Search Results

Search found 2177 results on 88 pages for 'smtp relay'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 8/88 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • IIS's SMTP Pickup timing

    - by fatcat1111
    I have IIS's SMTP server set up as a closed relay, and it's working nicely. I also have an application that writes EML files. If the EML files are written to a temporary directory, then moved to the server's Pickup directory, email is sent as expected. However, if I have the application write the EML files directly to the Pickup directory, the email will often fail to send. This seems to be a race condition: the server starts processing the EML file as soon as it detects it in Pickup, even though the application hasn't completed writing it. The result is the server considers the EML to be malformed, and it punts it to Badmail. While I very much appreciate the server's earnestness, it seems that I need to dial it back a bit for this scenario. Does anybody know if IIS's SMTP server's polling frequency can be configured? I am using IIS7, Windows Server 2008 R2. The application that writes the EML cannot be modified.

    Read the article

  • How to setup a reliable SMTP server on Windows Server 2008 R2

    - by everwicked
    I know there are SMTP services out there which you can pay to send e-mails with but surely it's not that difficult to set up one of your own. How can I set up an SMTP server on Windows Server 2008 R2 that is: - Secure; only authorized users/hostnames/etc can send mail - Reliable; e-mails don't get lost - Not treated as spam; when e-mails are received from say gmail/outlook/hotmail they don't go straight to junk ** ** I understand this depends both on the server+e-mail headers AND e-mail content - I'm looking to safeguard the server part. Thanks!

    Read the article

  • Postfix SMTP sends to localhost, ignores MX records set to Google Apps

    - by Kerrick
    I have the MX records for zaltin.com set to the Google Apps domains (aspmx.l.google.com etc.). If an email is sent to [email protected] from most places, it goes to my Google Apps account. However, on the zaltin.com server (Ubuntu 10.04 if it matters), sending via SMTP (postfix), if I send to [email protected] (via the Pony ruby gem if it matters), it simply routes to kerrick@localhost (showing up via the mail command) instead of going to my Google Apps account (where it should show up in my GApps Gmail inbox). Can I make email sent via SMTP on my server, through my server, not go to my server but to Google Apps?

    Read the article

  • Windows 2008 RC2 IIS6 SMTP Virtual Servers - Limited to 4

    - by webnoob
    In line with this post: http://www.hugheserblog.com/2012/05/22/error-creating-iis-smtp-virtual-servers/ I am receiving the same issues: When we tried to add more than 4 IIS SMTP virtual servers, we got the error within IIS, “The system cannot find the path specified.” This post is almost 2 years old and my server is up to date with Windows updates so I assumed it would be fixed already. Does anyone know if I need to do something special (ie. contact Microsoft) to get a special fix for this? The information in the post suggests it should have been included in an update.

    Read the article

  • Looking for a free SMTP server program

    - by Richard
    Hello all, I am looking for a free SMTP server. I am currently using Free SMTP Server http://www.softstack.com/freesmtp.html This software works great other than the fact that it can only send 10 messages a day. This is a bit of a problem seeing that the software I am writing needs to send a message every half hour. Anyone knows of a good piece of software that does the same thing, but does not limit the amount of messages that can be sent in a day? I am using Windows XP, so software must be Windows friendly

    Read the article

  • SMTP redirecting to other port than 25

    - by Roalt
    How can you redirect your smtp traffic to another port than 25? My ISP blocks incoming traffic to port 25. I've been using ZoneEdit.com for this purpose for years (incoming mail traffic goes to another port and I redirect it via my firewall internally to port 25), but with the new system I cannot do it anymore. I'm not sure if I can do this by configuring MX and A records in the right way or if I need a SMTP redirecting service (such as rollernet.us)? I'm not an expert in Zone records but generally I know my way around for website traffic.

    Read the article

  • let CRON send emails through SMTP ( debian squeeze )

    - by supernova
    i would like to send emails whenever a cronjob has completed, i read that this is possible with exim4. in /etc/alias i added the line myuser: [email protected] in /etc/exim4/update-exim4.conf.conf i set dc_smarthost='smtp.myserver.ip::25 and in /etc/exim4/passwd.client i set smtp.myserver.ip:[email protected]:mypassword my problem is that i can't see any login at my mailserver, and in the exim logs i saw a few lines with 2012-10-13 09:17:01 1TMvy1-0001fp-F2 ** [email protected] R=nonlocal: Mailing to remote domains not supported 2012-10-13 09:17:01 1TMvy1-0001fr-JE <= <> R=1TMvy1-0001fp-F2 U=Debian-exim P=local S=17426 are there any additional config settings i have to set? edit : i solved the prev. error by running dpkg-reconfigure, but now i'm facing the following error <root@debian> R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host

    Read the article

  • Ruby send mail with smtp

    - by songdogtech
    I'm trying to send simple email via Ruby (no rails) on OS X, with XCode (which installs Ruby.) But I'm running into a problem with my smtp server which requires the email client to check mail before sending as a form of authentication. So with the script below I get an error: 500 Unrecognized command (Net::SMTPAuthenticationError). How can I get Ruby to authenticate with the smtp server in a "POP" fashion before I can send mail? Not download mail; I only want to send, but I have to check mail before I send. POP3 is not available at the smtp server. And I want to not have to install any other Ruby pieces and stay with using net/smtp, if at all possible. require 'net/smtp' message = <<MESSAGE_END From: A Test Sender <[email protected]> To: A Test User <[email protected]> Subject: e-mail test This is a test e-mail message. MESSAGE_END Net::SMTP.start('mail.domain.com', 25, 'localhost', '[email protected]', 'password', :plain)

    Read the article

  • Securing smtp with login

    - by Paul Peelen
    I have a ispconfig server, and it seems that someone is using it to send spam. I got about 130 "Mail Delivery System" email about declined send email. This spammer uses my email address as sent from adress, so I get all these email adresses to my mail. I am using Postfix and Courier. I installed my server according to this guide: http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3-p3 I did this a few months ago. My question: Can I secure my server to require login to be able to send email, and if so... how? Thanks! EDIT Some data from mail.log, these kind of error show up constantly: Jun 15 17:58:16 bolt postfix/qmgr[10712]: CC7DA1242AE: from=<paul@*****.se>, size=3782, nrcpt=1 (queue active) Jun 15 17:58:16 bolt postfix/smtp[11337]: