Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1224 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot use

Sadirov
Hello,

I am using Astaro ASG120, i have some issues with Email Security.
We have a real IP and the external interface of Astaro. We get a domain name, because we want to host our own mail server. Now it's located on the DMZ (Third Interface Card).
I try to enable the SMTP and POP3 under "Email Security", the users can send emails send to the outside but can't receive any emails. I define my Email domains and The Internal Server with Transparent Mode, but nothing works.

Now, i try to solve the Problem, but i don't think it's the right way.
I disable the SMTP and POP3 under "Email Security".
I create a DNAT for Mail server (Port 25 and 110) forwarded to Mail Server, Now everything works fine. But i don't think i will protected from spam and antivirus.

Any help is highly appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    You can host email and protect from spam, but please tell us more about your environment.

    What is your mail server?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hello again, 

    I have Microsoft Exchange 2003 server on the DMZ interface, Range 192.168.1.0, On the outside interface the Real IP, and on the Lan 192.168.0.0
    The Exchange works fine in DNAT scenario. 
    Now after disabling DNAT, i enable the SMTP under "Mail Security", under "Email Domains" i enter my domain "Example.com", regarding the Internal Server, I add my Exchange server located on the DMZ and enable the transparent mode. On "Relaying" Tab and I add the allowed networks.

    Users on the LAN can only send email, knowing that no need to use POP or IMAP because they are connected directly to Exchange and have their own Active directory accounts. So they cannot receive Email form Outside, neither our Domain nor other domains.

    Regards,
  • 0 in reply to Sadirov
    I'm not sure what DNAT you were using, but everything should work without it.

    In 'Mail Security >> SMTP':

    •  On the 'Routing' tab, make sure you haven't misspelled the domain name.  You probably want to route by "Static host list" and should have the host for your Exchange server in the 'Host list'.  Choose 'Verify Recipients' "with Callout." 
    •  If you use a smarthost, you must enter it on the 'Relaying' tab.  You probably should not have your internal networks in the 'Authenticated relay' box - this is only for other devices like the Exchange server.  In 'Host-based relay', you must include the host definition for your Exchange server.

    If that doesn't work, please share your DNAT rule as that may point to the solution.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Another thought.  On your Exchange server, have you identified the Astaro's 'DMZ (Address)' IP as a smart host?

    This is on the 'General' tab of 'Properties' of the 'SMTP Connector'. and needs to be the IP address in brackets, for example:

    [192.168.0.1]

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    And another thought.  Launch the Mail Manager from 'Mail Security >> Mail Manager' and look for the SMTP Spool tab.  That will tell you how many emails are waiting to be delivered.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to BAlfson
    And another thought.  Launch the Mail Manager from 'Mail Security >> Mail Manager' and look for the SMTP Spool tab.  That will tell you how many emails are waiting to be delivered.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner