Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4966 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No INcoming mail

OldSchool
I do not have the SMTP proxy option, so I want just be able to open smtp port (25) on the UTM 425 and send mail straight through to my exchange 2003 server. I can send mail out of that server, ever mail that is coming in it port blocked, the live log show everything is red, therefore being dropped out. 

I have made rules to allow email traffic, and smtp traffic to my inter IP email server. 

any ideas?


This thread was automatically locked due to age.
  • 0
    You need a DNAT rule to allow inbound traffic on port 25 to be NATted to the internal IP of your Exchange Server.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    made perfect sense, but I tried it and still NO incoming mail. 
    DNAT looks like this.. 

    Traffic selector:Any→SMTP→Internal (Address)
    Destination translation:ServerName--->SMTP
    Automatic Firewall rule: YES
    Initial packets are logged

    I also set one up for the OWA client to use http to attach to that address as well.. no luck there either.
  • 0
    The traffic selector of your DNAT seems to wrong.  It should be like:
    any -> smtp -> external (address)
    and the mx record of your maildomain should point to the external address.

    Regards
    Manfred
  • 0
    Hi, OldSchool, and welcome to the User BB!

    Also, in a NAT rule, it's a good habit to leave a field blank if not changing it.  In this case, since it's a single service with a single destination port, there's no problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    And one other note -- if you did not check the automatic packet filter checkbox on your corrected (as the others pointed out, your rule was incorrect) DNAT rule, you will need to create an inbound SMTP Firewall rule as well --- note that Firewall Rules are applied after NAT operations, so it would defined as  Internet (or ANY) -> SMTP -> .

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BAlfson
    Thanks.. that was it.. it needed to be pointed to the external address!! 

    seeya on the content filtering board next!

    KCI
Cookie Information Banner