We are using a windows based mail server with two domains that should be linked to two static IPs.
So, we assigned to local IPs (10.10.5.1 - Domain A & 10.10.5.2 Domain B) the mail server. According to the logs, the mail server properly binds each domain to the corresponding IP.
In addition, we have applied the following configuration to the Sophos UTM:
1. Masquerading
One rule per domain using the following settings:
Network: Domain A / Domain B
Interface: External (WAN)
Use address: Address 1 / Address 2
2. DNAT
One rule per domain using the following settings:
Rule type: DNAT
Matching condition
For traffic from: Any
Using service: IMAP, SMTP, etc.
Going to: External WAN - Address 1 / Address 2
Action
Change the destination to: Domain A / Domain B
3. SNAT
One rule per domain using the following settings:
Rule type: SNAT
Matching condition
For traffic from: Domain A / Domain B
Using service: Any
Going to: Any
Action
Change the source to: External WAN - Address 1 / Address 2
Now, our expectation is that all mail for Domain A is using Address 1 and all mail for Domain B is using Address 2.
Sadly, it only work properly for Domain A. Domain B appears to bypass these rules and is using the External WAN address instead. I confirmed this by sending an email to another and validating the header information.
I am guessing that we are missing something here, but I cannot figure out what.
Any suggestions on what could be wrong with our rules?
Thank you!
This thread was automatically locked due to age.
