Re: configuring mail and NAT with winroute pro

From: bargepole (jbhur@hotmail.com)
Date: 01/12/02 

From: "bargepole" <jbhur@hotmail.com>
Date: Sat, 12 Jan 2002 15:23:18 GMT

Since you're using your ISP's mail services to receive and send mail, you
don't need any port mappings. You only need to map TCP port 25 if you expect
external mail users to initiate a connection directly to your Winroute mail
server. This would be the case if you were hosting your own domain or if you
want external users to relay through the Winroute mail server. Likewise,
unless you have users that are going to retrieve their mail from the
Winroute mail server from locations external to your LAN, you don't need a
TCP port 110 mapping, either.

Depending on your ISP's mail security, you may have to authenticate the
Winroute mail server with your ISP before you can send mail. You'll need to
add this authentication information using a registry editor.

Add or modify the following keys:
HKLM/Software/TinySoftware/Winroute/MailRelayAuth = 1 [string]
HKLM/Software/TinySoftware/Winroute/MailRelayUser = username [string]
HKLM/Software/TinySoftware/Winroute/MailRelayPassword = password [string]

Though it's true that you don't need any rules as you described your system,
I would recommend you prevent any user from connecting to your ISPs mail
server directly. This way, you can maintain a strict schedule as to when
Winroute polls the POP3 accounts and your logs will be accurate If the users
don't know their POP3 account passwords, then they can't set their email
clients to retrieve mail directly. If they do know their account details,
you can prevent them from connecting to the ISP mail server with a couple of
rules.

Incoming
LAN Interface
Deny TCP LANUsers port>1023 -> ISPMail port=110
Deny TCP LANUsers port>1023 -> ISPMail port=25

where "LANUsers" and "ISPMail" are address groups containing the appropriate
addresses.

I believe you got the aliasing right. By making each user's fully qualified
email address an alias for their Winroute mail account, you'll avoid
Winroute sending mail generated from the LAN out to the ISP and then
retrieving it and distributing it to the recipient.

"Bas van den Bosch" <bvdbos@chello.nl> wrote in message
news:QUU%7.3082639$2n1.94668809@Flipper...
>
> Hi there,
>
> I have some questions about configurig winroute pro, hope you can help
> me.
>
> At my offcie I have ten workstations (192.168.0.2-192.168.0.10) which
connect
> through a dialup modem, currently with WR lite with a dynamic ip. The WR
lite
> server has the networkadress 192.168.0.1. All users have a remote
pop3-account
> on our main domainname. For sending mail the smtp of the dialup-isp is
used.
> As you can imagine all email to someone else at the ofiice is routed
through
> the dialup, so not a very economic or quick way. Therefore I would like to
> start using WR PRO.
>
> I would like WR PRO to collect the mail from the remote pop3-boxen (i.c.
> user1@domain.nl) and deliver it to the local accounts of WR PRO. This is
not
> hard to configure.
>
> Everybody is allowed to send email to whoever they want, so when a user
sends
> something to i.c. user@hotmail.com it has to be routed to the smtp of my
> dialup (through WR pro smtp).
>
> Whenever someone sends mail to a user at the office (user1@domain.nl) WR
> PRO has to intercept it and route it directly to a local account
(user1local).
>
> All other internet trafic (http, ftp etc etc) outbound internet trafic is
> allowed for now. There are no other servers active at the moment. In the
> future there will be some servers, at first for internal use, later for
> external use too (when we have a permanent connection).
>
> I would like to make it as easy as possible for the users, so, if
possible,
> they can use the same emailadress for every internal user, wether they
> send it from inside the office or from outside. only have to use one
> emailadress for each internal user (no naming local email adresses).
>
> Do I have the right settings for my system when:
>
> port mapping:
> * port: 25 - listen ip: unspecified - protocol: tcp
> destination ip:192.168.0.1 - port 25
> * port 110 listen ip: unspecified - protocol: tcp
> destination ip:192.168.0.1 - port 110
>
> aliasses:
> * alias user1@domain.nl deliver to user1local
> * alias user2@domain.nl deliver to user2local etc
>
> sorting rules:
> * header content user1@domain.nl deliver to user1local
> * header content user2@domain.nl deliver to user2local
>
> packet filters:
> none?
>
> hope you can help me understand what I'm doing....
>
> gr & tia
>
> Bas

Relevant Pages

  • Re: configuring mail and NAT with winroute pro
    ... >want external users to relay through the Winroute mail server. ... >> start using WR PRO. ... >> All other internet trafic outbound internet trafic is ...
    (comp.security.firewalls)
  • Re: Remote View/Control
    ... I'm noting the VPN requirements as that is the next ... As I'm running Zonealarm Pro firewall I note that I will ... > On your firewall you need to open TCP port 3389 and I would open it only ... If you will connect to your server from home over ...
    (microsoft.public.windows.server.networking)
  • Re: RWW works with IP but not FQDN
    ... To see if something already has TCP port 4125 open on the SBS server you can ... When you run the CEICW then if you are selecting to allow Remote Web ...
    (microsoft.public.windows.server.sbs)
  • Re: Which Server 03 best suits my needs?
    ... proper services open from the internet to your servers and that you have ... port forwarding configured from your NAT device again to your server. ... POP3 uses TCP port 110 ... I also need FTp & web server provided. ...
    (microsoft.public.windows.server.setup)
  • Re: PC Anywhere
    ... > Anywhere uses TCP Port 5631 and UDP Port 5632. ... Outbound communication is ... > configured for this on the Server in ISA and works from the Server however ... > required and all outbound IP traffic is enabled in the ISA Protocol rules. ...
    (microsoft.public.windows.server.sbs)