I have GW 6 and have it set to prevent relaying but I also had a problem with the filters on my firewall that was allowing everything in. We had a spammer coming in on port 80 and relaying mail through us. It did not show up in the GWIA logs. I finally found the traffic by using Lanalyzer. I have had to block all incoming port 80 traffic which effectively stopped the spammer but also killed webaccess as well. Unfortunately Webaccess and GW are on the same server. How can I securely get Webaccess working again? How is it that someone is able to use port 80 to relay through us. Anyone have a clue?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
GW and SMTP port 80
- Thread starter macgvr
- Start date
Not sure how they are doing this, I have heard of spammers using proxy servers as a relay host, simple rules on the proxy server correct this. It could be related to having the webaccess on the same server as smtp. I normaly recomend placing webaccess on it's own server since it has a tendancy of crashing when new service packs come out.
To secure webaccess, you can disable it's usage of port 80. Are you using the Netscape web server or the apache web server? IMPO I thini the apache server is much much better. In Gw6 SP2 you get the option to install webaccess using apache.
If you go this route, do not use the GWWEB.NCF to load the web access. When NVXADMUP loads apache, it wil load what you need. You can disable apache from listening on port 80 and just listen on port 443, you need to ensure SSL is setup correct for this to work. One way to test is to use SSL to access the Remote Manager on port 8009 ( If you can't get to it, download PKIDIAG to help fix your SSL objects.
You then need to tell you users to go to to get to webaccess. A big plus will be that all traffic will be encrypted when going across the net.
Brent Schmidt CNE,Network +![[atom]](/data/assets/smilies/atom.gif "[atom] [atom]")
Senior Network Engineer
Keep IT Simple![[rofl]](/data/assets/smilies/rofl.gif "[rofl] [rofl]")
To secure webaccess, you can disable it's usage of port 80. Are you using the Netscape web server or the apache web server? IMPO I thini the apache server is much much better. In Gw6 SP2 you get the option to install webaccess using apache.
If you go this route, do not use the GWWEB.NCF to load the web access. When NVXADMUP loads apache, it wil load what you need. You can disable apache from listening on port 80 and just listen on port 443, you need to ensure SSL is setup correct for this to work. One way to test is to use SSL to access the Remote Manager on port 8009 ( If you can't get to it, download PKIDIAG to help fix your SSL objects.
You then need to tell you users to go to to get to webaccess. A big plus will be that all traffic will be encrypted when going across the net.
Brent Schmidt CNE,Network +
Senior Network Engineer
Keep IT Simple
Whatever webserver you're using, make sure your remove all the sample pages. Also make sure there's no other pages or CGI apps which allow email, as many are easily exploitable to use as an open relay.
It also may be a permissions issue on the files which webaccess uses to send email. Make sure only authenticated users can access those files.
- Status
Similar threads
- Locked
- Helpful tip
- Locked
- Question
- Locked
- Helpful tip