Patch Lady – need a way for a device to email?

Topic

New Reply

With the demise of the Small Business Server platform, one of the changes I’ve made to my network is not using the same mail server that I use for the
[See the full post at: Patch Lady – need a way for a device to email?]

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

woody, AlexEiffel, Kirsty

Reply | Quote

Replies

I just install the SMTP server role on any suitable server and configure it to only accept connections from the IP addresses of the printers on the network.  It then has Office 365 configured as the smart host.  Simple, reasonably secure, and free.

Reply | Quote

Don’t you still have to have basic auth enabled for the smart host function?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I don’t think so, because there isn’t any authentication. You just create a receive connector for your on-site server and anything with the correct domain name gets routed.

Reply | Quote

What do you use as the smart host? Is it the MX record? e.g. example-com.mail.protection.outlook.com

Reply | Quote

Yes, the mx record is used for the smart host.

1 user thanked author for this post.

steeviebops

Reply | Quote

techweenie wrote:

Yes, the mx record is used for the smart host.

Thanks. That’s how I’ve been doing it myself.

Reply | Quote

Susan, I wonder if smtp2go.com offer different plans to different geographic locations. The cheapest paid plan I’m being shown is the Gold plan, @ $14/month for 20,000 emails.

Even a web-search for their Silver plan didn’t yield results… odd!

Reply | Quote

I’ve sent them an email.  I just set it up last month and for sure it was there then.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Do, in this order:

1. Standardize printer settings and secure printers onto their own network.
2. Revamp GPOs, cleaning up garbage and adding security as recommended in STIGs.
3. Revisit OU structure to better allow for GPOs to function.
4. run this ldap query either with get-aduser -ldapfilter or in the ADUC saved queries
   1. Users set with flags other than NORMAL_ACCOUNT, ACCOUNTDISABLE, or DONT_EXPIRE_PASSWORD
   2. (&(objectClass=user)(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.804:=33438201))
   3. 99% of the time anything returned on this query is almost always a security concern and needs to be analyzed
5. Audit remaining groups and service accounts for use.
6. Start locking down and auditing network communication with an always-on vpn.

Reply | Quote

Well, most ISPs around here still have an outgoing mail route for their subscribers’ use. So, relaying through that with the appropriate SPF etc. entries should work.

I prefer to use a dedicated sender address for these that’s either a shared mailbox or an alias for some such, definitely not a primary address of any user account, so returns (bounces and whatever) get caught but that address cannot log in anywhere.

Well, either that or put up a proper connector setup. Preferably through a local secured feeder server, really not impressed by the sending engines on various multifunction office devices…

Reply | Quote

Pegasus Mail and the Mercury Mail Transport System.

I have used Pegasus as an e-mail client for decades. I have no experience with the Mercury mail server but might be worth a look. Coded as an indipendent by the amazing David Harris.

W10&11 x64 Pro&Home

Reply | Quote

If using GSuite, you can use their SMTP gateway and whitelist certain IP addresses to accept the forwards from. Works fairly well at a few of my clients.

Reply | Quote

techweenie wrote:

I just install the SMTP server role on any suitable server and configure it to only accept connections from the IP addresses of the printers on the network

On in-house systems I used the SMTP connector with auth free for the local domain only. Then it’s not a relay.

cheers, Paul

Reply | Quote

As we administer Mailchimp for several of our customers in the UK, we’ve used Mandrill for all of our supported devices for several years.  We have it configured on all printer/copier/scanner devices for scan-to-email functionality and also within StorageCraft products we have deployed across on-premises servers to send us nightly reports for backups.

We use a different SMTP API (password) for each client and overall Mandrill has been rock solid for us for several years now.

Reply | Quote