is it possible to add a feature where the smtp server will only relay email if the receipient is an email account being hosted on the wingate server machine?
for example, the wingate machine is known to the internet as "blah.com", and the email server will only relay incoming (from internet) emails if they are addressed to *@blah.com.
i'm asking because i notice my email server is being used by external addresses to send out emails to elsewhere - of which i think are all spam emails. and if i disable email relaying for incoming internet emails, the local users won't be able to receive emails coming from the internet.
hope i get my message across.
feature request for email server
Moderator: Qbik Staff
12 posts
• Page 1 of 1
feature request for email server
by saddy » Jun 20 04 8:45 pm
- saddy
- Posts: 13
- Joined: Jun 10 04 2:30 am
by MattP » Jun 21 04 4:26 pm
Hi,
Turning off relaying should not affect the incoming mail for your domain. If you allow your email server to be used as a relay then you will be blacklisted so you should turn off "allow relaying" immediately.
If you have set up your email server correctly then turning off the relaying will not stop the incoming email. Have you had a look at the email server setup document on our website? You can download it here...
http://www.wingate.com/files/Mail_Serve ... narios.pdf
Regards,
Matt
Turning off relaying should not affect the incoming mail for your domain. If you allow your email server to be used as a relay then you will be blacklisted so you should turn off "allow relaying" immediately.
If you have set up your email server correctly then turning off the relaying will not stop the incoming email. Have you had a look at the email server setup document on our website? You can download it here...
http://www.wingate.com/files/Mail_Serve ... narios.pdf
Regards,
Matt
- MattP
- Qbik Staff
- Posts: 991
- Joined: Sep 08 03 4:30 pm
by saddy » Jun 22 04 8:05 am
thanks.
now it works when i enter my hostname into the "server domain name" under the security tab.
one more little question, how do i stop wingate from flashing in the systray whenever it blocks a relay attempt? it can be quite annoying when it occurs every 20 mins or so.
by the way, i am using v6 (942). great version, but has this issue:
http://forums.qbik.com/viewtopic.php?t=1986
:)
now it works when i enter my hostname into the "server domain name" under the security tab.
one more little question, how do i stop wingate from flashing in the systray whenever it blocks a relay attempt? it can be quite annoying when it occurs every 20 mins or so.
by the way, i am using v6 (942). great version, but has this issue:
http://forums.qbik.com/viewtopic.php?t=1986
:)
- saddy
- Posts: 13
- Joined: Jun 10 04 2:30 am
by MattP » Jun 22 04 9:05 am
Gidday,
Glad to hear that you got the email working, it's best not to be a relay :-)
We will try and add an option to turn off the systray envelope for the version 6 release, you're not the only one who doesn't like it!
I've forwarded your other forum post to Gene, he's our driver guy and he'll look into the compatibility issue, thanks for bringing it to our attention.
Regards,
Matt
Glad to hear that you got the email working, it's best not to be a relay :-)
We will try and add an option to turn off the systray envelope for the version 6 release, you're not the only one who doesn't like it!
I've forwarded your other forum post to Gene, he's our driver guy and he'll look into the compatibility issue, thanks for bringing it to our attention.
Regards,
Matt
- MattP
- Qbik Staff
- Posts: 991
- Joined: Sep 08 03 4:30 pm
by saddy » Jun 27 04 5:04 am
hmm, i remember why i set it to relay now.
when i set the email program to send out an email using the hostname (eg, smtp.abc.com), i will get a blocked relay attempt. it will be fine if i set it to 'localhost' instead.
but a lot of times, a user may want to send email from a remote machine (eg, his laptop connected to another network), and he can only use smtp.abc.com in order to reach the smtp server.
how do i get around that without letting a non-user (spammer) relay through my smtp server?
when i set the email program to send out an email using the hostname (eg, smtp.abc.com), i will get a blocked relay attempt. it will be fine if i set it to 'localhost' instead.
but a lot of times, a user may want to send email from a remote machine (eg, his laptop connected to another network), and he can only use smtp.abc.com in order to reach the smtp server.
how do i get around that without letting a non-user (spammer) relay through my smtp server?
- saddy
- Posts: 13
- Joined: Jun 10 04 2:30 am
by adrien » Jun 27 04 5:13 pm
Basically we work on the basis that you don't want untrusted email senders relaying back out of your server.
So if you do have some users that you want to be able to use your server to send mail external to your network (incoming to your network doesn't matter), then there are 2 options.
1. Get the user trusted somehow. There are several options for this:
a) get them to use SMTP authentication - WinGate supports several options, depending on which email client your users are using and what user database you are using in WinGate.
b) add an assumption for their IP address, so they are assumed to be someone
c) get them to log in with something else first.
