Features
Attachment blocking
Email attachment blocking
When an email has been received by the SMTP server in WinGate, before the WinGate SMTP server indicates that it will accept responsibility for delivery of the message, it scans it for unacceptable content. Should WinGate find any file attachments in the message that are denied, commonly executable files, then WinGate refuses to accept responsibility for the message.
The administrator can define any number of file extensions that will be denied, and apply this restriction to incoming and/or outbound mail.
Rejecting the message in this way reduces the workload on the server, and can filter out many attachments that are normally associated with viruses, such as executables and script files.
Back to top
POP3, SMTP, and IMAP4 servers
Per-address email restrictions
Email queue management
Email reception options
Service bindings
WinGate has a comprehensive POP3, SMTP and IMAP4 (version 6.1 or later) server built in. These servers support advanced authentication options, and secure connections for both delivery and reception of mail, allowing you to set up a secure email network accessible over untrusted networks such as the Internet.
Simple yet highly flexible domain and user-based delivery rules allow you to set up a comprehensive variety of scenarios, including:
- Catch-all mailboxes, where all mail for a domain goes to a specific mailbox
- Split domains, where mailboxes for a domain are hosted on more than one different server
- Forwarding domains
The SMTP servers also supports a number of anti-spam measures to reduce inbound spam, and additionally mail received or retrieved can be scanned for viruses using the optional Kaspersky AntiVirus for WinGate component.
Flexible delivery options allow you to specify delivery requirements (such as authentication or secure connection requirements, or different port numbers) on a server by server basis where required.
Per-user restrictions are available, including maximum message sizes, redirecting mail, blocking file attachments per user, or copying mail to multiple recipients.
Back to top
Support for Antivirus data scanning
AntiVirus settings
Service support for plugins
WinGate includes support for several plug-in components which are available separately. These data scanning components allow you to scan content passing through WinGate proxies. One component is an AntiVirus plugin, called Kaspersky AntiVirus for WinGate (KAVWG). The AntiVirus technology in this plugin is licensed from the well-respected Kaspersky Labs.
Several proxies and services in WinGate support scanning content for viruses using this plugin, these are:
- The SMTP server. This scans all received mail, and mail retrieved using POP3 collection
- The WWW proxy. This scans files as they are downloaded to your browser, and can detect not only files containing viruses (i.e. infected EXEs or ZIP files), but also iFrame exploits, and common attacks against web browsers.
- The POP3 Proxy. If you collect your email from a POP3 server on the Internet through WinGate's POP3 Proxy, you can also scan the email as it is being retrieved for viruses.
- The FTP proxy. Files being downloaded or uploaded can be scanned for viruses.
If a file fails scanning because it contains a virus, it is placed in WinGate's quarantine, where it may be released by the system administrator.
Back to top
POP3 mailbox collection
POP3 email collection
WinGate can retrieve mail from POP3 mailboxes on other servers, and import them into the WinGate mail system for local or remote delivery.
The POP3 retrieval system allows you to parse retrieved emails, and deliver accordingly, or deliver all mail for a mailbox to a specific address.
If you have Kaspersky AntiVirus for WinGate installed and activated on your WinGate email, then retrieved emails will also be scanned for viruses.
Multiple security and authentication options
A range of security options are also available, including secure connection support using STLS, and various authentication methods including:
- plain USER/PASS
- NTLM (used for secure authentication to MS Exchange servers)
- CRAM-MD5
- APOP
By default WinGate will choose the most secure method available on the POP3 server that it is connecting to.
Back to top
Anti-spam measures
Email reception options
WinGate's SMTP server gives the user a number of options to help prevent unsolicited email from being accepted by WinGate.
To start with, WinGate can use Open Relay Databases (ORDB) which are available on the internet based around a DNS lookup to check whether a computer connecting to WinGate is a known open relay or spammer.
WinGate will also optionally block invalid sender domains (i.e. domains that do not exist, or have specific properties - e.g. the MX record resolves to "localhost" or other disallowed records).
Finally, WinGate uses an SPF-style check if you enable "block spoofed sender addresses". The key difference between this check and SPF, is that SPF requires domains to specify valid senders by publishing an SPF DNS record. Most sites do not have one of these, so SPF is still not widespread enough to be used to verify most domains. WinGate's method - by using a combination of assumptions - can gain a high level of certainty about sites and domains that do not have published SPF records. Inevitably there will be some sites that do not pass WinGate's anti-spoofing checking, so there is a comprehensive white-list option to allow these through.
Back to top
POP3 and SMTP proxies
In addition to the comprehensive POP3 and SMTP servers in WinGate, WinGate includes a POP3 proxy and an SMTP proxy.
The proxies differ from the servers in that they are intended to be connected through rather than connected to. E.g. if you connect to a POP3 server on the Internet, you may choose to connect through the POP3 proxy, and have it scan your email for viruses at the same time.
The SMTP proxy however we do not recommend you use unless you specifically do not wish to use the SMTP server in WinGate, or your license does not give you access to it (version 4.x license or earlier).
The POP3 proxy however is often used, since it is common to need to access a POP3 server on the Internet.
Back to top
Remote Email Queue Management
Email queue management
With the email tab in GateKeeper you can easily manage several aspects your server mail queues. Functions include:
- Aborting delivery of mail to a domain (domain job)
- Retrying all delivery
- resetting the delivery try count on a domain job
- Deleting or bouncing specific messages from a particular domain job
- previewing messages in the queue
Back to top
Multiple authentication options
Delivery per-server configuration
Email in WinGate supports a number of authentication options, depending on which user database you are using, or which email clients.
For SMTP reception and delivery to remote SMTP servers WinGate supports:
- SASL PLAIN method
- SASL CRAM-MD5 method
- NTLM method
WinGate's POP3 collection and POP3 server supports:
- USER/PASS method
- APOP method
- SASL PLAIN method
- SASL CRAM-MD5 method
- NTLM method
In addition, the methods for the SMTP server (reception) and POP3 server can be restricted to whether the connection has been secured by STLS or STARTTLS (equivalent for SMTP) or not, thereby removing the vulnerability of insecure authentication methods, by requiring that the connection be encrypted before an insecure method becomes available.
Back to top
MS Outlook secure authentication
MicroSoft® Outlook only supports one type of secure authentication, which is via NTLM, against an NT database. With WinGate's built in ability to synchronise with such a database, Outlook users can authenticate with WinGate's SMTP and POP3 servers, sending their username and password to WinGate in an encrypted format rather than plain text.
Back to top
User quotas and restrictions
If you choose to let WinGate host your users' mailboxes, you can specify individual requirements on the users mailboxes, and email addresses.
You can specify the maximum amount of disk space that a user's mailbox may use.
Furthermore, for any email addresses whether associated with a local mailbox or destined to be forwarded to another server, you can specify additional restrictions, such as blocking attachments, setting a maximum message size, or copying the mail to other local or remote addresses.
Back to top
|