Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Bounce Inbound Email Messages

hartjed
Champ in-the-making
Champ in-the-making

‎10-19-2012 04:22 PM

Hi,

I've finally gotten through the pains of getting inbound email to work, however in the process I have also discovered some alarming info that gets returned to sender when alfresco gets an email but rejects it.  For example, when I send an email from an email account that either is not configured as a user, or is not in the allowed senders domain (global.properties), the email isn't simply ignored, but returned with a "denied access" message which includes the error code AND worst of all, the IP address of the internal Alfresco server. 

We are intentionally not providing direct access to Alfresco either to share/alfresco explorer or through email (using an email gateway).  That Alfresco is not only acknowledging the email service is available but also telling the whole world the internal IP address of the server it's running on is pretty scary.

Anyone know how to mitigate this issue?
Labels:
0 Kudos
4 REPLIES 4

mrogers
Star Contributor
Star Contributor

‎10-19-2012 06:19 PM

IP addresses are not secret.    That's not something that is normally "secured".

Instead networks are secured by things like firewalls and bridges.

If it is an "internal" IP address then it can't be accessed directly.
0 Kudos

hartjed
Champ in-the-making
Champ in-the-making

‎10-22-2012 12:12 PM

IP addresses are not secret.    That's not something that is normally "secured".

Instead networks are secured by things like firewalls and bridges.

If it is an "internal" IP address then it can't be accessed directly.

The issue is that information is being provided that should not and does not need to be revealed.  Put your hacker hat on for a minute and you will realize the value of that information.  When was the last time you got an email rejected that told you the internal IP address of the mail server?  Logging the information is great, even sending an email to the administrator, but why would you want to include that info for anyone and everyone?
0 Kudos

mrogers
Star Contributor
Star Contributor

‎10-22-2012 12:51 PM

Are you sure the information is comming from alfresco rather than your email infrastructure?  If its Alfresco then please raise a JIRA and I'll take a look.
0 Kudos

mrogers
Star Contributor
Star Contributor

‎10-23-2012 12:26 PM

I don't think its coming from Alfresco.    I've got a wire capture in front of me of a failed SMTP message and all that is being sent over the wire is a 554 response (transaction failed) with a single string in the error response.   There is nothing about IP addresses.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC