Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Subscribers 27 subscribers
  • Views 3627 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble getting outbound SMTP traffic working

cwoller

Hi.

I try to make outbound SMTP traffic working over port 3 instead of WAN port (2). My setup looks like this:

(green is inbound, this is working; purple is outbound, it is currently not working)

I already have a SD-WAN policy inplace, that gets my Wifi- and internal webtraffic (http+https) over Port 5. The same way I tried to setup outbound SMTP traffic:

  • Firewall rule that allows internal mail (within "Source networks and devices") server to ANY, protocol is SMTP, SMTP scanning is ON
  • SD-WAN Policy that has "Source network" = (internal mail server); "Destination networks": Any; "Services": SMTP; Primary Gatway: GW for Port3, override GW monitoring is ON, Backup GW is none.

What happend is that my SD-WAN policy gets ignored and everything is send out over first IP of WAN Port 2.

What I am doing wrong? The SD-WAN works perfectly for web related traffic but SMTP seams to get handled differently...



This thread was automatically locked due to age.
Parents
  • +1

    Do you use SMTP MTA Proxy? The Traffic is generated by XG itself, not the Mailserver. 

    This would lead to: SD-WAN Policy is: Source Network = ANY. 

    Please read the Online Help for SD-WAN before making such a Change. 

  • 0 in reply to LuCar Toni

    LuCar Toni said:
    This would lead to: SD-WAN Policy is: Source Network = ANY. 

    This works perfectly for outbound from email server that sits on local LAN.

    But when connecting a branch office to the XG (tunnel, xfrm1) and send send emails from branch-local Exchange to XG (smarthost, relay permitted), every mail fail.

    So the SD-WAN does not apply to this branch office smtp traffic. How can I do this?

    After some time, they are gone from the mail spool but I cannot confirm that they are sended out (or deleted, eg.). They do not show up in maillog.

  • 0 in reply to cwoller

    One error I see again and again is

    {...} R=default_mx_router T=remote_smtp defer (-53): retry time not reached for any host for '<hostname>'

    This is excactly the same message I got for my "LAN" side Exchange Servers before I added the SD-WAN Policy with Source Network = ANY.

    I also see

    "Out IP" is 0.0.0.0 - so is this NAT problem? Working mails have this entry:

  • +1 in reply to cwoller

    Ok, did a NAT rule that seams to be working for me:

    Now my OUT IP 0.0.0.0 gets translated to my hostname and mails from queue gets send through the Internet.

Reply Children