EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 24 November 2024, 03:29:11 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
EFW SMTP, HTTP, SIP, FTP Proxy Support
SMTP proxy - the actual process.
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
2
All
Author
Topic: SMTP proxy - the actual process. (Read 49215 times)
glynd
Full Member
Offline
Posts: 10
SMTP proxy - the actual process.
«
on:
Wednesday 09 December 2009, 12:15:37 am »
I am just a little confused as to the route inbound and out bound mail takes.
We have a mail server on the green n/w.
Now my understanding is this for inbound:
Mail arrives at the red i/f on port 25. The proxy accepts it (I have smtp proxy enabled on the red i/f). It gets checked for spam/viruses and if it is clean, it is forwarded to port 25 on the mail server, which delivers it the recipient.
The same for outbound:
Mail is sent from the client to the mail server on port 25. The mail server attempts to send the mail to the recipient's mail server using a dns mx lookup. But I think somehow EFW gets a look in ( I have tried smtp proxy enabled, and in transparent mode but not sure of the differences), once EFW has done its checks it then sends it back to the local mail server for delivery using the mx record. (I have smart host enable pointing at the local mail server)
Would someone please confirm or otherwise, my understanding of this process?
The documentation is a howto and doesn't explain too well how it works.
Cheers and TIA
Glyn
Logged
gyp_the_cat
Full Member
Offline
Posts: 81
Re: SMTP proxy - the actual process.
«
Reply #1 on:
Wednesday 16 December 2009, 09:09:08 pm »
Hi Glyn,
I think you're understanding it well.
Postfix (the SMTP proxy on Endian) acts as a Mail Transfer Agent (MTA), so it sit on the permiter of your network and delivers mail between the two with some security thrown in for good measure.
Your SMTP topology probably looks like this:
Hotmail.com <-----> Endian <-----> Internal Mail Server
You're basically putting in an extra layer of security on your SMTP traffic is all
Gyp
Logged
b-morgan
Jr. Member
Offline
Posts: 6
Re: SMTP proxy - the actual process.
«
Reply #2 on:
Monday 08 March 2010, 08:40:57 am »
I'm switching to Endian from IPCop because I need the SMTP proxy.
I have a /29 netblock with the firewall assigned as x.x.x.133, gateway x.x.x.134. The configuration is RED/GREEN.
The mail server is assigned x.x.x.129 so on IPCop there is a port forward rule x.x.x.129:25 -> 192.168.0.40 and
an SNAT 192.168.0.40 -> x.x.x.129. The MX record points to x.x.x.129.
If I enable the SMTP proxy, do I still need the port forward? The SNAT? Does the MX record need to change?
Thanks for your help.
Regards,
Brad
Logged
gyp_the_cat
Full Member
Offline
Posts: 81
Re: SMTP proxy - the actual process.
«
Reply #3 on:
Monday 08 March 2010, 08:52:00 am »
Hi Morgan,
You won't regret making the switch
As long as your MX records point at x.x.x.129 and you give Endian the x.x.x.129 IP address on the RED interface you shouldn't need to change any DNS settings or implement any port forwards or anything like that. Endian will quite happily proxy the connections across your network. It'll also help to allow your internal email server to relay out via the Endian box too.
Just make sure you set up the SMTP features properly.
Just to clarify though is your firewall dealing with all your WAN IP addresses or just the x.x.x.133?
Gyp
Logged
b-morgan
Jr. Member
Offline
Posts: 6
Re: SMTP proxy - the actual process.
«
Reply #4 on:
Monday 08 March 2010, 09:22:34 am »
Quote from: gyp_the_cat on Monday 08 March 2010, 08:52:00 am
As long as your MX records point at x.x.x.129 and you give Endian the x.x.x.129 IP address on the RED interface you shouldn't need to change any DNS settings or implement any port forwards or anything like that. Endian will quite happily proxy the connections across your network. It'll also help to allow your internal email server to relay out via the Endian box too.
Just make sure you set up the SMTP features properly.
Just to clarify though is your firewall dealing with all your WAN IP addresses or just the x.x.x.133?
Thanks for the information. I've disabled the port 25 forward rule with a remark that the SMTP proxy is handling it. The firewall is handling all of the WAN IP addresses, x.x.x.129 - x.x.x.133.
The mail server will relay out through the Endian box. The mail server (SBS 2008 / Exchange 2007) is also providing OWA through ports 80 and 443. There's also a Terminal Services server on
a different IP. I'll look at reconfiguring the firewall to use the x.x.x.129 address instead of the current x.x.x.133. I can also change the MX record fairly easily (Web interface to the ISP, 300 second TTL).
With regards to SMTP features, I'm starting with Virus checking only. I'll progress forward as I become comfortable with Endian.
