Re: POP Proxy Help

From: Adaptrx (adaptr@adaptr.xs4all.nl)
Date: 01/31/02 

From: "Adaptrx" <adaptr@adaptr.xs4all.nl>
Date: Thu, 31 Jan 2002 21:47:12 +0100

"Stacey Sharp" <stacey@emservicesinc.com> wrote in message
news:LSc68.5433$E4.375829@e3500-atl2.usenetserver.com...
> Hey Guys,
>
> I hope this question isn't too complex, I need serious help and fast.
I've
> built a Proxy Server with RHL7.2 and Squid 2.4STABLE2. The server works
> perfect and it's authenticating users. All workstations are Win 98/NT
> (Outlook & Express). But I can't get email to pass thru the proxy. I've
> found a couple programs like pop3.proxy, tcpproxy, and smtpproxy, but the
> instructions are really vague and short. I can't make them work. I
really
> need this problem solved today, but as soon as possible will be just fine.
> How can I get email proxied thru this proxy? I'm really under the gun
here.
> Help!

Well, Stacey, let' see....
First off, let me set a bit of background by explaining that you generally
DO NOT send mail thru a proxy of any kind - this has no meaning, you either
:
a. ) forward the mail from the clients to the internet, or
b.) simply connect directly to an outside mailserver from your Windows
clients, bypassing the proxyserver altogether.
You DO need to have NAT routing configured to do this, though.. which is a
different subject entirely.

since a mail (smtp or pop3) connection is a dedicated 2-way link (both
parties need to know who they're talking to)
you cannot use any kind of web or ftp proxy that usually allows semi- or
completely-anonymous connections - as is the case with Squid.

So, it boils down to this :
- do you use the proxy-server (or gateway might be a better term) to
actually send and receive e-mail itself, i.e. does it have (and use!) its
own mailserver ?
if so, you need to configure THAT - and it might or might not be a simple
matter - depending on several factors such as : do you have a real domain
you can use ?
do you have a permanent connection that can accept e-mail from outside ?

if so, setting up sendmail (shipped with RH7.2) is quite a simple matter -
use mailconf for that, and be sure to fill in both the forwarding smtp
server, i.e. your ISp's smtp-relay, as well as the machines that may send
you mail, which would generally be the same server at your ISP's side
when this works, any user on the proxyserver can send and receive mail VIA
the proxy server's mailserver - no proxying required or wanted

if you don't run your own mailserver, you have to have a way of sending
packets from the client machines thru to the internet to reach the
mailserver(s) you use
the easiest way to do this would be to use the kernel iptables packet
filtering framework - it's VERY powerful

if you're not scared of a little experimentation, you might try the
following :

iptables -t nat -P DENY
iptables -t nat -A POSTROUTING -s INTERNAL_NET -d ! INTERNAL_NET -dport
25 -o EXTERNAL_INTERFACE -j SNAT --to-source EXTERNAL_IPADDRESS
iptables -t nat -A POSTROUTING -s INTERNAL_NET -d ! INTERNAL_NET -dport
110 -o EXTERNAL_INTERFACE -j SNAT --to-source EXTERNAL_IPADDRESS

where : INTERNAL_NET is the designation (aaa.bbb.ccc.ddd/mask) of your
internal network
            EXTERNAL_INTERFACE is the interface that connects to the
internet (e.g. eth1 or ppp0)
            EXTERNAL_IPADDRESS is the address of the interface that connects
to the outside world

mind you, this ONLY allows smtp and pop3 connections from INSIDE to
OUTSIDE - no other connections thru the proxy will be possible for your
clients
but this is not really a problem, as the table you modify with these
commands only affects ROUTED packets, not packets that come from or go to
the proxy itself..

>
> Thanks in Advance
>
> Stacey Sharp
>

You're welcome ;-)

Relevant Pages

  • RE: ActiveSync Error with SBS2003 and ISA2004
    ... To check if the proxy server is used for connection: ... On the PPC, click start -> settings, on the connections tab, open ...
    (microsoft.public.windows.server.sbs)
  • Re: VB app connect THROUGH proxy to a remote SQL database
    ... The whole "HTTP proxy is way more secure than allowing outgoing ... the client app and the SQL server are on ... incoming connections to the SQL server are not the problem - it's ...
    (microsoft.public.dotnet.languages.vb)
  • Re: ISA Server Problems, please help
    ... Based on the rules you have listed, SecureNAT clients should only be allowed ... The All access rule for SBS Internet Users ... Web Proxy and/or Firewall Client ... > header to the publishing server instead of the actual one. ...
    (microsoft.public.windows.server.sbs)
  • RE: Simple ISA 2004 questions
    ... You'd better create a new GPO for IE proxy, ... Run "gpmc.msc" in SBS server, ... ISA Server 2004 Query can give you some help. ... In the Microsoft Internet Security and Acceleration Server 2004 console, ...
    (microsoft.public.windows.server.sbs)
  • Re: 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED bei 2 Servern von 6
    ... Ich habe mir nun auf einem Server, der sich bei MS Updateservices bedienen konnte, WSUS installiert. ... Log Time Client IP Destination IP Destination Port Protocol Action Rule Client Username Source Network Destination Network HTTP Method URL Error Information HTTP Status Code Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy ... Connection Unrestricted Internet access anonymous Internal External HEAD ...
    (microsoft.public.de.german.isaserver)