Remember my call to action in Web applications and SMTP proxies don't mix well (it seems)? I mentioned that I am guilty as well - not only for Web applications as it turned out, but also for other server-based software, such as the Subversion post-commit hook I wrote.
You can already guess the contents of the change log (the last public version was 1.7):
- SMTP authentication & SMTP server port options added
If you are running the hook today, all you need to do is copy the new post-commit.exe over your existing one (assuming you use 1.7), and add the following four lines to your post-commit.exe.config's <appSettings> section:
<add key="SMTPAuthentication" value="" />
<add key="SMTPServerPort" value="25" />
<add key="SMTPUsername" value="username" />
<add key="SMTPPassword" value="password" />
Those values default post-commit.exe to the 1.7 behavior. To use authentication, set SMTPAuthentication to BASIC, and provide username and password. Most of the time, you will not need to play with the server port.
Finally, here is the usual binary & source code archive:
SvnPostCommitHook1.8.0.51014.zip (424.24 KB)
My dedicated server box not only serves Web applications (such as this blog), it also handles mail for the respective domains. This means I have to deal with spam. Which on one hand is nice because I can do whatever I please: drop mail based on whatever criteria I set up, and use whatever filtering software I need.
This is how the NoSpamToday! SMTP Proxy found its way on my box. I simply got tired of maintaining my (rather old) standalone SpamAssassin installation, and dealing with MailEnable's integrated but not chained RBL / SPF / virus scanning (by not chained I mean that those filters are evaluated separately, not like SA, where all filters[rules] are weighted and evaluated as a whole).
Because I only have one box, I had to resort to relocate MailEnable to port 45, so that NoSpamToday! could listen on 25 and forward to MailEnable if appropriate (*). I did configure SMTPS previously (port 465 redirected to localhost:45 via stunnel), so standard users could deliver their mail directly to MailEnable instead of having their outgoing mail scanned by the proxy.
But what about my Web applications? Initially, those were sending to localhost directly, and as such I had a relaying exception set up in MailEnable. This one had to go, obviously. So how can applications deliver mail to the mail server via the proxy? SMTP authentication is necessary for this to happen.
But this doesn't solve the whole issue, it opens a can of worms, performance-wise. The problem is, every single application (Community Server, dasBlog, Gemini, ...) assumes that your SMTP server listens on port 25. Wrong. That's the proxy. And that's a problem: all local outgoing email from those applications is scanned by antivirus and antispam filters. And that's completely wasting CPU resources. As well as adding to # of addresses accepted by the backend mailserver, driving up the licenses that would be needed for NoSpamToday! (**).
Call to action: Implement not only SMTP authentication in your applications, but also make the SMTP server port configurable. I'm guilty as well.
(*)
(**)
This whitepaper introduces the guiding principles and thoughts behind the .NET Framework, the core features of the Common Language Runtime and its supporting Framework Base Class Libraries and how it is evolving in the next major version.