CC7DA1242AE: to=<[email protected]>, relay=none, delay=4641, delays=4640/0.01/0.32/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=cmlisboa.pt type=MX: Host not found, try again) Jun 15 17:58:19 bolt postfix/smtpd[10836]: connect from static-200-105-220-154.acelerate.net[200.105.220.154] Jun 15 17:58:20 bolt postfix/smtpd[10836]: NOQUEUE: reject: RCPT from static-200-105-220-154.acelerate.net[200.105.220.154]: 550 5.1.1 <advertising@*****.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<[email protected]> to=<advertising@*****.com> proto=ESMTP helo=<static-200-105-220-154.acelerate.net> Jun 15 17:58:20 bolt postfix/smtpd[10836]: lost connection after DATA (0 bytes) from static-200-105-220-154.acelerate.net[200.105.220.154] Jun 15 17:58:20 bolt postfix/smtpd[10836]: disconnect from static-200-105-220-154.acelerate.net[200.105.220.154] Jun 15 17:58:29 bolt postfix/smtpd[10834]: connect from unknown[62.176.172.226] Jun 15 17:58:32 bolt postfix/smtpd[10834]: 386791241F9: client=unknown[62.176.172.226] Jun 15 17:58:34 bolt postfix/cleanup[10975]: 386791241F9: message-id=<[email protected]> Jun 15 17:58:34 bolt postfix/qmgr[10712]: 386791241F9: from=<[email protected]>, size=867, nrcpt=1 (queue active) Jun 15 17:58:35 bolt postfix/smtpd[10834]: disconnect from unknown[62.176.172.226] Jun 15 17:58:35 bolt amavis[11084]: (11084-17) Blocked SPAM, [62.176.172.226] [62.176.172.226] <[email protected]> -> <*****@*****>, Message-ID: <[email protected]>, mail_id: XczovKoMBYNr, Hits: 18.471, size: 867, 833 ms Jun 15 17:58:35 bolt postfix/smtp[10732]: 386791241F9: to=<*****@*****>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.5, delays=2.7/0/0/0.83, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=11084-17 - SPAM) Jun 15 17:58:35 bolt postfix/qmgr[10712]: 386791241F9: removed Jun 15 17:58:43 bolt postfix/smtpd[10836]: warning: 178.121.154.194: address not listed for hostname mm-194-154-121-178.dynamic.pppoe.mgts.by Jun 15 17:58:43 bolt postfix/smtpd[10836]: connect from unknown[178.121.154.194] Jun 15 17:58:45 bolt postfix/smtpd[10727]: connect from unknown[180.134.223.86] EDIT #2 Got some more info from the logs, this is a send request: mail.info.1:Jun 15 16:41:57 bolt amavis[5399]: (05399-06) Passed CLEAN, [110.139.48.64] [110.139.48.64] <paul@*****.se> -> <[email protected]>, Message-ID: <CHILKAT-MID-7c54ebcf-5501-de9b-f0b1-4f0234290d8d@HP-IRISH>, mail_id: 35l56Ramx6Nc, Hits: -2.941, size: 3329, queued_as: 2485770086, 136 ms mail.info.1:Jun 15 16:41:57 bolt postfix/smtp[4743]: 375C570082: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.8, delays=4.7/0/0/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05399-06, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 2485770086) Which apparently got thrue. Any ideas how to restrict this?

