2
Can't add IPv4 address in Bindings
Problem reported by Stephen Clarke - 9/13/2021 at 3:02 PM
Submitted
I'm very familiar with SM < v15 and evaluating the new version for migration.
It is installed as a Free Edition on an Azure VM, but the public IP of the VM is not appearing as one of the IP addresses available for bindings.
It has only
::1
127.0.0.1
(local IPv4 on vnet)
(local IPv6 on vnet)

It says here:  "If you need to add IPs to the list, click the New button.  "
help.smartertools.com/smartermail/current/topics/systemadmin/settings/bindings/ipaddresses.aspx

But there is no such button.
Apparently these addresses are supposed to be drawn from the NIC?  But it doesn't seem to be aware of the public IP, so I cannot connect to any services externally.
Advice on refreshing or manually adding to this list would be appreciated.

7 Replies

Reply to Thread
0
Kyle Kerst Replied
Employee Post
Hello and good afternoon. SmarterMail pulls the IP information from the Network Interface details within the Windows Registry. So, the public IP not showing in Settings>Bindings would indicate this server is in a NAT (Network Address Translation) configuration, meaning that the network behind this server is translating public IP traffic to private IP traffic. In this case you'll just want to make sure the bindings are set up on that private IP that is associated with the public address. Lastly, you'll also want to make sure you've opened the appropriate ports in both the Windows Firewall and the Azure firewall configuration areas as well. Please let me know if that helps. Have a good one!
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Stephen Clarke Replied
Hi Kyle, thanks for the quick reply, really appreciate it.
Maybe I'm misunderstanding this, I was comparing the SM bindings page with our current setup where we have a standalone VPS (not in Azure).

So maybe I should back up a couple of steps.
I'm planning for the new SM server to be hosted in Azure as the first step of our migration from our existing host. 
I know that Azure initially blocks outgoing port 25, I'm having a dialog with them about that, but I believe incoming port 25 should be open and I'm trying to confirm this.

Let's say the public IP is 1.2.3.4.
I believe everything in Azure is correctly connecting this to the VM.
The NSG and VM WFAS both have incoming 25 open.
From outside, I can RDP to the VM on 1.2.3.4:3389.
But I cannot telnet 1.2.3.4 25

So I moved to testing locally. Within the VM, I can successfully
telnet localhost 25
(and also via internal IP)
but I still cannot 
telnet 1.2.3.4 25

This is what was making me wonder if lack of direct SM binding to this public IP was the difference.
Am I misunderstanding something here?

0
Kyle Kerst Replied
Employee Post
You're very welcome, happy to lend a hand! Based on your follow-up I do think this is firewall or SMTP blocking related as you're able to reach it from the server itself but not the outside, and your RDP ports are working in the same configuration. Azure does block SMTP by default and I am not aware of a way to unblock it, as Azure typically mandates the use of an Outgoing Gateway. Amazon's AWS however, will allow you to remove the SMTP port 25 block once you have your server set up to meet their requirements: 


Let me know what you find out there :)
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Stephen Clarke Replied
Are you saying that, even WITHIN the VM
telnet 1.2.3.4 25
the request would be routed out to the public network and back again, hence affected by firewalls and blocks?
I will check with Azure to see if incoming port 25 should be open, I was sure they only block outgoing.

I'm still curious about the SM bindings page.  Apparently there should be a New button where IP addresses can be added (at your help info link above).  Any idea why it would be hidden in this case?
0
Sébastien Riccio Replied
If 1.2.3.4 is the real (internal) IP of your server attached to the interface, it won't need to go through the gateway and you should be able to telnet to the port.

If 1.2.3.4 is an external IP that is NAT'ed to your server internal IP 2.3.4.5, it will have to go through the gateway and route back.
In that case that means the ports you need to reach on your server have to be forwarded by the gateway/router/firewall doing the NAT.

In the bindings, you will never see your external IP if it's not directly attached to the interfaces. The bindings only shows available local interfaces.
You have to bind the ports on your internal IPs.

That's not specific to SM, it's how network... works, when you're using an internal IP that is mapped externally to an ... external IP.

Sébastien Riccio
System & Network Admin

1
Stephen Clarke Replied
Kyle, Sebastian, thanks.  Really appreciate the support.

So it looks an Azure restriction after all.  But I thought they still left incoming 25 open by default.

I will follow up with them and let you know how I get on.


0
Kyle Kerst Replied
Employee Post
You're very welcome, happy to lend a hand! In my experience Azure doesn't allow any outbound SMTP on port 25, and you would need to implement an outgoing gateway to route the email out of the server successfully. I hope this has been helpful. Have a good one!
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread