Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 453 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[7.005] Internal ASG emails not reaching mail server

Mark B
Hello,

Just upgraded to version 7 (rebuilt configuration by hand). Seems I cannot get any email reports/backups delivered from the ASG to my internal mail server. 

I do not have the SMTP proxy enabled - have ASG DNAT'ed directly to my mail server. All email is being delivered normally but it seems the ASG cannot communicate. Checked the SMTP logs on my mail server and cannot see the ASG box even attempting to make a connection. 

I do recall some ASG versions ago you needed to enable the SMTP proxy - load in the internal email server address and then disbale it again - tried this without any luck.

Any suggestions?

Thanks in advance.

Mark


This thread was automatically locked due to age.
Parents
  • 0
    I would suggest that you properly configure the SMTP proxy and use it as intended. That would require deleting your SMTP DNAT rule.
  • 0 in reply to VelvetFog
    While I too would recommend that you use the proxy, you can use it in the manner you describe if you like... if you do choose to try the proxy, the DNAT rule has to go.  If not, make sure you create a packet filter to accompany the DNAT rule... realize that the packet filters are applied after the NAT, so the rule would be ANY -> SMTP -> Internal IP address of mail server.  Also, if you have the DNAT and Packet filter rules defined correctly, check your IPS logs; sometimes ordinary mail traffic generates false positives in the IPS, and some rules have to be disabled.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to VelvetFog
    While I too would recommend that you use the proxy, you can use it in the manner you describe if you like... if you do choose to try the proxy, the DNAT rule has to go.  If not, make sure you create a packet filter to accompany the DNAT rule... realize that the packet filters are applied after the NAT, so the rule would be ANY -> SMTP -> Internal IP address of mail server.  Also, if you have the DNAT and Packet filter rules defined correctly, check your IPS logs; sometimes ordinary mail traffic generates false positives in the IPS, and some rules have to be disabled.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner