The RPC service is Unavailable". There were issues with the way NetBios and DNS was qualifying the site and server names.

Secure Remote mySQL Connection

Since our shared hosting server doesn't allow us to setup Tomcat I decided to install it on our local machine. The local Tomcat server allows us to listen to a certain port for Bancnet transactions which will then be processed and written to the remote site.
Question:
Is it safe for me to set the local PHP application to connect directly to the remote mySQL server? Any suggestions on how to make the connection secure. BTW, I have a self-signed certificate installed in the localhost but not sure how this applies to remote mySQL connection.
You could create a ssh tunnel between MySQL server and client. For more resiliency, use autossh.
If you don't connect over SSL or some other encrypted tunnel, I would absolutely assume that anything you send or receive from MySQL is done so in clear text that can be intercepted and used for malicious purposes from any link along the way. This might be fine for testing purposes with dummy data, but before you put this in production use or pull down live user data for testing, you really should either make arrangements for the data to be stored local to the web app or for there to be an encrypted connection.
Giving you a full overview of how to set up SSL connections to MySQL is beyond the scope of Stack Overflow and it's a bit complicated, but if you want to proceed, check out the documentation and do some research, there are some good informational resources out there.
I'm a bit confused as to the architecture you are trying to describe. What's running where?
If you can't install Tomcat then you probably won't be able to install anything like VPN software on the box.
MySQL can encrypt using SSL provided it has been enabled at compile time and at run time.
Alternatively, it should be fairly trivial to build a webservices tier on top of the remote database.
I would recommend switching to a VPS or managed host though.

Are SMTP relay requirements for System.Net.Mail different than System.Web.Mail

I deployed my web app to our production IIS 6.0 server and everything is working except when my code attempts to send email to an address that is NOT in the domain of our email server. I've seen various symptoms but this seems the most straightforward to describe:
Syntax error in parameters or arguments. The server response was: 5.7.1 This system is not configured to relay mail
My web app getting this error msg uses System.Net.Mail. It resides along with the older web app it is supposed to replace which uses System.Web.Mail. There is one SMTP server on this same machine that seems to require some new configuration regarding relay.
Checking the SMTP server properties showed nothing configured for "Relay Restrictions". The older production web app sends email without errors with the SMTP server configured as described.
So, in summary, does use of System.Net.Mail require something different for relaying email than System.Web.Mail?
The web.config for the newer version that has relay issues contains:
<system.net><mailSettings><smtp><network host="mail.cbmiweb.com" port="25"/></smtp>
I used the values above for all my testing (first on my localhost with XP IIS 5.1; then on a staging IIS 6.0 server in our LAN) and never had any "relay" problems.
The web.config for the older version using System.Web.Mail contains nothing related to SMTP!
If I suddenly need a username and password added to the smtp setting above, how come I never needed "credentials" during development?
I don't know much about SMTP and really don't even know what to ask the mail server administrator. I am very confused about what to do...thanks.
Sounds to me like the old app is sending the message directly to the recipients server and is bypassing your local mail server completely. This would have happened because your app would not have had a mail server to use configured, so it defaults back to trying to send the mail itself.
This is usually a bad idea as it can cause delays in your application depending on the recipients mail server configuration (we're talking seconds here). Further if you aren't configured to deal with things like grey lists, etc, then you can have a high number of emails that you think was sent, but never really arrived.
You should ask the mail server administrator to properly configure your local mail server to allow relaying from your machine.
OR (and this is the more secure way)
You should set up a user on your local mail server and have your app use those login credentials when attempting to send email.
The systemnetmail.com site might be helpful. Specifically the page on smtp configuration.