This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mutual TLS

Hello Everyone,

I'm currently using an Exchange server behind an Astaro Security Gateway v7. I've enabled the SMTP proxy been and using it successfully for the last 2 years. Recently I've had a request to have a few select domains that need to bypass the SMTP proxy and talk directly to my Exchange server for mutual TLS to work as expected. My Exchange doesn't use the Astaro as a smarthost so sending is not a problem.

Vince

This thread was automatically locked due to age.

0 BarryG over 12 years ago

Hi, how many external IPs do you have?
I'm thinking you could use DNATs to bypass the proxy for SOME IPs (and update your MX records).

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Hi, vauletta, and welcome to the User BB!

I think Barry's trick will work, but maybe your problem is a different one.  I wonder if this isn't a problem with the certificate used and the hostname of your ASG.

If your ASG has an SMTP Hostname that's identical to your MX  Record, and the TLS certificate selected on the 'Advanced' tab matches that, I think you shouldn't have a problem.  You may only need to fill in the 'SMTP hostname' field and use a new certicate with that.  Fill in all of the fields when creating the new certificate.

Any luck with that?

Cheers - Bob
PS I would recommend relaying through the ASG for outbound mail.  In that case, the SMTP hostname and TLS certificate also should be changed as indicated above.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Mutual TLS

Submitted a Tech Support Case lately from the Support Portal?