Hi!
I need some advice for my particular mail configuration.
Wingate machine has 3 NICs. One is connected to internal network and two others - to internet routers. We have two different lines, one SDSL for faster uploads (FTP and SMTP) and another - ADSL for faster downloads (HTTP).
We have many mailboxes that are hosted on external providers. It was easy for internal mail clients to receive mails using POP3 Proxy service. But now all our providers are going to allow SSL connections only (port 995) and disallow unencrypted connections (port 110). As the result - POP3 Proxy will not work anymore. That's why we have to change a way our clients receive mails.
We have set internal mailserver on internal LAN segment. Now mail clients are connected to this internal mail server. Wingate is able to check external mailboxes (SSL, port 995) with pop3 collection service and delivers mails to internal mailserver. This works fine, BUT there is a problem with outgoing mails.
WinGate also sends our outgoing (outbounding) mails. And Wingate has to use for sending only SDSL connection and not to use ADSL line for this (because of external IP adress, reverse DNS lookup, A-Record and HELO WinGate setting). Before i listed only this SDSL interface in tab Gateways in SMTP delivery service settings. And everything worked fine - outgoing mails were sent over SDSL line.
But in this case mails collected with POP3 collection service can't be delivered to internal mail server because SMTP delivery service is set to use particular external NIC for delivery, and this is not an internal NIC. So i have to set "Use any available connection" in Gateways tab of SMTP delivery service. So incoming mails can be delivered to internal mail server. But in this case our outgoing mails can be sent over ADSL line. And this is what i have to avoid.
Is there any possibility to forbid SMTP delivery service to use particular gateway? Or may be someone has another Idea? Do i miss something in WinGate Email configuration?
Thanks
Goff
SMTP delivery service
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Re: SMTP delivery service
by adrien » Feb 14 14 10:57 am
Hi
basically it sounds like you need to keep your current config for all domains except the one used for internal mail, and that needs to go to a different server. But that server can't be reached when you have the gateway set.
So I guess you need an option like "don't use this gateway for local mail".
It's possible to set gateway in flow-chart policy. But we don't have a suitable event to hook to - I will add an event "SMTP Delivery Service: NewJob" so you can check what the destination domain is, and alter delivery configuration.
Alternatively I guess we could add support for multiple SMTP delivery services, and allow specifying which one to use by default, and allow specification of which one to use for delivery on a domain / address handler basis.
One alternative I'm thinking. Do all your email clients use the same provider? You could use a TCP mapping proxy instead of the POP3 proxy. That allows you to specify using SSL for upstream connections. It also allows you to map different user IPs to different servers. Then you wouldn't use POP3 collection.
Or is this all so you can scan POP3 with AV etc?
Regards
Adrien
basically it sounds like you need to keep your current config for all domains except the one used for internal mail, and that needs to go to a different server. But that server can't be reached when you have the gateway set.
So I guess you need an option like "don't use this gateway for local mail".
It's possible to set gateway in flow-chart policy. But we don't have a suitable event to hook to - I will add an event "SMTP Delivery Service: NewJob" so you can check what the destination domain is, and alter delivery configuration.
Alternatively I guess we could add support for multiple SMTP delivery services, and allow specifying which one to use by default, and allow specification of which one to use for delivery on a domain / address handler basis.
One alternative I'm thinking. Do all your email clients use the same provider? You could use a TCP mapping proxy instead of the POP3 proxy. That allows you to specify using SSL for upstream connections. It also allows you to map different user IPs to different servers. Then you wouldn't use POP3 collection.
Or is this all so you can scan POP3 with AV etc?
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: SMTP delivery service
by adrien » Feb 14 14 11:01 am
Hi
one other option may be just to increase metric on your other internet connections, and remove the gateway setting from SMTP delivery.
When there's no gateway setting, WinGate lets the OS choose local IP to bind to, and which interface to use based on the system route table.
the OS will choose the lowest metric, so for outbound mail, it would then choose the SDSL link, and bind to that adapter, but for local mail inbound to your internal server, it would find a route to that, so wouldn't use the default gateway, and would therefore bind to the local IP on the same network as the internal server.
Regards
Adrien
one other option may be just to increase metric on your other internet connections, and remove the gateway setting from SMTP delivery.
When there's no gateway setting, WinGate lets the OS choose local IP to bind to, and which interface to use based on the system route table.
the OS will choose the lowest metric, so for outbound mail, it would then choose the SDSL link, and bind to that adapter, but for local mail inbound to your internal server, it would find a route to that, so wouldn't use the default gateway, and would therefore bind to the local IP on the same network as the internal server.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: SMTP delivery service
by RM_Goff » Feb 14 14 11:54 am
Thank you for your fast reply, Adrien!
Yes, you understood a problem correctly. I was afraid of my bad English and if the problem was described clearly.
Multiple instances of SMTP delivery services will help, and idea to control delivery through policy sounds really good.
We have 3 email providers and i thought already about TCP mapping (3 services on different ports for each provider), but i really love to scan Email traffic with AV)))
But idea to alter metric in routing table is brilliant! Thank You! This really helps to solve this problem fast and easy.
my respectful greetings
Goff
Yes, you understood a problem correctly. I was afraid of my bad English and if the problem was described clearly.
Multiple instances of SMTP delivery services will help, and idea to control delivery through policy sounds really good.
We have 3 email providers and i thought already about TCP mapping (3 services on different ports for each provider), but i really love to scan Email traffic with AV)))
But idea to alter metric in routing table is brilliant! Thank You! This really helps to solve this problem fast and easy.
my respectful greetings
Goff
- RM_Goff
- Posts: 27
- Joined: Jun 19 13 10:43 am
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 27 guests