How To Troubleshoot Your No Spam Today! for Servers Installation
So you just installed No Spam Today!, but the No Spam Today! service is not starting? Or everything seems to be working fine, but the simple relay check is complaining about open relays? Relax, you found the right document.
About Sockets, Ports and Listeners
An SMTP server is constantly ready to receive incoming connections from other mail transfer agents (MTAs, mail clients or other mail servers). In other words, it is listening on the SMTP port of your machine.
As a rule, only one program can be listening at the same time on any given port
for any IP address, and if you run No Spam Today! and the mail server software
on the same machine, this is the first trouble you may run into:
Your mail server and No Spam Today! contend for the SMTP port of your machine,
but only one can use it, while the other fails to initialize. If No Spam Today!
fails to grab the port, it will file a complaint in its logfile, and exit
(look for a WSAEADDRINUSE message in nospamtoday.log).
To fix this problem, make sure No Spam Today! is the only program configured to listen on the SMTP port. This can be done two ways: by using different ports for the mail server and for No Spam Today!, or by using different IP addresses for No Spam Today! and for your mail server.
Some more things to keep in mind:
- Prefer using two IP addresses over using two different ports:
Adding an IP address to a Windows machine is only
a few mouse-clicks away, and IP addresses in the
192.168.x.xor10.x.x.xranges are plentiful. Make sure both your mail server and No Spam Today are listening only on their own IP addresses, and not on all IP addresses. With some mail servers this setup simplifies open relay protection. If you keep the old IP address for your mail server, you do not need to reconfigure the SMTP server settings of your users' mail clients (after all, you don't want to check outgoing mail from your users for spam). - Avoid using the loopback interface
127.0.0.1as outgoing server address, because some mail servers consider all mails delivered fromlocalhostconnections as "trusted". This makes it difficult to configure open relay protection.
Once both your mail server and No Spam Today! are up and running, it is time to check that everything is working right.
Testing the Basic Proxy Setup
Fortunately, the
SMTP protocol was
designed to be readable by human eyes. Because of this, the ubiquitous,
ages-old telnet program proves most useful
to test your setup. In Windows, you can run telnet from the start menu
(choose "Execute", and type "telnet"). Here is the transcript of a sample
telnet session:
C:\>telnet 192.168.0.12 25
Trying 192.168.0.12...
Connected to mail.byteplant.com.
Escape character is '^]'.
220 mail.byteplant.com ESMTP Exim 3.35 #1 Thu, 25 Mar 2004 16:59:54 +0100
QUIT
221 mail.byteplant.com closing connection
Connection closed by foreign host.
Try to connect with telnet to both your mail server, and to No Spam Today!,
once the server sends its welcome, issue a QUIT command.
If everything works, you will get exactly the same replies both times.
If you are a good typist
(you do not need to be fast, but you must not make any typing errors) you can
send emails with telnet. There is no need for such luxury as an
email client. Try, just for the fun of it, to send a mail from
god@heaven.above to your friend. All you need to know can be found in the
SMTP protocol specification.
Relay Settings
Relaying is... whenever one of your users is sending a mail over your mail server to an outbound address. Clearly, you can't allow this to happen for just anybody connected in from the outside world: spammers would use your mail server to harrass innocent people, your mail server would get listed in an open relay database, and and and...
The "Simple Open Relay Check" integrated in the No Spam Today! admin wizard tests just this. It tries all the preliminary steps of sending a mail to support@byteplant.com, using your mail server. If your mail server allows this without an error reply, there is a problem, and you are not finished configuring yet:
- Most mail servers allow relaying only for certain, explicitly specified IP addresses or hostnames only. When configuring this list, make sure No Spam Today!'s IP address is not on this list.
- And here is why you should not use a different IP address for No Spam Today!,
and why we recommend not to use
localhostas outgoing server address: Some servers implicitly trust all mails from localhost, or from its own IP address. - If, for some reason, you are unable to get relay protection configured in your mail server, there is a fallback solution provided in No Spam Today!'s setup. Enter all the addresses you want to accept mail for (or the domain you want to accept mail for) on the "Relay Protection" page of the admin wizard. Make sure that whatever you enter here is correct, because a spelling error here may cut you off from any mail delivery for good.
Some mail servers, have the vexing habit to accept mails to any recipient address in the local domain. Undeliverable mails are silently forwarded to postmaster. If you can't find a way to turn this off, you can use No Spam Today!'s relay protection setting to achieve the same. Enter all allowable mail addresses and aliases here, and all other mail will be rejected outright by the No Spam Today! proxy.
NoSpamToday! and Microsoft Exchange
In a two IP address setup, Microsoft Exchange 2000 sometimes grabs the SMTP port on all interfaces, even when it has been configured not to. Click here for a Microsoft knowledge base article that tells you what to do.
Closing Remarks
This document is far from complete, and will continue to evolve. Please submit hints and suggestions to , we are happy to make anything helpful available to other users.