Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 18911 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEA mail logs for outbound emails

Malantod

Hi!

I've develop migraine in finding solutions for almost a month now..

I noticed that the mails logs (sender column) does not record the outbound mails but the sender's from external like Gmail can be logged.  So basically there are email traffic for both incoming & outgoing mails.. Outbound mails are going directly to the internet instead of routing it to SEA first.

I tried to create smart host just to relay the traffic, outbound mail won't send out so i have to find another way.. So confused, i don't know if i needed to create connectors on the exchange server, what route should be done.

The SEA admin / user guide does not have a clear procedure on how to configure the complex environment for the outbound mail traffic.

reference:

esa.sophos.com/.../ConfigGuide.pdf

 



This thread was automatically locked due to age.
  • 0

    Hi Manuel

     

    The email appliance logs all mail that it processes regardless of direction.  Just by your diagram my initial guess is that the switch is sending outbound mail to exchange.  There is no need for a switch.

     

    Normally your mail should look something like this.

    MX record >> A-record to pub ip >> firewall >> port forward p25 >> email appliance >> exchange

    The appliance would be configured to accept email for domain ABC.com and delivere to exchange

    exchange would have an anonymous receive connector with the ip of the appliance

     

    On the way out

    exchange >> email appliance >> firewall >> internet.

    exchange is configured with an anonymous send connector to the appliance

    the appliance is configured with exchanges ip address listed under internal hosts

     

    something like this may help

    https://technet.microsoft.com/en-us/library/bb232021(v=exchg.141).aspx

    and

    https://technet.microsoft.com/en-us/library/aa998662(v=exchg.150).aspx

     

    in terms of appliance configuration, you just need to define the domains you accept mail for and add a delivery server

    the internal relay list should contain all of the emails that you wish to allow to relay mail outbound.

  • 0 in reply to Red_Warrior

    Hi 

     

    I was able to follow your instruction and it provides a positive result.. I just have a follow up inquiry.

    If i send email internally, it doesn't log traffic.

     

    Thanks!

  • 0 in reply to Malantod

    Hi Manuel,

    That's correct, internal to internal mail never goes through the appliance.   At that point exchange would simply drop it in the recipient's mailbox vs sending it to the send connector for delivery. 

  • 0 in reply to Red_Warrior

    Please see below video: 

    Thanks,

    Md. Arif Uddin (Limon)

    Dhaka/Bangladesh

    www.techtonext.com, https://www.youtube.com/channel/UCmGS-xGtbaWPD6RHc2XttcA

  • 0 in reply to Md. Arif Uddin

    Hi Md. Arfi Uddin

    I had a look at your video, steps 1 -3 seemed to be correct .. but step 4 is incorrect. 

    setting an address as a trusted relay affects the way the appliance does reverse lookups, IPs that are listed as trusted relays are also exempt from spam checking.  So By adding your mail server as a trusted relay, if you ever get an infected host / spam bot .. all mail would be blindly delivered to the internet. 

    Step 4 must be set up as an internal mail host, this tells the appliance what IP's it can accept a message from and relay.  The connector should be anonymous. 

     

    You may wish to refer to http://esa.sophos.com/docs/esa/webhelp/index.html#sea/references/trusted_relays.html

    and also note the differences with upstream and downstream relays. 

     

    Normally, the only time you should ever have a trusted relay is if something upstream is accepting mail and delivering downstream to an appliance.  Port Forwarding for example routes packets, it does not accept a message and then deliver said message, so a router would never be a trusted relay.

    If you had another email appliance, or a postfix server or similar upstream (or downstream delivering upstream) they would be listed as trusted relays. 

Unfiltered HTML