This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can someone help me with SMTP Proxy?

Here is my situation. I have been using Astaro to scan my emails that come through pop3 for a while now. It works great. But I need to have better control over spam so I told my hosting company to point both HostA and MX records to my static IP (external nic on Astaro). I enabled SMTP Proxy and set the HOST (MX) to mail.domain.com

I then told Astaro to allow relay from my internal mail server that is on my DMZ. (Created definition of my mail server in definitions - networks)

I wanted to use virus and spam scanning so I added a domain group for mail.domain.com

I then enabled spam and virus scanning with quarantine. my problem is I cant send email with my mail server unless I put a packet filter in

Mailserver -> any
Allow SMTP

I thought I don't need a packet filter with SMTP. Am I wrong?

Please can anybody help?

This thread was automatically locked due to age.

Parents

0 William Warren over 20 years ago

AFAIK the only auto open is the HTTP proxy. The rest you have to set a packet filter rule for.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 20 years ago

AFAIK the only auto open is the HTTP proxy. The rest you have to set a packet filter rule for.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 dayne1432 over 20 years ago in reply to William Warren

But POP3 is transparent and you don't need to setup a packet filter rule for it.

So should I configure my server to use Astaro as an upstream smtp?

I want to scan both incoming and outgoing mail for viruses.

Thanks for the help
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 20 years ago in reply to dayne1432

[ QUOTE ]
But POP3 is transparent and you don't need to setup a packet filter rule for it.

So should I configure my server to use Astaro as an upstream smtp?

I want to scan both incoming and outgoing mail for viruses.

Thanks for the help

[/ QUOTE ]
POP is transparent..SMTP is not. Hence you need a packet filter rule for outgoing smtp. You can set ASL as a forwarder..jsut make sure you have either a mail server for Astaro to forward to locally or setup the smarthost option.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 dayne1432 over 20 years ago in reply to William Warren

Ok, but then if I put a packet filter to allow SMTP -> ANY then the SMTP Proxy will not scan outgoing emails for viruses correct?

How do get it to forward incoming mail to my Mail server and scan both incoming and outgoing email for viruses?
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 20 years ago in reply to dayne1432

[ QUOTE ]
Ok, but then if I put a packet filter to allow SMTP -> ANY then the SMTP Proxy will not scan outgoing emails for viruses correct?

How do get it to forward incoming mail to my Mail server and scan both incoming and outgoing email for viruses?

[/ QUOTE ]
You need to point your clients to your ASL ip as their smtp server. Then point your asl proxy towards your mail server. Sorry i did not answer clearly the first time. For the reverse you need to point your MX records to your ASL then have the ASL forward the mail to your mailserver. The manual has this explained pretty well i believe.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 dayne1432 over 20 years ago in reply to William Warren

I am sorry for causing so much trouble. I haven't fully explained the issue. You see the mail server has a web-client component which I use because of the groupware features. The web-client emails are sent directly from the mail server. So I guess I can't scan for viruses on the out going mail.

Thank you for all your help
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 20 years ago in reply to dayne1432

[ QUOTE ]
I am sorry for causing so much trouble. I haven't fully explained the issue. You see the mail server has a web-client component which I use because of the groupware features. The web-client emails are sent directly from the mail server. So I guess I can't scan for viruses on the out going mail.

Thank you for all your help

[/ QUOTE ]
yes you can. AFAIK you can tell the mail server to send it's mail to the ASL box for scanning and ASL wil handle it. I need o read the manual a bit more so i could be wrong. Let me research and/or somebody with more knowledge than i can address this issue.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 20 years ago in reply to dayne1432

..online help says

[ QUOTE ]
When using the Virus Protection, incoming and outgoing emails are screened for unwanted content like viruses, trojan horses or suspicious file types. It is recommended to use the "quarantine" action with this facility. You can also use the "blackhole" action if you do not want to regularly review caught viruses.

[/ QUOTE ]

look at /proxies/smtp/content filterl

greetz
Claus
Cancel
Vote Up 0 Vote Down

Cancel
0 wk_03 over 20 years ago in reply to dayne1432

The POP-Proxy is like the http-proxy in transparent mode. The client needs no modification and the mails are scanned transparent.

The SMTP-proxy is like http-proxy in stanard mode. You have to point the client to the proxy to have the mails scanned.

In your situation the mail-server in DMZ has to deliver its mail to the ASL-box on the DMZ-interface and you have to allow the DMZ-network for mails in the settings of the SMTP-proxy. Then you don't need a packet rule for smtp.
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 20 years ago in reply to dayne1432

[ QUOTE ]
Ok, but then if I put a packet filter to allow SMTP -> ANY then the SMTP Proxy will not scan outgoing emails for viruses correct?

[/ QUOTE ]

proxies/smtp/global settings/allow relay from

[ QUOTE ]
How do get it to forward incoming mail to my Mail server and scan both incoming and outgoing email for viruses?

[/ QUOTE ]

for inbound mailrouting use /proxies/smtp/profiles and domain group assignment/
where route target is your internal mail server.

greetz
Claus
Cancel
Vote Up 0 Vote Down

Cancel
0 dayne1432 over 20 years ago in reply to ClausP

Thank you William and Claus for all the help. I am recieving and send email via the SMTP Proxy. I am going to try and play around with the spam settings to make sure that I can get rid of the junk.

William I added the file extensions filter you pm'd me. The system has caught one viri already. I love the fact that I can verify the sender and reciever. And the options to blackhole, quarantine and reject are awesome.

Thanks again for all the help guys, YOU ROCK!
Cancel
Vote Up 0 Vote Down

Cancel