WinGate Forums

[mkobald]

I am connecting to wingate mail server from outside the network using SSL on port 995 for incoming, and non SSL on port 25 for outgoing. I allow relaying for trusted users.

When I send and receive I am authenticated and can receive my email just fine. I can also send email. But if I include an email attachment I get "relaying denied" most of the time, not always.

Why would this be?

[adrien]

That's pretty odd.

Can you please enable debug logging for the SMTP server, and post the log entries for when this happens?

Adrien

[mkobald]

I enabled debug logging and it showed me the user was connected as guest not as a user.

Why would this be if I set Outlook to use the same login for the outgoing server as for the incoming?

[adrien]

It's possible that Outlook is not actually authenticating. Depending on which user database you are using in WinGate - Outlook only supports NTLM authentication which isn't available if you are using WinGate's user database.

Which POP3 server are you using - one in WinGate?

Adrien

[mkobald]

We are using Outlook and Outlook Express clients and the Wingate user database.

It does seem to always properly authenticate with the POP3 server when mail is retrieved. The problem arises when sending mail.

[adrien]

so which POP3 server?

Adrien

[mkobald]

We're using the Wingate POP3 server.

[adrien]

ah ok.

I think what is happening is this then. When a user checks their mail with POP3 from externally, their IP address is associated with their username.

When they then connect with SMTP to send, if they do it within 20s of the POP3 connection, then they are still assumed to be that user, and are trusted by the SMTP server - that means they can relay.

If a longer period of time elapses, they are not assumed to be that user any more, and SMTP will treat them as untrusted, and they won't be able to send mail to anywhere that WinGate doesn't deem to be a local address.

To fix this, you need to get Outlook properly authenticating for SMTP. This will most likely require you to use the Windows User database in WinGate. Are you on an active directory there?

Adrien

[mkobald]

Yes, we have an active directory server for our domain.

How do we make use of this now that I've set up the users in the Wingate database?

[mkobald]

By the way, we are running Wingate on a Win 98 system. I don't know what active directory features will or will not available on the OS but I don't see any reference to allowing active directory authentication or importing a AD user database as suggested is possible in your documentation.

Would it be worthwhile upgrading this to Win2K or XP?

[adrien]

Hi

Windows 95,98 and ME don't have user databases as part of the OS, so to use the Windows user database which is required for NTLM authentication you would need to move to a NT-based system (NT4, 2000, XP Professional or 2003).

There could be a way to make POP3 before SMTP work better for you though - WinGate 6.1 added some registry control over how long the machine records remain active in WinGate after all their sessions are closed. You could increase the value from the current default of 20s to say 600s, so that within 10 minutes of checking mail, your users would be able to send.

The registry value for this is

HKEY_LOCAL_MACHINE\Software\Qbik Software\WinGate\Settings

Value name is "MachineTimeout", it's a DWORD value in seconds.

Adrien

[mkobald]

OK, Thanks. I'll try that.

[mkobald]

I didn't find a value for MachineTimeout under Settings. If its not there should I just add it?

[adrien]

Yes, you will need to add it.

Cheers

Adrien

[adrien]

I just added support for the SASL LOGIN mechanism for the SMTP server.

This will allow Outlook to authenticate with the SMTP server without having to run the Windows user database. We are looking to put a new release out later this week - this feature will be in it.

Regards

Adrien