Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Bind IP to Outgoing SMTP
  •  
rethaew

Messages: 14
Karma: 0
Send a private message to this user
According to previous threads, it is not possible for KMS to bind to a specific IP address for outgoing SMTP connections on servers with multiple IPs (even though this is common place on most professional mail servers).

Has anyone found a work around for this on win2003? It has become important for us to force smtp to go out on a specific IP. There is probably a way to either do this in routing and remote access, or a third party firewall/nat program. But I wanted to check in to see if anyone has done anything with this before I dive in to the project.

Thanks!
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I haven't found a way to do it on the machine. I used our firewall (WatchGuard) to do it. On the outbound SMTP rule, I used a setting to force all outbound connections matching the rule to use a specified IP address, which overrides the static NAT settings. It wouldn't work if you need to have multiple IP addresses on the server delivering mail from multiple specified external IP addresses though.

Scott
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
Limit the SMTP service to the IP you need?
Not the most fancy solution, but it should work - unless you need to accept incoming SMTP on more than that IP!

Your clients do use the SMTP Submission service, right? Smile (that can then use internal IP's as well...)

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
rethaew

Messages: 14
Karma: 0
Send a private message to this user
I am talking about outbound SMTP, not inbound. binding the SMTP service to an IP only deals with incoming connections. I have two nics on this server with two separate internet connections. Each nic has 2 internet IP addresses. I need to force all outbound SMTP connection to use a specific nic/IP assignment.

As much as I love KMS, some things that seem very trivial are missing from it.
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
Well, then I will asume Kerio uses the OS to connect, and the OS uses the default gateway. As far as I remember with WinOS, you can get that with ipconfig - right?
But since Kerio does not offer domain-based binding for SMTP Out, I guess you are out of luck in that regard.

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I would agree. Some very trivial things are missing. I can't think of another mail server I've used that didn't support outbound IP binding. Worse yet, nobody seems to listen. This has come up a number of times before in the forums over the years, and still it's missing. It's a standard feature people expect to be there, and when it's not, it causes big issues.

Scott
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
@sedell: Well, the serve ris available as a full unlimited 30 day trial, so I guess you have a chance to test it out before spending money.
But yes, it would be nice to get some of those core features added.
Remember to voice your requests at support.kerio.com !

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
taittinger_hi

Messages: 5
Karma: 0
Send a private message to this user
In the mailserver.cfg file, I found the following statement in the "Misc" list and the list per domain config:

<variable name="BindIp">0.0.0.0</variable>

Maybe you can change this IP in order to bind outgoing SMTP to a specific IP?
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user

Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
taittinger_hi

Messages: 5
Karma: 0
Send a private message to this user
OK I see, that's a pity ...

[Updated on: Wed, 31 March 2010 14:53]

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
marook wrote on Wed, 31 March 2010 05:53
Well, the serve ris available as a full unlimited 30 day trial, so I guess you have a chance to test it out before spending money.


30 day trials only do so much. For a start, it's probably impossible to test every single scenario, and if you could, I don't think 30 days would be enough. Some things just get missed.

Also, environments change. You may test on a single NIC server, then deploy on a single NIC server, only to eventually have to move the software to another machine that has dual NICs. Or you might have dual NICs, but one is disabled. Now you need it, so you enable it, and all hell breaks loose. For most other mail servers, that wouldn't cause even the slightest problem.

Even more fun is when you test something out, then deploy it only to have a behavior or feature change by an update or patch. Sometimes you don't catch it until it's too late, sometimes you're forced to update anyway because there's a fix that's more important in that update.

A 30 day trial is great for catching glaring problems. It generally doesn't give most people the opportunity to catch the smaller issues. When you end up with a whole lot of small issues, they add up to make for a big headache.

Scott
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
30 day trials only do so much

In almost all cases, your dealer is happy to arrange for an extension beyond 30 days. I often find that helps my customers feel that they have fully evaluated before committing to buy.

Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
rethaew

Messages: 14
Karma: 0
Send a private message to this user
I think has become "standard" for mail servers. Generally speaking if Kerio wants to get over the hump and have its mail server be a serious condender, they need to address all these little quirks about it. Until then, IT managers like myself will not be interested in using it. I inhereted KMS server from a previous IT guy at my company. It does ok for what we need, but I have been seriously testing other software. I was hoping that with version 7 it would make a great leap forward, but it didn't. This should still be in 6.x series - not seeing major version upgrade.

But I am not a programmer so I guess I don't know. Maybe it would take a team of top programmers 6 months working 16 hour shifts to add outbound IP binding, so maybe it isn't cost effective for Kerio.
  •  
Tomas Soukup (Kerio)

Messages: 151
Karma: 0
Send a private message to this user
Hello,

could you, please, describe the use-case, why you need to limit outgoing SMTP? I can come up with several reasons, but don't know which is right. This would to help us when considering this feature to be in Kerio Connect.
Thank you!

Tomas Soukup
Product Development Manager
Kerio Technologies

sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Kerio_tsoukup wrote on Tue, 06 April 2010 05:17
Hello,

could you, please, describe the use-case, why you need to limit outgoing SMTP? I can come up with several reasons, but don't know which is right. This would to help us when considering this feature to be in Kerio Connect.
Thank you!

On a multi-homed server (multiple IP's on 1 NIC). Different IP's resolve to different domain names, therefore KMS should bind to 1 IP for sending, in order to match the MX record of the MTA.

Example
192.168.1.1 resolves to domain mx.test.com
192.168.1.2 resolves to domain www.mysite.com

When Kerio sends mail it should be bound to send from 192.168.1.1 as this is the mx record for this domain. Sending from 192.168.1.2 will give RDNS of www.mysite.com and messages could fail various anti-spam setups on the receiving server.
Previous Topic: Fulltext Search files sizes and system impact?
Next Topic: Undeliverable Calendar email...again and agaqin
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 20:22:09 CET 2017

Total time taken to generate the page: 0.00497 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.