I want to send email with Exchange by using telnet to port 25. Until two week ago I was able to, but now a "security fix" from Microsoft has removed this possibility.
When I try, I get this message:
421 4.3.2 Service not available, closing transmission channel
What can I do?
I use a service (Message Labs (ML)) to filter out all the spam. We got a new internet connection and in the process of re-configuring ML's inbound/outbound services to the new IP, I got an error. So, I tested it from external by telneting to the IP on port 25 and got the "421 4.3.2 Service not available, closing transmission channel" error. What I didn't realize at first was that the reason it failed was because I had set a specific grouping of IPs on the 2007 edge server receive connector (for the ML servers). So, I added my lan network & additionally another IP for the external host I was testing from and low and behold, I could connect from both.
What I figured was happening with ML was that their server that was testing the connectivity was on an address that was excluded from the edge server.
So, I removed my testing IPs and created a new, temporary, receive connector on the edge server, accepting from all addresses (0.0.0.0 - 255.255.255.255). I then submitted the change to ML again and guess what...this time they accepted it. Now, I'll simply remove the test receive connector and everything should be golden.
SMTP is the protocol that is used to receive email from the rest of the world so I doubt that Microsoft has dropped that. There must be some other misconfiguration on your server.
Try double-checking your relay-settings and the event-log on your exchange-server.
I found the answer at website:
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2900802&SiteID=17
Thanks for your help!
Basically, this functionality was removed by default and it could be restored by means of an ad hoc configuration - but with no guarrantee that further "updates" break the system again. Thanks, Microsoft.
After more than 5 years of flawless working, the 2010 EDG server suddenly stopped accepting with "421 4.3.2 Service not available". The SmtpReceive log (Get-TransportServer | select ReceiveProtocolLogPath) confirmed that it was indeed the edge server generating this error.
The EDGE server had two ip-addresses on a single NIC. After the following steps all worked fine again:
remove one ip-address from the nic on the edge server
update the static entry in DNS to point the second ip-address
on the Default internal receive connector allow to receive mail on all available IPv4 addresses.
Notice: this setup is not a security best practice for a DMZ. Better to use two NICs each with a leg in a different zone.
Related
I am using MySQL workbench on windows, which I want to connect to a Node-Red running on the IBM cloud. Since I don't run them on the same server the host 127.0.0.1 and port 3306 does not seem to work. What permissions should I give?
I'm going to make a LOT of assumptions here, because there really isn't enough information in your question.
First assumption, by "running on IBM" you mean that Node-RED is running on the IBM Cloud hosting service.
The short answer is you can not do what you want.
The longer version is that you probably could actually make this work but doing it is a REALLY bad idea.
Second assumption, you are doing this from home (even if you are doing it from a office location the same problems are likely to apply). This means you are connected to a local LAN using RFC 1918 address range (e.g. 192.168.0.x), this means you are behind a router that is performing NAT (Network Address Translation). This means you are going to need to set up portforwarding on the router so that when traffic arrives at the router it will send it on to your Windows machine. How you do this will depend on your router.
Next problem, your broadband probably doesn't have a static IP address which means it will change every time your connection drops. There are work arounds for this using things like Dynamic DNS. But that's too complicated to get into here.
Assuming you get all of that sorted out you still have the problem that you have now exposed your mysql database to the internet, so you need to make sure you have enabled all the right security measures to prevent people logging in and at best seeing all your data.
There are 2 much better solutions to this
Run Node-RED on the same machine or at least on the same local network as the database.
Use one of IBM Clouds hosted database solutions, these are a lot easier to connect to a IBM Cloud instance of Node-RED.
If you do not want to open ports to your network I recommend using a free MYSQL remote server
A simple website is https://remotemysql.com
Just take the screenshot of the credentials of your database after registration.
Keep in mind if your database is empty it will get deleted after some time.
I am trying to locally run a PHP based project, connecting to an Amazon RDS instance. I am receiving the following error in the browser:
![SQLSTATE[HY000] [2002]]1
I have run a series of networking tests where I pinged the following and received successful test results. I pinged:
iiNet's web address
One of iiNet's DNS servers
The loopback address of my computer
I pinged Google
I then tried the mysql utility to remotely connect and received the
ERROR 2003 (HY000): Can't connect to MySQL server
Last factor I think you should know regarding my own networking situation, I am connecting to the internet via:
modem->Zyxel VPN->Wireless Router->My laptop
What in the Sam Hill is going on?
