I get asked this question a lot:
I need to be able to relay mail off of my GroupWise server to outside users or systems, but GroupWise won't let me (or won't let me without authentication). This prevents me from doing what I need, how do I get around this? Can it be done?
In reality, this is very common. Many people need to relay mail from other internal, and sometimes even external systems. It might be a monitoring system, or custom app that sends notifications to customers. There are plenty of legitimate reasons, it just takes some simple configuration on the GroupWise Internet Agent (GWIA) to make it happen.
In the snippet of the log file above, you see that an internal device, 192.168.0.21 attempted to connect to GroupWise and relay to a gmail.com address. As this is not permitted, the action was denied. It's an expected response, but is something that is easily changed if you have a business need to allow relays.
A little about how GroupWise Relays works.
By default, and for security purposes, GroupWise requires authentication in order to relay off of the GWIA via SMTP. This is just smart because otherwise, anybody could have free access to your server and your system may become identified as what is called an "Open Relay". When this happens, your system attracts spammers to use and abuse your system to launch their spam attacks on others. It can get real ugly, and you don't want that. With the spambots out there constantly scanning for targets, your badly configured system could be identified as an open relay within 24 hours. So in a default configuration, GroupWise works exactly how you want and prevents this spam situation from happening.
However, you probably have a legitimate reason for wanting to use the GWIA as a springboard for sending messages. It's a very common situation, and GroupWise can handle it really nicely. All you have to do is change the configuration of the GWIA slightly and allow "Exceptions" to the standard relay prevention rule. These Exceptions are essentially instructions to let specific systems relay SMTP mail off of the GWIA without authentication, while remaining restricted to any host not in the exception list.
Instructions for Accessing Relay Control Dialog
- Open ConsoleOne and connect to the GroupWise Domain where the GWIA resides.
- Open the properties of the Internet Agent Gateway (GWIA).
- Click on the "Access Control" tab (Drop-down) and select "SMTP Relay Settings".
You should see that the GWIA is configured to "Prevent Message Relaying". You "could" just change it to "Allow Message Relaying", but you DO NOT WANT TO DO THIS. I emphasize, Do NOT Change it to "Allow Message Relaying." This will create an open relay which will result in your system being compromised. You will become blacklisted and it gets ugly really quick. You should see the dialog below: