Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 6445 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM als Smart-Host Verwenden

Fernando Lino

Guten Morgen,

 

ich darf eine Cisco C170 Email Security Appliance durch eine Sophos SG330 ablösen. 

Eingehende Mails können auf Spam und Vieren geprüft werden und werden auch sauber im Log angezeigt. Mein Problem sind die Ausgehenden Mails.

 

Kurz zum Hintergrund 

Die SG liegt an zwei Netzen. Intern an der 172.16.0.x\16 und WAN (eigentlich die DMZ des Kunden) 192.168.0.x\24. Das hab ich von der Cisco C170 übernommen. 

Bis jetzt hat der Exchange, der im 172.16 Netz steht als Sendeconnector die IP der Cisco C170 in der DMZ angegeben. Also im Sendeconnector steht eine 192.168.0.x.

Aus meiner Sicht ist das aber das WAN interface der SG. Müsste das nicht eigentlich das Interface der SG im internen Netz sein?

Die Cisco C170 hat die Mails entgegengenommen und an sein Gateway versendet. Direkt an die 192.168.0.254. 

In der SG habe ich die 192.168.0.254 als Gateway angegeben. Das allein hat aber noch nicht funktioniert also habe ich in der E-Mail Protection - Advanced - ganz unten die 192.168.0.254 als Smarthost ohne Authentifizierung angegeben.

Das funktioniert auch nicht. Ich bekomme keine Mail versendet. Die werden von der Sophos abgelehnt 

Die kommen direkt zurück mit "550 relay not permitted". 

 

Was müsste eigentlich im Sendeconnector eingetragen werden wenn ich die SG als Smarthost verwenden möchte? 

Und welchen Smarthost muss ich in der SG angeben? Ist das echt das Gateway oder müsste das an eine Adresse der Telekom gehen?

 

Vielen Dank für die Unterstützung.

 

Mit freundlichen Grüßen

Fernando

 

 



This thread was automatically locked due to age.
Parents
  • +1

    UTM

    Incoming Mail

    • Configure a SMTP Profile for the domains that you accept.      Part of that configuration is the host for UTM to use to deliver mail to your Exchange server.   This can be your any Receive Connector or equivalent.

    Outgoing Mail

    • UTM will automatically accept outgoing mail from the machine configured on your SMTP Profile.
    • If you have multiple Send Connectors sending traffic to UTM, the additional host need to be configured in the "Host Based Relay" list on the Relaying tab.   This list tells UTM that these machines are not untrusted internet servers but instead are part of your trusted mail configuration.    This is probably the step that you missed.
    • Based on your description of the network, you do not need to use the UTM Smart Host setting.   This would be used if UTM had to route traffic to another mail filter before reaching the Interent.

     In Exchange

    • Ensure that your Send Connectors are configured to forward mail to UTM (use UTM as a Smart Host) if you want UTM to do filtering of outbound mail.  This would be recommended.
    • Ensure that your Receive Connectors are configured to accept mail from UTM

    In DNS

    • Ensure that your MX record points to the UTM internet address.

    UTM is mostly directionless, so interfaces have nothing to do with the mail configuration.   When you enable the SMTP proxy, it enables port 25 on all interfaces.   If this is a problem, you need to use DNAT rules to send unwanted traffic to a dead end.   This is explained further in the Wiki section of this forum.

Reply
  • +1

    UTM

    Incoming Mail

    • Configure a SMTP Profile for the domains that you accept.      Part of that configuration is the host for UTM to use to deliver mail to your Exchange server.   This can be your any Receive Connector or equivalent.

    Outgoing Mail

    • UTM will automatically accept outgoing mail from the machine configured on your SMTP Profile.
    • If you have multiple Send Connectors sending traffic to UTM, the additional host need to be configured in the "Host Based Relay" list on the Relaying tab.   This list tells UTM that these machines are not untrusted internet servers but instead are part of your trusted mail configuration.    This is probably the step that you missed.
    • Based on your description of the network, you do not need to use the UTM Smart Host setting.   This would be used if UTM had to route traffic to another mail filter before reaching the Interent.

     In Exchange

    • Ensure that your Send Connectors are configured to forward mail to UTM (use UTM as a Smart Host) if you want UTM to do filtering of outbound mail.  This would be recommended.
    • Ensure that your Receive Connectors are configured to accept mail from UTM

    In DNS

    • Ensure that your MX record points to the UTM internet address.

    UTM is mostly directionless, so interfaces have nothing to do with the mail configuration.   When you enable the SMTP proxy, it enables port 25 on all interfaces.   If this is a problem, you need to use DNAT rules to send unwanted traffic to a dead end.   This is explained further in the Wiki section of this forum.

Children
No Data
Unfiltered HTML