Thanks,
CM
For this to work, the following must be true:
the RDS instance must resolve to a public IP address (I'd check this for you but since you chose to use a screenshot instead of text, I can't copy paste it, so I'll leave it to you)
the Security Group(s) associated with the RDS instance must allow traffic from your public IP ( the one you'll get from http://wtfismyip.com/text ). This won't bet true by default. I highly recommend you open to your IP, not just everyone, as Mysql is trivial to DOS attack if its port is public.
The network ACL of the VPC hosting the RDS instance must allow the traffic also. This will be allowed by default, so unless you changed the ACLs in your VPC, you can ignore this.
If all those are true, you should be able to connect!
I have been running a MySQL Community Server for a couple of years now and a new client has asked for a report from a vulnerability scanner on our network. I am using OpenVAS and the network is fine apart from the server, its returning a high threat stating that a MySQL security patch needs to be applied. I've gone onto the Oracle website and I believe that I require a Support Identifier to apply the patch, so I done some Googling and its basically a subscription from Oracle. As its a small company is there a way to apply this patch for the community edition without the need to fork out a ton of money, or shall I just filter incoming traffic to the mysql port (Its not the actual fix but at least its one)?
Cheers for the help!
A first measure would be closing the MySQL port through a firewall (iptables), or at least restricting it to the machines in the internal network needing direct access to MySQL.
As for the patch: Maybe there are newer pre-built packages for your OS/distro which already contain the bugfix.
I have a sharepoint server on the DMZ and a SQL2008 server in the local domain.
When I try to get the list of .NETUsers for the Central Administration site from IIS (version 7.5) i get thrown error:26! I have tried all possible combinations in specifying the connection string.
I have also followed all directions on these links to resolve the isssue but it continues to persist.
http://blogs.msdn.com/b/sql_protocols/archive/2007/05/13/sql-network-interfaces-error-26-error-locating-server-instance-specified.aspx
AND
http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
Please advise.
Thanks
Firstly, could you check the versions in your question. IIS 6 runs on Windows 2003, but it is not possible to install SharePoint 2010 on Windows 2003.
This is a connection error, there are 2 possibilities:
The call from the SharePoint server is blocked before it arrives at the database
The call is being refused when it arrives at the database
You should start by making a drawing of the route between the Sp server and the database server. make sure to include all firewalls.
Then check the logs to see how far the call got.
You could also try monitoring the network traffic with wireshark to see exactly what is happening.
Going from the Error itself, it turned out be a quite a complicated issue that ended up being resolved after a few days on the phone with Microsoft. The error read "The RPC service is Unavailable". There were issues with the way NetBios and DNS was qualifying the site and server names.
I have an ASP.NET 4 application that has been in production for years running on Windows Server 2008 R2. It sends email, and is currently configured to send to a specific SmartHost.
I would like to eliminate the dependency on that SmartHost server (it might be going away). As I see it, I have two options:
Find another SmartHost - possibly in the cloud? Which concerns me because it's another point of failure and dependency.
Install & configure SMTP server on the same box as the application. I'm not wild about installing the 'IIS6-bits' that seem necessary to do this.
What's the best practice here? Are folks using external servers via SmartHost more or are you installing local SMTP servers?
I have chosen option 2, because, as you wrote, this eliminates another point of failure, namely the network path between your server and the smart host. Administering a send only mail server is not a big deal. I set up a local send only mail server about two years ago, and except an upgrade I did not do anything with it. Even the upgrade was not strictly necessary. I have to add that I was not completely new to configuring a mail server, and we already had a second mail server, giving additional safety.
On the other hand I have no experience with the SMTP server included in IIS (I only tried it once, several years ago, without success, and gave it up immediately), and I also found then that the choice of open source mail servers on Windows is limited.
I don't see anything wrong with IIS6 SMTP Server although I've only used it to relay to another SmartHost (GMail) and not had it send mail itself. It's a little tricky to set up but not that hard and has worked well for me.
Note: The IIS bits are still there even in Server 2012 and although deprecated Microsoft has provided no replacement. See my thoughts on What replaces IIS SMTP server in Windows Server 2012 on ServerFault.
I'd recommend using both IIS6 bits in conjunction with an external SmartHost (I use Gmail) for the benefits in the above referenced ServerFault answer of mine. I would think that setting up your own SMTP server is going to end up being more complicated and you may risk being blacklisted if you're not careful.