SEA mail logs for outbound emails

Hi Manuel

The email appliance logs all mail that it processes regardless of direction.  Just by your diagram my initial guess is that the switch is sending outbound mail to exchange.  There is no need for a switch.

Normally your mail should look something like this.

MX record >> A-record to pub ip >> firewall >> port forward p25 >> email appliance >> exchange

The appliance would be configured to accept email for domain ABC.com and delivere to exchange

exchange would have an anonymous receive connector with the ip of the appliance

On the way out

exchange >> email appliance >> firewall >> internet.

exchange is configured with an anonymous send connector to the appliance

the appliance is configured with exchanges ip address listed under internal hosts

something like this may help

https://technet.microsoft.com/en-us/library/bb232021(v=exchg.141).aspx

and

https://technet.microsoft.com/en-us/library/aa998662(v=exchg.150).aspx

in terms of appliance configuration, you just need to define the domains you accept mail for and add a delivery server

the internal relay list should contain all of the emails that you wish to allow to relay mail outbound.

Hi 

I was able to follow your instruction and it provides a positive result.. I just have a follow up inquiry.

If i send email internally, it doesn't log traffic.

Thanks!

Hi Manuel,

That's correct, internal to internal mail never goes through the appliance.   At that point exchange would simply drop it in the recipient's mailbox vs sending it to the send connector for delivery. 

Please see below video: 

Please see below video: 

Hi Md. Arfi Uddin

I had a look at your video, steps 1 -3 seemed to be correct .. but step 4 is incorrect. 

setting an address as a trusted relay affects the way the appliance does reverse lookups, IPs that are listed as trusted relays are also exempt from spam checking.  So By adding your mail server as a trusted relay, if you ever get an infected host / spam bot .. all mail would be blindly delivered to the internet. 

Step 4 must be set up as an internal mail host, this tells the appliance what IP's it can accept a message from and relay.  The connector should be anonymous. 

You may wish to refer to http://esa.sophos.com/docs/esa/webhelp/index.html#sea/references/trusted_relays.html

and also note the differences with upstream and downstream relays. 

Normally, the only time you should ever have a trusted relay is if something upstream is accepting mail and delivering downstream to an appliance.  Port Forwarding for example routes packets, it does not accept a message and then deliver said message, so a router would never be a trusted relay.

If you had another email appliance, or a postfix server or similar upstream (or downstream delivering upstream) they would be listed as trusted relays.