    Read the article

  • Plesk Postfix SMTP 550 5.7.1 "Command rejected" for one external sender

    - by Mnebuerquo
    My server is rejecting emails from one external sender. I suspect this might be misconfiguration on the sending server, but I'm not sure from these error messages. The non-delivery report message the sender gets contains this text: #5.7.1 smtp;550 5.7.1 Command rejected> #SMTP# I also see this message in /var/messages at about the same time as the rejection message was sent, though I'm not sure if it's actually related: Nov 29 12:29:28 localhost postfix/smtpd[31829]: sql_sqlite3 plugin: no result found I'm using Plesk 10.4.4 Update #47, Centos 6.2, Postfix 2.8.4-11100615 on my mail server. This is only happening for one sender so far, but I found a Google result on experts-exchange.com which seemed to identify the same problem and with the same sending domain. This was posted back in June, and currently has no answers, so even if I was a paying customer it wouldn't be answered. (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_27760746.html) The generating server is bigfish.com. What I need to determine is if this is a problem on my server or a problem with bigfish.com. Is there more information I can find in config files, logs, etc. to figure this out?

    Read the article

  • Mail queue directory stuck in IIS SMTP server

    - by Loftx
    Hi there, We have an IIS SMTP server which sends out a largish number of mails (4000 or so) in batches overnight, and recently we've seen mails get "stuck" in the queue directory. Normally restarting the SMTP service seems to fix this, but it's happened a few times so I'm looking for more information. We sent out around 12,000 emails last night in 3 batches of roughly 4000. Around 10 hours later there are still 2000 or so in the queue directory which don't seem to be leaving the queue. Any new mails which appear in the queue are picked up almost immediately and sent to their destination, but these 2000 or so don't seem to move. Looking at the date modified on the emails some match up with the time they were sent, but around 1000 of them have modified dates stretching up to now. e.g. there was one mail with a date in the message headers of 5:30 this morning, but it's date modified is 11:50 and there are 3 other messages with a date modified of 11:50, then 5 with 11:49, 2 with 11:45 stretching back for a few hours and all with actual message headers far earlier. The logs for the server look like this 11:54:52 127.0.0.1 EHLO - 250 11:54:52 127.0.0.1 MAIL - 250 11:54:52 127.0.0.1 RCPT - 250 11:54:52 127.0.0.1 DATA - 250 11:54:52 127.0.0.1 QUIT - 240 11:54:53 85.115.62.190 - - 0 11:54:53 85.115.62.190 EHLO - 0 11:54:53 85.115.62.190 - - 0 11:54:53 85.115.62.190 MAIL - 0 11:54:53 85.115.62.190 - - 0 11:54:53 85.115.62.190 RCPT - 0 11:54:53 85.115.62.190 - - 0 11:54:53 85.115.62.190 DATA - 0 11:54:53 85.115.62.190 - - 0 11:54:54 85.115.62.190 - - 0 11:54:54 85.115.62.190 QUIT - 0 11:54:54 85.115.62.190 - - 0 All codes are either 250 or 240 or 0. I believe 250 and 240 indicate success, but I don't know what all the 0s are. Could someone with more experience of mail server troubleshooting give me a hand or tell me what to try next. Thanks, Tom

    Read the article

  • Using 1and1.com Servers, SMTP Mail is Limited - Local XAMPP Server Works As Expected

    - by nicorellius
    I'm starting to not like 1and1.com that much. I've used them for years, but mainly for simple sites without much need for configuration. I know there are better hosting companies out and I may go seeking them. The problem here is that on my Local XAMPP server (sitting on a network with Comcast ISP), I have a PHP script that uses PEAR::Mail to send mail using MIME. The script works find locally with either smtp.1and1.com and corresponding credentials and smtp.gmail.com with corresponding credentials, using appropriate ports, etc. 1and1 tells me that I have to change the MX record on the domain where this script runs in order to make this work. This doesn't make sense to me. Now I'm pretty new to all this, but how is it that this is the case? Why can my local server work just fine, out of the box, but their servers not? I have asked them these questions, but they are very vague and I cannot get any good answers from them. Versions: PEAR Version: 1.5.0 PHP Version: 4.4.9 Zend Engine Version: 1.3.0 My apologies in advance for my ignorance. Thanks for the help in advance.

    Read the article

  • HP Power Manager SMTP setup doesn't have space for username & password

    - by Martha
    Is there some way to configure HP Power Manager to not assume that there's an email server running locally? We recently acquired an HP T1500 G3 UPS, which we're trying to control using HP Power Manager 4.2. The main reason we wanted to get this particular UPS is because it says it's capable of sending notifications (of the "Yo, the power's out, you may want to look into it" type) via email, as opposed to SNMP. Turns out, that's not entirely true. The server is running Windows Server 2003. It is not running an email server of any sort - we do that via two different providers. Outlook email is provided by Verizon, and our SMTP email service is provided by a small local company. When we use CDO to send auto-generated notification emails, we have to provide the SMTP server name, port, username, and password. The HP Power Manager interface only allows us to enter the server name and the username. Thus, not surprisingly, the emails never go anywhere. Help?

