WinGate Forums

[oliver]

Hallo!

After a server reboot, i got this errors:
h**p://eu.ago.at/2.jpg

But i set up the smtp server as an SMTP Relayer which is not using SMTP Auth.. everybody is allowed to deliver me emails.
h**p://eu.ago.at/1.jpg

How can this be? What can i do to solve this problem?

edit: i am using win server 2003 R2 full patched and Wingate 6.5.2!

[adrien]

Hi

Is the IP address 127.0.0.1 included in the policy for the SMTP service?

Regards

Adrien

[oliver]

Yes it is! h**p://eu.ago.at/3.jpg

----------------------

I have found a very strange fact:
My server needs to be restartet. After the reboot i immediatly log into gatekeeper and there i see that in the first one or two minutes after the server start, the smtp service denys to accept emails by smtp with error "authentification failed" (we know, i dont use smtp auth ^^ )

so, after the two minutes (befor this weekend i belived, that its always a timespan of 1-2 minutes) the emails becomes delivered correctly. if i log out of the remote terminal connection of windows by "start - logoff administrator", the smpt auth failed error comes again. so the problem is not the server restart, the problem is a "not logged-in administrator", if i log-in to windows desktop on the wingate server and open wingate gatekeeper again, the smtp auth error goes away in this moment. but they will come back the next time, when i logoff. but wingate is running as an servive and gatekeeper is only a management console...

if there is no function called "deny smtp, if no admin is logged in to desktop", there must be a BUG i think!

Is there a member of QBIK which wants to take a look at my problem? i can reconstruate this problem and i can show it to the developer team by using teamviewer, netviewer, inquiro or something like that... i need an update to solve this problem, its not funny for our company!

[adrien]

HI

When you connect with GateKeeper, you associate credentials with 127.0.0.1, which means that any policy which requires authentication will be satisfied.

When you disconnect, the policy will no longer be satisfied.

It sounds to me like you have

a) policy in the SMTP server that requires users to be authenticated
b) authentication disabled in the client or mail security settings

So that the client can't auth.

You will need to add a policy to the SMTP server, where access is granted either without restriction, or only for 127.0.0.1

Regards

Adrien

[oliver]

point A) here you can see my smtp policy: h**p://eu.ago.at/5.jpg
i belive, more open it can not be... everyone (may be unkown) can deliver emails to the wingate smtp server, now i choosed under "location" tab: Recipient has rights from everywhere. (instead localhost ip 127.0.0.1) but i still have the same problem. See here to the error: *ttp://eu.ago.at/4.jpg

I cant understand one point: if an administrator is logged in to gatekeeper, wingate smtp needs no smtp auth to accept mails, if the admins close gatekeeper, wingate wants a smtp authentification????? whats the sense of this procedure?

i dont access wingate smtp with a smtp client.

We use hMailserver (Port 25) as our first smtp relay for filtering spams, then it goes to 127.0.0.1:250 (Wingate SMTP on the same server) there we check the emails for virus content. if its clean we send the emails to our exchange organisation (extra servers).

So our Wingate needs only to receive emails on Port 250 from 127.0.0.1:25 and after a virus check it forwards the email to 192.168.100.10:25 (Exchange Bridgehead)

In no way we use SMTP Auth!!!

Point B) There are no "Clients" which takes access to wingate....

[adrien]

Hi

I think basically it's not trusting connections made over localhost interface (even though arguably this is the most trusted interface of all).

If you look in Email settings under trust policy, you'll see there is an entry in there called "trust senders with existing credentials..."

This is why when GateKeeper is connected it is ok.

So the simple option is to add a rule to trust where connected IP address is 127.0.0.1

It reports untrusted relay attempts as auth failures I think.

The reason we have inherited credentials is for things like POP3 before SMTP, or also the Java client in WWW. It associates credentials with an IP address if you auth, then other connections can pass policy that requires authing without themselves having to auth.

[oliver]

ok, i think i get your point with assumed users.

Wingate see there is a gatekeeper session from 127.0.0.1 with administrators credentials, so every thing which comes from 127.0.0.1 is assumed to the administrator user.

But where do you think i can setup this? if you take a look to my screenshot, you see, i dont demand an smtp auth from anywhere.

Thanks for your help adrien!

[adrien]

you'll need to add a trust policy rule to trust 127.0.0.1

You will need to do this under the email settings trust policy.

[oliver]

ok, i did what you say, but i still have the same problem.

h**p://eu.ago.at/7.jpg

[oliver]

solved: user "guest" was not enabled...

thanks to ebertlang support!