Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 0 replies
  • Subscribers 27 subscribers
  • Views 4380 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 105w Firewall: General Setup: Problem using MTA Mode for sending/receiving/scanning emails.

Canis68

Dear all,

I am working with a XG 105w (SFOS 16.05.7 MR-7) and want to use the MTA Mode to check emails that are sent/received by a computer and WLAN devices (e.g. an Android phone). All in all unfortunately this email Server topic is a bit new to me. The email Server belongs to an external company (ISP, called "green.ch"). I tried to find a solution and did read many threads of this great community but so far I was not yet successful.

In Legacy Mode all was fine, the log showed the scanned emails. After switching to MTA Mode I got an error message that the SMTP Server can not be reached and the mail can not be sent. Great.

What I did:

I created an additional FW rule beside the auto-added rule (maybe not necessary):

Adjusted the SMTP policy by adding the external email domains:

The main email provider is named greenmail.ch, the respective server is called mail-ch.ch/smtp.mail-ch.ch/pop.mail-ch.ch/imap.mail-ch.ch. Beside that I have AOL and Gmail accounts in order to write/receive emails.

 

I added all of the IP address ranges for the email Server of each provider as shown in WHOIS:

 

 

 

 

Background for the switch to MTA Mode is that I want to scan emails by the XP that are sent/received on mobile phones (e.g Android, K9-Mail) which was not yet possible in Legacy Mode. In addition K9-Mail, the Android mail program, does not accept the Sophos certificate because it is private and not verified by a CA (a well known K9 problem, Thunderbird (Windows) does accept exceptions regarding non verified certificates). Therefore I want to add a small computer in the DMZ that is retrieving the emails, then scanning them for malware/SPAM by the XP, using an email certificate that is verified by a real CA. The computer will then forward the emails immediately to an email Server in the LAN to distribute them to the WLAN devices. So it will be a combination of external (ISP) email Servers (for the normal computers) and an internal email Server (for WLAN access). For that solution I assume that the MTA Mode might be the better choice.

Any suggestion how to solve my problem is highly appreciated!

BR

Wolf



This thread was automatically locked due to age.