    Read the article

  • Trying to Set up SMTP Server on WIndows Server 2012

    - by datc
    I'm working on a website, and I need to test the functionality of sending email messages from ASP.NET, something like this: Dim msg As New MailMessage("email1", "email2") msg.Subject = "Subject"<br> msg.IsBodyHtml = True<br> msg.Body = "Click <a href='site'>here</a>." Dim client As SmtpClient = New SmtpClient() client.Host = "My-Server"<br> client.Port = 25<br> client.DeliveryMethod = SmtpDeliveryMethod.Network<br> client.Send(msg) This is running from a Windows 8 workstation. I've installed SMTP server on my Windows Server 2012 machine. The mail shows up in the mailroot/Queue folder and sits there, eventually getting deposited into Badmail. Now I have AT&T U-verse at home, and a few devices connected to the gateway, including let's call it "My-Server." When I run SmtpDiag from say, datc@... to [email protected] I get SOA serial number match passed, Local DNS (99-135-60-233.lightspeed.bcvloh.sbcglobal.net) & Remote DNS (hotmail.com) tests *not* passed, and ultimately, Connecting to the server failed. Error: 10060. Failed to submit mail to mx2.hotmail.com error. When I set My-Server's IP to static and equal to the external IP, 99.135.60.233, and again run SmtpDiag, I get SOA, Local DNS, and Remote DNS tests passed, but the same 10060 error. Same for yahoo.com, gmail.com, and so forth. Is it my ISP's job to fix this? Some PTR record missing somewhere? Is it at all possible to have a home-based SMTP server? All I want is to test my email code. Perhaps, my IP address is just not "trusted" somehow. Thanks.

    Read the article

  • rDNS for SMTP server locally with Mail hosted by third party

    - by Zleviticus
    Ok We have a difference of opinion on something and wanted to get some expert advice. We host our mail with our main domain "OurDomain.net" with a third part mail provider. We have an in house application that has to be able to send mail out to our clients. The problem is that sometimes the mail is flaky and will stop users from functioning in the program for 30 sec or more and appears to lock up. We have determined that the issue is with the mail piece. One solution is to use Database mail to queue up outbound emails to send out. The other is to set up an intenal SMTP server and send out mail through it. My fear is that we wil not be able to get rDNS to work properly and most of the mail will be blocked by our various client spam filters. Is it possible to set up the DNS for the servers so that we can send mail out like [email protected] using the smtp server in house and still pass the rDNS parameters that are normally set on spam filters? enquiring minds want to know.

    Read the article

  • james - mail server DNS configuration

    - by Chaitanya
    hi, I am setting up james mail server. I installed James and added in the config.xml added the servername as mydomain.com. In the DNS for mydomain.com, I have created a A-record, say mx.mydomain.com, which corresponds to the ipaddress of the above mail server machine. Then added mx.mydomain.com as MX record for mydomain.com. In James, I have created a new user test. From the user I have sent a mail to my gmail account. I see that the mail is accepted and the mail is in outgoing folder of James. But it's not relay to the gmail server. In the config.xml of James, I have added 8.8.8.8 and 8.8.4.4 as the dns server addresses, which are public DNS servers hosted by Google. IPTables on the machine is stopped. Thanks for your help!

    Read the article

  • Postfix multiple checks

    - by xBlue
    I want to achieve the following with Postfix: Run all emails through a black list Allow any clients sending to a list of domains Allow some clients sending to any domain This is what I have: (postfix is on 10.0.8.0 and some of the senders are 10.0.8.0 and 10.0.9.0) mynetworks_style = subnet smtpd_recipient_restrictions = check_recipient_access sqlite:/etc/postfix/access-bl.query, check_client_access hash:/etc/postfix/trusted_clients, check_recipie nt_access hash:/etc/postfix/local_domains, reject_unauth_destination, permit So, right now the black list works. File /etc/postfix/trusted_clients contains who can send anywhere (3), file /etc/postfix/local_domains contains where you can send (2). Those two are fine, they return properly. My problem is getting all three working together. Not sure if it's an ordering issue. Currently sending a test from 10.0.9.17 and I get Relay access denied. If I add: mynetworks = 10.0.8.0/24 10.0.9.0/24 then anyone can send anywhere, so #2 is not working. Postfix version is 2.10 on Ubuntu 14.04. Any ideas?

    Read the article

  • Dedicated Server emails ending up in Junk

    - by Pasta
    I have a dedicated server that works fine. Recently I added a new domain with a new dedicated IP address. The emails from the webserver gets sent out from the primary IP address which is different from the IP address of the domain. This causes the emails to end up in the Junk email folders. Is there anything I can do changing the SMTP server to the new IP address or configuring send mail? I need this for my php server on centos.

