I have a client with a rather standard email configuration requirement but I do not see a step-by-step outlined in any of the help files or PDFs posted. I have tried so many different setups that I have forgotten pretty much everthing I have tried and its all a big jumble rolling around in my head at the moment. Wingate is prbably so screwed up with all my tinkering that I'll have to start over but I'm more than willing to do that if I can get the email working quickly (they are running out of patience) I am very new to WinGate so maybe I'm just missing something obvious. In any case, here are the requirements:
They have an office with about 25 users. Bandwidth to the office is by DSL from one of the big telephone companies. The phone company will not provide DNS.
They have an ISP that handles their email (individual POP3 accounts) The ISP also supplies a web interface so they can access and send mail remotely. Can't and don't want to change that.
The ISP has the Internet DNS and supplies the necessary reverse pointers etc. He will add/change DNS as needed.
POP3 collection is not an option.
They want to use the added anti-virus and anti-SPAM capabilities of WinGate.
The ISP's SMTP and POP3 servers requires all users to log in before it will deliver or accept mail for remote delivery. The ISP is willing to relay email from a static IP address (which the office has) but would rather not.
Does anyone have a step-by-step I could follow?
Many, Many Thanks,
Randall
Wingate mail
Moderator: Qbik Staff
6 posts
• Page 1 of 1
Re: Wingate mail
by adrien » Dec 17 08 10:23 am
OK, so the ISP hosts the mail, and you don't want to change that, so I'm wondering how you see WinGate fitting into that mix, if the mail will still be hosted at the ISP and you don't want to use POP3 collection.
Do you want
1. WinGate to first receive the mail, then forward it to the ISP? or
2. the ISP to relay mail for the domain to WinGate which then relays it straight back?
If you want WinGate to be the first port of call for inbound mail for the domain, then the DNS administrator for the domain needs to set the domain MX record to the IP of your WinGate. Then WinGate needs to be configured to receive mail for that domain. If you then want WinGate to forward that mail out, just tell WinGate that that domain is hosted on another server (the ISP). You can set username/pass per server for outbound, so WinGate can log into your ISP mail server.
Pretty much the same scenario for 2 except for the MX setup - it would stay at the ISP (ISP server would be the one receiving the mail initially).
Do you want
1. WinGate to first receive the mail, then forward it to the ISP? or
2. the ISP to relay mail for the domain to WinGate which then relays it straight back?
If you want WinGate to be the first port of call for inbound mail for the domain, then the DNS administrator for the domain needs to set the domain MX record to the IP of your WinGate. Then WinGate needs to be configured to receive mail for that domain. If you then want WinGate to forward that mail out, just tell WinGate that that domain is hosted on another server (the ISP). You can set username/pass per server for outbound, so WinGate can log into your ISP mail server.
Pretty much the same scenario for 2 except for the MX setup - it would stay at the ISP (ISP server would be the one receiving the mail initially).
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Wingate mail
by Randall » Dec 18 08 6:06 am
The ISP's email server is the main email server for several reasons. Better up time, more bandwidth, better web interface, easier to admin etc. This is a very common setup except that the local email is usually Exchange or a third party package. In this case we want to use Wingate because of the plug-ins, the ISP does not supply any anti-virus or anti-SPAM. The ISP email is set up just fine, the DNS pointers and reverse pointers are fine and everything on that end is working and has been for years. If we need to change any DNS, we can do so, but the pointers and MX records are not the problem, the wingate setup is what I need help with.
We want to use the ISP email to accept email from the internet and store it for delivery to the users either through Wingate or via the web interface. We want the ISP email to be the gateway for the outgoing email. We can bypass Wingate SMTP but according to one of the help files, if we disable SMTP, the plugins can not be used for incoming email.
All this should be very simple but I can not get any consistent results. Some accounts can send but not recieve, some accounts can receive but not send, some accounts can do neither. All machines are running XP Pro, some have SP2 and some have SP3 but that shouldn't make any difference should it?
Everyone gets to the Internet just fine, FTP works as does DNS and all the other TCP protocols. But we have had to disable POP3 and SMTP to consistently get and send email. Extra anti-virus and SPAM protection is the biggest reason we want Wingate. There are other reasons, we want to block games and ebay and ipod.
I setup the user name on the client according to the wingate help file - 'User#mail.domain.com' - it works on some, not on others. Sounds like DNS doesn't it? But if it is, I can't find it. Even on the ones that don't work, a ping to 'mail.domain.com' resolves to the proper IP address.
I've obviously got something jumbled on the Wingate server. Help!!!
We want to use the ISP email to accept email from the internet and store it for delivery to the users either through Wingate or via the web interface. We want the ISP email to be the gateway for the outgoing email. We can bypass Wingate SMTP but according to one of the help files, if we disable SMTP, the plugins can not be used for incoming email.
All this should be very simple but I can not get any consistent results. Some accounts can send but not recieve, some accounts can receive but not send, some accounts can do neither. All machines are running XP Pro, some have SP2 and some have SP3 but that shouldn't make any difference should it?
