WinGate Forums

[Jason Dax]

maybe you guys can help me with this. I'm using wingate as POP3/SMTP server. Some user use to travel around the world, and want to keep checking their emails trough Internet. I setup a webmail server, in the same wingate pc. I enable the www proxy server, and use it to serve request. But I'm having security problems with this. Every time I enable the www proxy, in some way the proxy is used by externeals/unknown to send spam. So, my ISP block my ip and I can't receive mails.

The question is, which would be the perfect setup for the proxy, so the users can only check the webmail and nothing else? How can I block this kind of abuse in my proxy?

I'm not an expert in this, so, I pass it to you. I appreciate the help you can give me.

Regards

PD: Excuse my English. I'm not an expert in this, either. :)

[javila]

First of all, you can set up your SMTP/POP3 wingate services instead of that webmail server.
Next, and resuming the detailed explanation below, the main aspect of publishing you services to internet is the user authentication method, get foused on that and make as many test as you can to avoid spammers and security issues.

if you want to grant access only to your traveler users:

- define well the access policies on the WWW proxy server (in policies make everybody to me authenticatedd)
- Before that define well your users and their logging password options on the wingate users section.
- On the email properties check the Open Relay Detection checkbox
- On the SMTP server properties make double-sure that the everybody be authenticated option be enabeled and the defaults rights be ignored.

I hope this can be helpful, I will be tracking your progress.

Javier

[Jason Dax]

Tnx, Javila, for your fast answer.

Maybe I wasn't clear enough: I do use SMTP/POP3 wingate services. The Webmail server is just to see the mails trough any web browser, trough any ISP. Only one user travel with their laptop, an use SMTP/POP3 directly. Everyone else use any browser to check/reply mails.

The webmail softw wait incoming conexions in a specific port (defined by myself). When a user request this service, through a Web page I have defined (wingate serving web requests), shows the mails in html format.

So, as requests are coming from any ISP, I can't use autentications in www proxy server. Or maybe I can, but I don't know how to do it.

This is the root of the problem.

Hope you can help me.

Regards.

[javila]

Well to open the www proxy server you have to create or assign users (it is probabbly that you already had it).

go to the service on the 'services' tab of the gatekeeper>properties>policies>add (button) and add the user (specify user or group) that is going to access your www proxy server from outside and then check the 'user must be authenticated' radio button. 'OK'
On the 'Bindings' tab of the WWW proxy Service properties select the 'allow connection comming on nay interfase' radio buton and goto the 'generl' tab and select the 'use java client authentication as required by policies' check button. 'Apply'. 'OK'.
Now you got the 80 port open from your server listening to connections from your 'travel' users and only them will be authorized (via an java authentication window) to access the wingate server and navigate trought the webmail server that I understand it is installed on your server.
Hope this works.

Javier.

[Mendoza]

Best config for proxy server in Wingate is.....Squid for Windows NT.
You can do a transparent redir with the proxy server to squid or just squid.
It works much faster and better.No more socket errors and time outs
My advice:disable proxy and caching and install Squid, at least until Wingate staff come up with a stable solution