Scott MacMaster
February 8th, 2008, 02:07 PM
We recently setup an emergency alert system that send alerts to cell phone, e-mails etc.
When someone signs up their account might not get setup (possibly because their cell phone is not supported). These people get put in an unvalidated user list. Now I'm working on writing a program that get's their e-mail from our student information system and sends an e-mail to them giving them suggestions on how to get signed up.
This is the code I used to connect to our exchange server.
Dim client As SmtpClient = New SmtpClient("exchangeclstr1")
client.Credentials = Net.CredentialCache.DefaultNetworkCredentials
client.Send(message)
This works on our development server. However, it doesn't work on a regular pc. I get a time out error message. I suspect it has something do this with Outlook being installed on the pc but not the development server.
I then tried to code
Dim client As SmtpClient = New SmtpClient("exchangeclstr1")
client.Credentials = New Net.NetworkCredential(username, password, "bc3campus")
client.Send(message)
This got it to work. However, this brought up some security concerns because it also works when I use an invalid username/password. Note, it doesn't work if I use a valid username but invalid password.
We're concerned that anyone can connect to our exchange server and use it as a relay. Our network guy says smtp authenticates by checking the ip address not username/password. So I wonder why I even have to have username/password for this to work. That and our firewall should stop anyone external from using our exchange server. However, someone internal could use a program to anonymously connect to our exchange and send out spam.
Well, I suppose I'm just doing a lot of guessing here. Mainly, I'm hoping someone could explain the security/authentication that's going on here.
Thanks,
Scott
When someone signs up their account might not get setup (possibly because their cell phone is not supported). These people get put in an unvalidated user list. Now I'm working on writing a program that get's their e-mail from our student information system and sends an e-mail to them giving them suggestions on how to get signed up.
This is the code I used to connect to our exchange server.
Dim client As SmtpClient = New SmtpClient("exchangeclstr1")
client.Credentials = Net.CredentialCache.DefaultNetworkCredentials
client.Send(message)
This works on our development server. However, it doesn't work on a regular pc. I get a time out error message. I suspect it has something do this with Outlook being installed on the pc but not the development server.
I then tried to code
Dim client As SmtpClient = New SmtpClient("exchangeclstr1")
client.Credentials = New Net.NetworkCredential(username, password, "bc3campus")
client.Send(message)
This got it to work. However, this brought up some security concerns because it also works when I use an invalid username/password. Note, it doesn't work if I use a valid username but invalid password.
We're concerned that anyone can connect to our exchange server and use it as a relay. Our network guy says smtp authenticates by checking the ip address not username/password. So I wonder why I even have to have username/password for this to work. That and our firewall should stop anyone external from using our exchange server. However, someone internal could use a program to anonymously connect to our exchange and send out spam.
Well, I suppose I'm just doing a lot of guessing here. Mainly, I'm hoping someone could explain the security/authentication that's going on here.
Thanks,
Scott