Everyone gets to the Internet just fine, FTP works as does DNS and all the other TCP protocols. But we have had to disable POP3 and SMTP to consistently get and send email. Extra anti-virus and SPAM protection is the biggest reason we want Wingate. There are other reasons, we want to block games and ebay and ipod.
I setup the user name on the client according to the wingate help file - 'User#mail.domain.com' - it works on some, not on others. Sounds like DNS doesn't it? But if it is, I can't find it. Even on the ones that don't work, a ping to 'mail.domain.com' resolves to the proper IP address.
I've obviously got something jumbled on the Wingate server. Help!!!
- Randall
- Posts: 3
- Joined: Dec 17 08 6:46 am
Re: Wingate mail
by adrien » Dec 18 08 12:11 pm
Hi
If incoming mail from the internet goes to your ISP mail server, and sits there, waiting to be either
a) read over their web interface
b) retrieved with POP3 from somewhere outside your LAN
c) retrieved with POP3 from somewhere inside your LAN via WinGate
then the mail sitting in the mailbox on the ISP won't be filtered for viruses or anything. People accessing the mail via webmail or POP3 but not going through WinGate would be vulnerable to that.
One option if your ISP is up for is, is if they can forward all received mail to WinGate (whether it's up or not doesn't matter, it will be spooled), and then only deliver it to a local POP3 mailbox if it then receives it back from WinGate. This may or may not be possible.
Otherwise all you can do using WinGate is filter POP3 retrieval using the POP3 proxy. This isn't ideal for a number of reasons, and won't remove any spam.
There are several ways to use the POP3 proxy, it can intercept connections via POP3 clients to POP3 servers (so no need for user#domain), or you can configure the clients to connect to it directly. Depending on the client and server however, it only works with plaintext authentication, since the servername is multiplexed into the username and with no username, there's nowhere to put the servername.
Normal setup actually if you have a static IP, would be to set up your WinGate as primary MX for the domain, and your ISP as secondary. If your link is down, then the mail will be spooled at your ISP, and it will keep trying to send it to the primary, so when you come back up, you'll get the mail. Then local users just use POP3 to local WinGate. If you want to, you can also use a web-based IMAP solution to access mail via the web - just set users to use IMAP instead of POP3 (it's much better in many ways, a bit slower, but you get folders, and mail synchronisation). We use squirrelmail for this, but there's also a free product called RoundCube.
The downside to this is access to mail from externally is back down your link.
If incoming mail from the internet goes to your ISP mail server, and sits there, waiting to be either
a) read over their web interface
b) retrieved with POP3 from somewhere outside your LAN
c) retrieved with POP3 from somewhere inside your LAN via WinGate
then the mail sitting in the mailbox on the ISP won't be filtered for viruses or anything. People accessing the mail via webmail or POP3 but not going through WinGate would be vulnerable to that.
One option if your ISP is up for is, is if they can forward all received mail to WinGate (whether it's up or not doesn't matter, it will be spooled), and then only deliver it to a local POP3 mailbox if it then receives it back from WinGate. This may or may not be possible.
Otherwise all you can do using WinGate is filter POP3 retrieval using the POP3 proxy. This isn't ideal for a number of reasons, and won't remove any spam.
There are several ways to use the POP3 proxy, it can intercept connections via POP3 clients to POP3 servers (so no need for user#domain), or you can configure the clients to connect to it directly. Depending on the client and server however, it only works with plaintext authentication, since the servername is multiplexed into the username and with no username, there's nowhere to put the servername.
Normal setup actually if you have a static IP, would be to set up your WinGate as primary MX for the domain, and your ISP as secondary. If your link is down, then the mail will be spooled at your ISP, and it will keep trying to send it to the primary, so when you come back up, you'll get the mail. Then local users just use POP3 to local WinGate. If you want to, you can also use a web-based IMAP solution to access mail via the web - just set users to use IMAP instead of POP3 (it's much better in many ways, a bit slower, but you get folders, and mail synchronisation). We use squirrelmail for this, but there's also a free product called RoundCube.
The downside to this is access to mail from externally is back down your link.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Wingate mail
by Randall » Dec 18 08 5:40 pm
OK, now we are getting somewhere - we can not make wingate the primary MX because we can't get a reverse DNS pointer assigned to the IP and that means many domains will reject their mail as spam. It can however be a secondary or a peer or a domain forward or a spool.
What is the best way to filter SPAM and viruses from incoming email? and can the spam be sent to a spam account rather than being deleted? What plugins are available for anti-spam?
Thanks again,
Randall
What is the best way to filter SPAM and viruses from incoming email? and can the spam be sent to a spam account rather than being deleted? What plugins are available for anti-spam?
Thanks again,
Randall
- Randall
- Posts: 3
- Joined: Dec 17 08 6:46 am
Re: Wingate mail
by adrien » Dec 18 08 6:13 pm
you don't need reverse DNS to receive incoming mail, so there's nothing stopping WinGate from being primary for incoming, but still sending outbound mail out through the ISP.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 22 guests