Regards,
Brad
Logged
gyp_the_cat
Full Member
Offline
Posts: 81
Re: SMTP proxy - the actual process.
«
Reply #5 on:
Monday 08 March 2010, 08:13:50 pm »
Excellent, looks like it's sorted
I'd heartily recommend you put in a of RBLs too, bl.spamcop.net and zen.spamhaus.org are especially good and very very rarely give us any false positives.
Logged
david_thistlethwaite
Full Member
Offline
Posts: 14
Re: SMTP proxy - the actual process.
«
Reply #6 on:
Monday 05 April 2010, 06:38:44 am »
Strange I have a internal mail server, exchange, and I have the smtp proxy configured, and I have to have smtp port forward from the red IF to the GREEN and only then does the smtp proxy work?
Any ideas???
David
Logged
gyp_the_cat
Full Member
Offline
Posts: 81
Re: SMTP proxy - the actual process.
«
Reply #7 on:
Wednesday 07 April 2010, 01:39:25 am »
Hi David,
Very strange
What are your mail logs telling you with regards to the email flow? ("tail /var/log/mail.log" from the command line).
And what options do you have ticked on the management screen? (Proxy - SMTP - Main).
Gyp
Logged
david_thistlethwaite
Full Member
Offline
Posts: 14
Re: SMTP proxy - the actual process.
«
Reply #8 on:
Wednesday 14 April 2010, 07:47:02 am »
Well I had a look at the mail flow logs with the NAT rule turned off and the smtp proxy on.
There was 0 mail flow, so the firewall was rejecting all smtp (25) traffic.
As soon as the NAT forwarding rule was turned back on all was well.
Seems pretty strange.
David
Logged
gyp_the_cat
Full Member
Offline
Posts: 81
Re: SMTP proxy - the actual process.
«
Reply #9 on:
Wednesday 14 April 2010, 07:42:46 pm »
Hi David,
Under Firewall - System Access - Show Rules of System Services
Do you have the line:
Quote
<ANY> <ANY> TCP/25 ALLOW Service (SMTPD)
Because when I enable/disable under Proxy - SMTP the following the rule is created automatically for me:
Quote
Enabled: Yes
Transparent on GREEN: No
Antivirus is enabled: Yes
Spamcheck is enabled: Yes
File extensions are blocked: Yes
Incoming mail enabled: Yes
Firewall logs outgoing connections: Yes
Could be a bug I suppose, but not sure. If you've got a work around implemented that could be stopping the rule from being automatically created I suppose.
Gyp
Logged
david_thistlethwaite
Full Member
Offline
Posts: 14
Re: SMTP proxy - the actual process.
«
Reply #10 on:
Friday 16 April 2010, 02:40:43 am »
So I re-installed the firewall then
- implemented the proxy, no mail traffic
- added the nat rule to forward to the green ip -> mail flows as needed
I did check the system rules before and after the re-install, and they were as they needed to be.
The smtp rule just does not work?
I am using endian community 2.3.0
what version are you running
Also do you know where I can find the firewall rules at the shell level, it may reveal a little more
Looks like a bug
David
Logged
gyp_the_cat
Full Member
Offline
Posts: 81
Re: SMTP proxy - the actual process.
«
Reply #11 on:
Friday 16 April 2010, 05:11:15 am »
Hi David,
Hm, does sound like a big then.
You may be best of registering it over at:
http://bugs.endian.com/main_page.php
I'm still on 2.2r3, and it works quite happily on mine. Very very strange saying it doesn't create the rule automatically.
Gyp
Logged
david_thistlethwaite
Full Member
Offline
Posts: 14
Re: SMTP proxy - the actual process.
«
Reply #12 on:
Friday 16 April 2010, 05:21:50 am »
Oh, it creates the rule it just does not do anything.
David
Logged
Ajeris
Jr. Member
Offline
Posts: 4
Re: SMTP proxy - the actual process.
«
Reply #13 on:
Sunday 22 April 2012, 07:00:52 pm »
Hello, I have a mail server in the DMZ is setup SMTP millet green transparent orange red prohrachny active in this mode is almost worth waiting a of minutes and then returned to the recipient unfolds like postfih mail back how to fix this error?
Logged
david_thistlethwaite
Full Member
Offline
Posts: 14
Re: SMTP proxy - the actual process.
«
Reply #14 on:
Sunday 22 April 2012, 07:51:49 pm »
Quote from: Ajeris on Sunday 22 April 2012, 07:00:52 pm
Hello, I have a mail server in the DMZ is setup SMTP millet green transparent orange red prohrachny active in this mode is almost worth waiting a of minutes and then returned to the recipient unfolds like postfih mail back how to fix this error?
Sorry I do not understand what you are asking?
David
Logged
Pages:
[
1
]
2
All
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.139 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com