Yes Oliver my firewall has MX, for outgoing email on DMZ, my firewall become the smart host for relaying mail (am i correct?) but i still confuse for the incoming mail. Do i have to create rules so ANY port 25 can have access to my mail server on dmz port 25 ( i think this will bypass the scanner ????) or it doesn't have to create rules at all. Is it enough just to add my mail server on the incoming windows on astaro configuration?
As far as I understand ASL (I just started to evaluate it), it is like this:
You have to allow ANY host ANY highport access to your ASL's external interface port 25. The ASL will catch the mail, scan it and forward it to your dmz/ mail server. This would be the ordinary way to do it.
As far as I understand ASL (I just started to evaluate it), it is like this:
You have to allow ANY host ANY highport access to your ASL's external interface port 25. The ASL will catch the mail, scan it and forward it to your dmz/ mail server. This would be the ordinary way to do it.
Originally posted by mirkow: As far as I understand ASL (I just started to evaluate it), it is like this:
You have to allow ANY host ANY highport access to your ASL's external interface port 25. The ASL will catch the mail, scan it and forward it to your dmz/ mail server. This would be the ordinary way to do it.
Ciao,
Mirko
No you don't have to create a rule to allow access to port 25 for the SMTP proxy to work, you just have to enable the proxy and it creates its own holes in the packet filter.
You do however have to tell it in the proxy setting what domains it is responsible for and what server to send the incoming emails to. (need to define this machine in networks)
You also need to define the machines that can use the proxy for outgoing forwarding.
Thank's for your support guys, the content scanner works and it's reply to the sender, but the rest is not arrive at the server and later on delivery fail because to many loops. any idea
