Can someone tell me how the transparent mode for the smtp proxy functions. The help on Webadmin does not help me much and I can't find much in the manual about it either
Rather simple, it intercepts all communication on port 25 (SMTP). So, for example, instead of using the firewall ip-address as outgoing smtp-server, you have to put in another valid server (like the server from your ISP). But you get the same trouble as with all transparent scanners (eg. POP3), that need the complete session, many mail applications don't like them very good. Higher rate of malfunctions.
If you have an exchange (or other mail type server) behind the f/w with a NAT'd IP, will the proxy, while in transparent mode, catch the mail server's outbound SMTP traffic?
From what I have seen, it will not - and the only way to make it do so is to set the mail server to use the ASL transparent smtp proxy service as it's smarthost.
[ QUOTE ] From what I have seen, it will not - and the only way to make it do so is to set the mail server to use the ASL transparent smtp proxy service as it's smarthost.
[/ QUOTE ]Which works very well. Mind you, when you actually point the Exchange server's outbound mail to the ASG box as its smarthost, you are not really relying on the transparent SMTP capabilities in the SMTP proxy any more.
Ok, so i'm dumb. The mail does not get checked by the proxy when going out? You have to use this smarthost feature to make something work that should work by design? Please explain
Ok, so i'm dumb. The mail does not get checked by the proxy when going out? You have to use this smarthost feature to make something work that should work by design? Please explain
No question is a dumb question. Transparent mode works like the HTTP proxy in transparent mode. It captures all traffic on port 25 and filters it. Then the traffic continues on to its original destination. (ie. Mail server (internal) or (External)) You do not have to configure your mail server to use the Astaro Firewall as a smarthost when using transparent mode.
All other options work the same in both methods for the SMTP proxy. To allow scanning of outbound email enable "Scan Outgoing Messages" in the Content Filter section of the SMTP proxy.
Smart host is an upstream mail server, usually your ISP's mail server. If you enable this you must specify a smarthost mail server that Astaro will forward outgoing email to. Usually Astaro will attempt to deliver the messages itself, however you can use the smarthost feature to have Astaro forward outgoing email to your ISP's mail server for delivery.