    Read the article

  • 5.5.0 smtp;554 transaction failed spam message not queued

    - by Miguel
    Some users are trying to send email to certain domains using Exchange Server 2003, but the message is always is rejected and the following message is shown: 5.5.0 smtp;554 Transaction Failed Spam Message not queued The IP is not in a black list (checked using http://whatismyipaddress.com/blacklist-check and is clean - not listed). The emails were checked using using smtpdiag ("a troubleshooting tool designed to work directly on a Windows server with IIS/SMTP service enabled or with Exchange Server installed") and the connection using port 25 is ok. Also, an nslookup with set type=ptr shows (names and IP changed, "" means I typed something): C:\Documents and Settings\administrator>nslookup Default Server: publicdns.isp.net Address: 10.10.10.10 > server publicdns.isp.net Default Server: publicdns.isp.net Address: 10.10.10.10 > set type=ptr >mydomain.com Server: publicdns.isp.net Address: 10.10.10.10 mydomain.com primary name server = publicdns.isp.net responsible mail addr = root.isp.net serial = 2011061301 refresh = 10800 (3 hours) retry = 3600 (1 hour) expire = 604800 (7 days) default TTL = 86400 (1 day) > 20.21.22.23 Server: publicdns.isp.net Address: 10.10.10.10 23.22.21.20.in-addr.arpa name = mail.mydomain.com 20.21.in-addr.arpa nameserver = publicdns.isp.net 20.21.in-addr.arpa nameserver = publicdns2.isp.net publicdns2.isp.net internet address = 10.10.10.11 publicdns.isp.net internet address = 10.10.10.10 Server: publicdns.isp.net Address: 10.10.10.10 23.22.21.20.in-addr.arpa name = mail.mydomain.com 20.21.in-addr.arpa nameserver = publicdns.isp.net 20.21.in-addr.arpa nameserver = publicdns2.isp.net publicdns2.isp.net internet address = 10.10.10.11 publicdns.isp.net internet address = 10.10.10.10 > set type=mx > mydomain.com Server: publicdns.isp.net Address: 10.10.10.10 mydomain.com MX preference = 10, mail exchanger = mail.mydomain.com mydomain.com nameserver = publicdns.isp.net mydomain.com nameserver = publicdns2.isp.net mail.mydomain.com internet address = 20.21.22.23 publicdns2.isp.net internet address = 10.10.10.11 publicdns.isp.net internet address = 10.10.10.10 > set type=a > mydomain.com Server: publicdns.isp.net Address: 10.10.10.10 Nombre: mydomain.com Address: 20.21.22.23 When I test the spf record with http://www.mxtoolbox.com it shows: TXT mydomain.com 24 hrs v=spf1 a mx ptr ip4:20.21.22.23 mx:mail.mydomain.com -all Any clues of what's happening here?

    Read the article

  • SMTP account without POP3/IMAP account in Thunderbird

    - by KP
    I'd like to set up Thunderbird to be able to send messages via an SMTP server, but I don't want to actually download any messages from a POP3 or IMAP account to Thunderbird's local storage. Is there any way to get Thunderbird to send messages without creating an incoming account? Currently, I'm unable to use the Write/Send features if I just have an outgoing server set up, but no incoming account.

    Read the article

  • SMTP Remote Queue on Exchange 2003

    - by Adam
    We are currently using Windows Server 2003 R2 with Exchange 2003 and SolarWinds Exchange Monitor to monitor. A couple of weeks ago the SMTP remote queue began to build up and it got to about 150 messages in the queue when it began to go down. For the last couple of days the queue has been building up and it has now reached 450 messages. Is there anyway that i can clear this and is it anything that I need to worry about? Thanks guys!

