TCP Mapping on port 25

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
nicolatiana

TCP Mapping on port 25

Nov 11 09 5:37 am

My wishes:

- Wingate 6.xx + Ens - Windows Server 2003 multihomed: one Wan card with public IP and one Lan card with private IP

- incoming mail is redirected by wingate port 25 on ESVA server on ip 192.168.0.252:25; ESVA processes e-mail and send to a Groupwise server on 192.168.0.126: on ENS obtained with hole on port 25 and redirection to 192.168.0.252:25 - working;

- outgoing mail: Groupwise talks directly with destination servers; Wingate server is the default gateway, inside ENS port 25 is allowed to connect from Lan to internet, NAT is enabled: working but non good beacause all Lan client can connect to internet via port 25;

- built a blank tcp mapping on port 25 with a location policy to exclude unwanted ip's: it seems working only if enable transparent proxy on port 25: maybe it works but this override incoming port 25 redirection to 192.168.0.252:25; i try to delete and recreate but at each server restart the configuration is overwritten.

Is this correct ? How can I modify ?

Bye

Nicola Tiana
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: TCP Mapping on port 25

Nov 13 09 11:34 am

Hi

Services that are configured to intercept connections automatically create port redirect rules, and these will override existing rules.

The rules they create depend on the binding rules for that service.

So if your TCP mapping is creating a redirect rule in the table "Connections from the internet", then is the TCP mapping proxy also bound to this external adapter?

Regards

Adrien
nicolatiana

Re: TCP Mapping on port 25

Nov 14 09 6:08 am

Many thanks for Your reply.

Actually I did not consider to unbind Wan adapter. Ill' try it as an exercise: in the mean time I killed TCP port 25 traffic with an IPSEC Domain Group Policy: all of my SMTP services work on Netware or Linux, Groupwise Client uses port 1677, POP/SMTP account on local machines are not allowed or working with IMAP-IMAPS-POPS-SMTPS, so there is no reason my Windows machines act as mail server listening/sending on port 25.

Consider that my problem has grew-up after a mass-mailer worm has infected a network pc (90% from the web): the worm have bypassed KAV plugin with the customer license subscrition expired on april 2009 . . . !!!. Puresight license was equally expired.
Can You consider with Your Sales department to send an e-mail to alert customers about expiring of their licenses ?

Bye

Nicola
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index