2. If these users are predominantly trying to send to a single place, you could simply create a domain for that place, and set it to be hosted on another server. Then WinGate will receive the mail as if it were local mail, yet then forward the mail out. This makes you a relay server for that domain only.
Adrien
So if you do have some users that you want to be able to use your server to send mail external to your network (incoming to your network doesn't matter), then there are 2 options.
1. Get the user trusted somehow. There are several options for this:
a) get them to use SMTP authentication - WinGate supports several options, depending on which email client your users are using and what user database you are using in WinGate.
b) add an assumption for their IP address, so they are assumed to be someone
c) get them to log in with something else first.
2. If these users are predominantly trying to send to a single place, you could simply create a domain for that place, and set it to be hosted on another server. Then WinGate will receive the mail as if it were local mail, yet then forward the mail out. This makes you a relay server for that domain only.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by saddy » Jun 27 04 10:22 pm
thanks for the reply.
although i understand what you are saying, but i have to admit i am not that good with knowing where to start in getting smtp authentication up.
if i do use smtp authentication, will non-users (sender with non-local hostname address) still be able to send emails to the users (local hostname address)? since the receipient is always bearing the hostname of the local machine, can i assume it shouldn't be a problem?
although i understand what you are saying, but i have to admit i am not that good with knowing where to start in getting smtp authentication up.
if i do use smtp authentication, will non-users (sender with non-local hostname address) still be able to send emails to the users (local hostname address)? since the receipient is always bearing the hostname of the local machine, can i assume it shouldn't be a problem?
- saddy
- Posts: 13
- Joined: Jun 10 04 2:30 am
by adrien » Jun 28 04 3:54 pm
local users wont need to authenticate, because if they connect into WinGate on an interface marked as internal, then they will be trusted.
It is only people connecting on an external interface that would need to authenticate.
What email clients are people using?
Outlook can authenticate with NTLM (Secure Password Authentication) which requires the NT user database to be the one used in WinGate. WinGate 6.0 beta 3 now also supports secure connections for Outlook (SPOP and secure SMTP) by assigning another binding policy in the POP3 server, on port 995 (I think) using SSL, and same on another port for the SMTP server.
Eudora has several options, including CRAM-MD5
Other clients have other options.
Adrien
It is only people connecting on an external interface that would need to authenticate.
What email clients are people using?
Outlook can authenticate with NTLM (Secure Password Authentication) which requires the NT user database to be the one used in WinGate. WinGate 6.0 beta 3 now also supports secure connections for Outlook (SPOP and secure SMTP) by assigning another binding policy in the POP3 server, on port 995 (I think) using SSL, and same on another port for the SMTP server.
Eudora has several options, including CRAM-MD5
Other clients have other options.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by saddy » Jun 29 04 11:35 am
thanks for the reply again (wish every software vendor is like this).
most of my family are using eudora.
is there a step-by-step guide available to setting up authentication for pop and smtp for connections from an external interface? i think i would need one. :/
i have also tried reading this resource - http://www.wingate.com/resources.php?id=12 - but i still don't feel i understand the actual setup enough to do it without chancing upon disrupting incoming emails (from external) for the local users.
i am also trying to make it as hassle-free as possible on the user's end, such that there will be little configuration needed other than the usual login/password setup.
btw, i am testing beta 3 now.
most of my family are using eudora.
is there a step-by-step guide available to setting up authentication for pop and smtp for connections from an external interface? i think i would need one. :/
i have also tried reading this resource - http://www.wingate.com/resources.php?id=12 - but i still don't feel i understand the actual setup enough to do it without chancing upon disrupting incoming emails (from external) for the local users.
i am also trying to make it as hassle-free as possible on the user's end, such that there will be little configuration needed other than the usual login/password setup.
btw, i am testing beta 3 now.
- saddy
- Posts: 13
- Joined: Jun 10 04 2:30 am
by adrien » Jun 30 04 1:03 am
To enable SMTP authentication in Eudora, go to tools, options, sending mail.
there is only a single checkbox "allow authentication" to select.
Eudora then will use the same username and password that it uses for collecting mail (e.g. POP3). I don't think there is a way to get it to use a different one.
we use Eudora here successfully using the CRAM-MD5 option. This I think is Eudora's preferred method. What that means is that the user database you would need to use in WinGate is the WinGate one, not the OS user database.
Adrien
there is only a single checkbox "allow authentication" to select.
Eudora then will use the same username and password that it uses for collecting mail (e.g. POP3). I don't think there is a way to get it to use a different one.
we use Eudora here successfully using the CRAM-MD5 option. This I think is Eudora's preferred method. What that means is that the user database you would need to use in WinGate is the WinGate one, not the OS user database.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
12 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 9 guests