Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 4017 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External Mail Clients can Receive, but Not Send

prezmc
I have a mail server setup behind my Astaro gateway.  Everything works fine on the local network to send and receive messages through that server.  I have opened all he necessary ports to allow IMAP/IMAPS/SMTP/SMTPS, etc to let an external mail client send and receive through the astaro to the mail server.

Clients can receive mail just fine, but for some reason, they can't make an SSL secure conncetion to the mail server from outside the network.  If I turn off the mail proxy, everything works correctly.

I can't figure out what setting(s) in mail security would have an effect here, since the right ports are forwarded.

any help is appreciated,
Shannon


This thread was automatically locked due to age.
Parents
  • 0
    From a security point of view, you would be better off getting rid of those DNATs, closing all those open external ports and then using a VPN instead.  With SSL, IPsec or Cisco, you even can limit the Remote Access to just your mail server.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    From a security point of view, you would be better off getting rid of those DNATs, closing all those open external ports and then using a VPN instead.  With SSL, IPsec or Cisco, you even can limit the Remote Access to just your mail server.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    I wouldn't mind the VPN approach, but it really sucks on a phone.

    On my iPhone, i have to go to settings, vpn, turn it on, wait, enter password.  THEN, i can finally go check my mail.  Horrifically inefficient.

    So, opening the port 25 to let my phone send smtp into my network, causes all incoming mail to bypass the proxy.  Suck.

    I devised a trick.  i changed the DNAT rule so that the source server was port 255, and the dest was 25.  then told my phone to use 255 for smtp to that server.  Works great.   Since no other mail server out there is trying to send on 255, the mail is forced through the proxy.

    Seem like a logical fix?
Cookie Information Banner