I receive all inbound mail from the DynDNS MailHop forwarding service. I was thinking I could prevent other upstream hosts from forwarding email to my ASG (v8.000) by checking the "Allow upstream/relay hosts only" box and that, if I did so, authenticated SMTP clients would still be able to relay too. However, in practice my authenticated SMTP clients stop being able to send mail through the ASG proxy as soon as I restrict inbound email to my DynDNS host list. I'm trying to figure out why this is. The online help suggests that authenticated relays should still work:-
Upstream Host List
An upstream host is a host that forwards e-mail to you, e.g., your ISPInternet Service Provider or external MX. If you get inbound e-mail from static upstream hosts, it is necessary that you enter the hosts here. Otherwise spam protection will not work properly.
To add an upstream host either click the plus icon or the folder icon for drag-and-drop from the Networks group tooltip. If you would like to only allow upstream hosts select the checkbox Allow Upstr[/LIST]eam/Relay Hosts Only. SMTP access will then be limited to the defined upstream hosts (and authenticated relays, see below). Click Apply to save your settings.
I'm assuming I've either not set up my SMTP clients correctly, or there's some interplay between these two settings that I don't understand.
Some more detail on my setup:-
- DNAT/SNAT rules redirect inbound port 2525 traffic to port 25, so the SMTP proxy picks it up.
- ASG SMTP proxy routes inbound email to an internal Exchange 2007 server.
- Exchange 2007 is configured to use the ASG proxy as a smarthost when sending outbound email from hosts on my internal network.
- For external SMTP clients, they authenticate to the ASG SMTP proxy directly when sending outbound mail. I'm not 100% sure whether this still forwards the mail on to my internal Exchange server only to have it recognize it as outbound mail and send it back out via the ASG "smarthost" send connector, or if authenticating with the ASG SMTP proxy for outbound mail avoids Exchange altogether - an easy enough thing for me to test of course. I'm wondering if this setup is part of my problem, and perhaps I'm just not understanding the best way to handle outbound SMTP mail for external hosts when both the ASG proxy and an internal Exchange 2007 server are in play.
I've hunted through the Astaro support site and the user forums but am still scratching my head. Any help much appreciated.
Thanks,
Martin.
This thread was automatically locked due to age.