    Read the article

  • Integration Patterns with Azure Service Bus Relay, Part 1: Exposing the on-premise service

    - by Elton Stoneman
    We're in the process of delivering an enabling project to expose on-premise WCF services securely to Internet consumers. The Azure Service Bus Relay is doing the clever stuff, we register our on-premise service with Azure, consumers call into our .servicebus.windows.net namespace, and their requests are relayed and serviced on-premise. In theory it's all wonderfully simple; by using the relay we get lots of protocol options, free HTTPS and load balancing, and by integrating to ACS we get plenty of security options. Part of our delivery is a suite of sample consumers for the service - .NET, jQuery, PHP - and this set of posts will cover setting up the service and the consumers. Part 1: Exposing the on-premise service In theory, this is ultra-straightforward. In practice, and on a dev laptop it is - but in a corporate network with firewalls and proxies, it isn't, so we'll walkthrough some of the pitfalls. Note that I'm using the "old" Azure portal which will soon be out of date, but the new shiny portal should have the same steps available and be easier to use. We start with a simple WCF service which takes a string as input, reverses the string and returns it. The Part 1 version of the code is on GitHub here: on GitHub here: IPASBR Part 1. Configuring Azure Service Bus Start by logging into the Azure portal and registering a Service Bus namespace which will be our endpoint in the cloud. Give it a globally unique name, set it up somewhere near you (if you’re in Europe, remember Europe (North) is Ireland, and Europe (West) is the Netherlands), and  enable ACS integration by ticking "Access Control" as a service: Authenticating and authorizing to ACS When we try to register our on-premise service as a listener for the Service Bus endpoint, we need to supply credentials, which means only trusted service providers can act as listeners. We can use the default "owner" credentials, but that has admin permissions so a dedicated service account is better (Neil Mackenzie has a good post On Not Using owner with the Azure AppFabric Service Bus with lots of permission details). Click on "Access Control Service" for the namespace, navigate to Service Identities and add a new one. Give the new account a sensible name and description: Let ACS generate a symmetric key for you (this will be the shared secret we use in the on-premise service to authenticate as a listener), but be sure to set the expiration date to something usable. The portal defaults to expiring new identities after 1 year - but when your year is up *your identity will expire without warning* and everything will stop working. In production, you'll need governance to manage identity expiration and a process to make sure you renew identities and roll new keys regularly. The new service identity needs to be authorized to listen on the service bus endpoint. This is done through claim mapping in ACS - we'll set up a rule that says if the nameidentifier in the input claims has the value serviceProvider, in the output we'll have an action claim with the value Listen. In the ACS portal you'll see that there is already a Relying Party Application set up for ServiceBus, which has a Default rule group. Edit the rule group and click Add to add this new rule: The values to use are: Issuer: Access Control Service Input claim type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier Input claim value: serviceProvider Output claim type: net.windows.servicebus.action Output claim value: Listen When your service namespace and identity are set up, open the Part 1 solution and put your own namespace, service identity name and secret key into the file AzureConnectionDetails.xml in Solution Items, e.g: <azure namespace="sixeyed-ipasbr">    <!-- ACS credentials for the listening service (Part1):-->   <service identityName="serviceProvider"            symmetricKey="nuR2tHhlrTCqf4YwjT2RA2BZ/+xa23euaRJNLh1a/V4="/>  </azure> Build the solution, and the T4 template will generate the Web.config for the service project with your Azure details in the transportClientEndpointBehavior:           <behavior name="SharedSecret">             <transportClientEndpointBehavior credentialType="SharedSecret">               <clientCredentials>                 <sharedSecret issuerName="serviceProvider"                               issuerSecret="nuR2tHhlrTCqf4YwjT2RA2BZ/+xa23euaRJNLh1a/V4="/>               </clientCredentials>             </transportClientEndpointBehavior>           </behavior> , and your service namespace in the Azure endpoint:         <!-- Azure Service Bus endpoints -->          <endpoint address="sb://sixeyed-ipasbr.servicebus.windows.net/net"                   binding="netTcpRelayBinding"                   contract="Sixeyed.Ipasbr.Services.IFormatService"                   behaviorConfiguration="SharedSecret">         </endpoint> The sample project is hosted in IIS, but it won't register with Azure until the service is activated. Typically you'd install AppFabric 1.1 for Widnows Server and set the service to auto-start in IIS, but for dev just navigate to the local REST URL, which will activate the service and register it with Azure. Testing the service locally As well as an Azure endpoint, the service has a WebHttpBinding for local REST access:         <!-- local REST endpoint for internal use -->         <endpoint address="rest"                   binding="webHttpBinding"                   behaviorConfiguration="RESTBehavior"                   contract="Sixeyed.Ipasbr.Services.IFormatService" /> Build the service, then navigate to: http://localhost/Sixeyed.Ipasbr.Services/FormatService.svc/rest/reverse?string=abc123 - and you should see the reversed string response: If your network allows it, you'll get the expected response as before, but in the background your service will also be listening in the cloud. Good stuff! Who needs network security? Onto the next post for consuming the service with the netTcpRelayBinding.  Setting up network access to Azure But, if you get an error, it's because your network is secured and it's doing something to stop the relay working. The Service Bus relay bindings try to use direct TCP connections to Azure, so if ports 9350-9354 are available *outbound*, then the relay will run through them. If not, the binding steps down to standard HTTP, and issues a CONNECT across port 443 or 80 to set up a tunnel for the relay. If your network security guys are doing their job, the first option will be blocked by the firewall, and the second option will be blocked by the proxy, so you'll get this error: System.ServiceModel.CommunicationException: Unable to reach sixeyed-ipasbr.servicebus.windows.net via TCP (9351, 9352) or HTTP (80, 443) - and that will probably be the start of lots of discussions. Network guys don't really like giving servers special permissions for the web proxy, and they really don't like opening ports, so they'll need to be convinced about this. The resolution in our case was to put up a dedicated box in a DMZ, tinker with the firewall and the proxy until we got a relay connection working, then run some traffic which the the network guys monitored to do a security assessment afterwards. Along the way we hit a few more issues, diagnosed mainly with Fiddler and Wireshark: System.Net.ProtocolViolationException: Chunked encoding upload is not supported on the HTTP/1.0 protocol - this means the TCP ports are not available, so Azure tries to relay messaging traffic across HTTP. The service can access the endpoint, but the proxy is downgrading traffic to HTTP 1.0, which does not support tunneling, so Azure can’t make its connection. We were using the Squid proxy, version 2.6. The Squid project is incrementally adding HTTP 1.1 support, but there's no definitive list of what's supported in what version (here are some hints). System.ServiceModel.Security.SecurityNegotiationException: The X.509 certificate CN=servicebus.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The evocation function was unable to check revocation because the revocation server was offline. - by this point we'd given up on the HTTP proxy and opened the TCP ports. We got this error when the relay binding does it's authentication hop to ACS. The messaging traffic is TCP, but the control traffic still goes over HTTP, and as part of the ACS authentication the process checks with a revocation server to see if Microsoft’s ACS cert is still valid, so the proxy still needs some clearance. The service account (the IIS app pool identity) needs access to: www.public-trust.com mscrl.microsoft.com We still got this error periodically with different accounts running the app pool. We fixed that by ensuring the machine-wide proxy settings are set up, so every account uses the correct proxy: netsh winhttp set proxy proxy-server="http://proxy.x.y.z" - and you might need to run this to clear out your credential cache: certutil -urlcache * delete If your network guys end up grudgingly opening ports, they can restrict connections to the IP address range for your chosen Azure datacentre, which might make them happier - see Windows Azure Datacenter IP Ranges. After all that you've hopefully got an on-premise service listening in the cloud, which you can consume from pretty much any technology.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >