- F.A.Q.
-- MailGate
-- POPWeasel
-- SpamWeasel

- Error Codes
- Configuration
- Release Notes
- Year 2000

 Beta Area
 About Us

MailGate Support Issues

Q. How can I prevent MailGate from acting as a spam relay?
A. By default MailGate will accept mail sent via SMTP regardless of where it comes from. This means that if a spammer scans the range of IP addresses that your ISP uses and if you're also connected at that time, they may find an open SMTP server on your machine and can easily send their spam through it. The reason spammers take this course of action is to remain anonymous.
There are several different ways of preventing MailGate from being used as a spam relay, you can choose whichever suits your setup best from the options below:

Using the Bindings tab
If your Internet connection is on the same machine as MailGate, and you don't have remote clients that require access to MailGate, then you can bind MailGate to only allow the client machines on your LAN to access the MailGate services.

  1. Click on Gateway | Advanced Setup | Bindings tab.
  2. In the "SMTP Server" field, type the IP address of the LAN card in the machine MailGate is running on.
  3. You can enter this IP address in all fields available, however the only one that's necessary for relay prevention is for the SMTP Server (see the Security FAQ).
MailGate service bindings

Using the SMTP Relay tab (MailGate 3.5.166 +)
Click on Gateway | Advanced Setup | SMTP Relay tab.

If you wish to restrict which machines can send mail externally to the Internet, you can add their IP addresses or address range(s) to the Allow/Deny fields. By default these fields are blank, which allows any machine access to sending external mail.

The standard SMTP protocol does not require a user to provide a username/password before sending mail data. The enhanced protocol, ESMTP, though allows for a number of SMTP authentication methods. MailGate version 3.5.166 and above supports the LOGIN method of authentication.
The drop-down menu is set to "Not Required" by default. Setting it to "Any MailGate user/pass" will require a mailbox name password to be sent before access is given for sending external mail, setting it to "Specified user/pass" will require the user name and password in the respective fields on this tab to be sent before access is given.

The checkboxes at the bottom of the tab give you the choice of setting whether clients are required to send authentication for sending mail. For both internal and external mail you can set whether authentication is required for IP addresses listed in both Allow/Deny fields.
E.g. - If authentication is provided by a machine with a denied IP address (or one that isn't listed in the Allow field), this will override the rule and allow the user to send mail.

MailGate SMTP relay settings

Using the Security tab (MailGate 3.5.165 or earlier)
If your Internet connection is not located on the main server (e.g. you have a router based connection on a networked machine), you can block information coming in from the router.

  1. Click on Gateway | Advanced Setup | Security tab.
  2. Click on the SMTP Server button.
  3. In the "Allow" field, enter the IP address range of your LAN.
  4. In the "Deny" field, enter the IP address of the router.
MailGate security settings

Using the Mail Manager Extension
If you have remote clients that require access to MailGate via a routed connection, and if you have the Mail Manager Extension installed, you can set up a rule to block mail if the FROM field is not set to your own domain name.

  1. Double-click on the Mail Manager Extension.
  2. On the Rules tab click the Add button.
  3. Give the rule a name.
  4. Set the "Sender" field to "!*@yourdomain.com" (where "yourdomain" is your company's domain name).
  5. Set the "Destination" drop-down menu to "External".
  6. Set the "Rule Actions" drop-down menu to whatever you choose to do with the e-mail that's not sent from your domain (e.g. bounce back the e-mail with a Reject action).
MailGate Mail Manager rule

For more information on making MailGate secure against hacking, click here

Return To FAQ