- F.A.Q.
-- MailGate
-- POPWeasel
-- SpamWeasel

- Error Codes
- Configuration
- Release Notes
- Year 2000

 Beta Area
 About Us

MailGate Support Issues

Q. How can I make MailGate secure against outside hacking?
A. Although not a firewall in the true sense, when correctly configured and by using the proxy principle, a MailGate installation can be secured from outside intrusion.
The configuration comprises two key steps, preventing access to TCP/IP service sockets and preventing access to NT services.

1. Preventing access to IP sockets

It's unlikely that you'll require any of the services MailGate uses to be open for remote access - except SMTP if you receive a feed from your ISP, and possibly POP and SMTP if you have users out of office that need to send/receive mail via MailGate.

In a standard POP3 collection installation there should be no need to allow external access to any MailGate IP service socket.

If external access is via a secondary adapter (i.e. dial-up or network card on the same machine as MailGate), this can be achieved by simply binding the MailGate services to the internal adapter IP address:
  1. Click on Gateway | Setup | Bindings tab.

  2. Enter the IP address of the LAN card in the field provided for each of the services you wish to block remote access.

If external access is via a router attached directly to the local LAN, access can be controlled by carefully setting the Advanced Setup/Security settings to deny access via the router:
  1. Click on Gateway | Setup (the Security tab will be active)

  2. Click on the button for each service separately, according to the services you wish to block remote access.

  3. In the "Allow" field, enter the IP addresses or address range (e.g. "192.168.1.*") for your local network.

  4. In the "Deny" field, enter the IP address of the router on your local network.
Security settings

Note: In both cases, if mail is sent into MailGate from an external location by SMTP then please check the FAQ concerning SMTP Relay.

Care should also be taken to ensure that any other services running on the server are also secured. A typical example is Microsoft IIS which may also be active. Refer to the relevant product documentation for further information.

2. Preventing access to NT services
  1. Disable IP Forwarding. In the Control Panel/Network settings, select TCP/IP properties, select the Routing tab and clear the 'Enable IP Forwarding' check box.
  2. Disable NetBios over TCP/IP. Using the Control Panel/Network settings, disable any bindings between TCP/IP and NetBios-based services. Internal machines can still talk to each other over NetBEUI provided this is installed.
  3. Unbind unnecessary services from the Internet side adapters. Using the Control Panel/Network settings, unbind any unnecessary services from the adapter card(s) on the Internet side.
  4. Use NTFS volumes. NTFS gives better security and access control to your file system.
  5. Enforce good security procedures. Carefully check passwords and access rights.
To check out your security settings, try the Shields Up! test.
Visit grc.com for more information.

Return To FAQ