Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 9495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Integrating Sophos vSEA with Exchange 2013

Ismail Shareef Mohammed

Hello Everyone,

 

I am planning to deploy SEA for our Mail Security and currently have Exchange 2013 (1x MB/CAS Server and 1x Edge Server). Incoming SMTP is NATed to Edge Server (In/Out) and the Send Connector has Edge as the outgoing mail server.

 

It looks simple from the documentation but I am really unable to figure out how actually the things should be in place. I am thinking of below;

- NAT SMTP to SEA (In/Out)

- Disable the current Send Connector and Create a new one and add SEA as Smart Host and chose the MB/CAS server as i don't see the role of Edge server anymore

- Integrated SEA with AD using LDAP

- In SEA Configure MB/CAS server under Mail Delivery Serves & Internal Mail Hosts

 

Is there anything i am missing ?



This thread was automatically locked due to age.
  • +2

    Ismail,

    some tips:

    1. Make sure to deploy SEA on your DMZ zone so they can be reached by External SMTP directly
    2. Create proper public MX records which point to SEA IP address (public IP)
    3. Install the first SEA and join it to AD
    4. Create proper rules on SEA like:
    5. Mail Delivery Servers: here specify the IP addresses to which SEA will send email from internet to internal domains. If you have an Exchange NLB, specify virtual IP
    6. Mail Domains: specify the mail domains your organization manage (publically)
    7. Internal Mail hosts: specify here the authorized mail server whom can send email to SEA. Here specify physical Exchange SMTP IP and not Virtual NLB address
    8. Use the Sophos KB for best SEA spam catching techniques: https://community.sophos.com/kb/en-us/120802
    9. Create the SEA cluster by joining the second SEA to the first one already configured
    10. Create a new SMTP connector on Exchange that sends email to SEA
    11. Create a SMTP relay connector on Exchange to receive email only from SEA IPs

    Regards

  • 0 in reply to lferrara

    Thanks for your help, it worked well.

    We also had to disable Exchange Sender ID as many of the mails were bouncing if other people were sending us the mails.

    Powershell : Set-SenderIDConfig -ExternalMailEnabled $false

     
  • 0 in reply to lferrara


    Hi Luciano

    I'm working with 2 exchange server 2013 same LAN, both are working, one of them has 300 mailbox (users) and second 250 mailbox (users)
    both are In/Out mails, these servers are working all time,  special hard work at end of every single month.

    we need send email encrypted with special words ... for me it is clare ... with policies no problem and TLS actived 
    but we need send all mails to different gateway ... is an Ironport in other city.

    first problem
    exchange Server connector,  how must be config ??? as a Partner third-party server ??

    ESA config

    ESA Device must be config only to Outbound Mails ...

    ESA Device Must be in DMZ??? 
    Mail Domain is clare ... mycompanyname.com

    problems are :

    Mail delivery servers these are both 2 exchange servers ???
    what are internal Mail host??? same exchange servers ???
    what are trusted relays ??? Ironport???

     

    Thanks in advanced 

    any help is highly appreciate 

  • 0 in reply to lferrara


    Hi Luciano

    I'm working with 2 exchange server 2013 same LAN, both are working, one of them has 300 mailbox (users) and second 250 mailbox (users)
    both are In/Out mails, these servers are working all time,  special hard work at end of every single month.

    we need send email encrypted with special words ... for me it is clare ... with policies no problem and TLS actived 
    but we need send all mails to different gateway ... is an Ironport in other city.

    first problem
    exchange connector how must be config ??? as a Partner third-party server ??

    ESA config
    Mail Domain is clare ... mycompanyname.com

    problems are :

    Mail delivery servers these are both 2 exchange servers ???
    what are internal Mail host??? same exchange servers ???
    what are trusted relays ??? Ironport???

     

    Thanks in advanced 

    any help is highly appreciate 

Unfiltered HTML