Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 2849 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP from External Device

redhorse2017

Hello,

in our installation, the UTM is configured as Host-based relay for our Exchange Server, which is the only allowed host for relaying. Now it's required to allow an dedicated external system to send mails from our smtp-domain, so I want to allow the external system to use the UTM to send mails.

I have to add the IP-address of the external system to allow relaying, are there any other options to make this more secure? I want to allow the external system to use the mail server with one dedicated sender address, is it possible to limit it?


Kind regards & thanks in advance



This thread was automatically locked due to age.
Parents
  • 0

    Why the external device doesn't use the exchange server behind UTM?

     

    If you dont want to use the Exchange Server, this option can be done if SMTP is configured in "Transparent Mode".
    Than the external device can use UTM as smarthost or send connector, with "Authenticated Users" option

  • 0 in reply to Ol Deda

    Unknown said:
    Why the external device doesn't use the exchange server behind UTM?

    Today the external device has no vpn connection to our UTM, so the Exchange Server is not reachable.

    Unknown said:
    If you dont want to use the Exchange Server, this option can be done if SMTP is configured in "Transparent Mode".
    Than the external device can use UTM as smarthost or send connector, with "Authenticated Users" option

    I understand that transparent mode is to force smtp connections to use the smtp proxy?

    Basically my question can be reduced to this:

    Is it secure to allow a single external IP address to use the UTM as a relay although the device and the UTM are connected via internet and unencrypted.

Reply
  • 0 in reply to Ol Deda

    Unknown said:
    Why the external device doesn't use the exchange server behind UTM?

    Today the external device has no vpn connection to our UTM, so the Exchange Server is not reachable.

    Unknown said:
    If you dont want to use the Exchange Server, this option can be done if SMTP is configured in "Transparent Mode".
    Than the external device can use UTM as smarthost or send connector, with "Authenticated Users" option

    I understand that transparent mode is to force smtp connections to use the smtp proxy?

    Basically my question can be reduced to this:

    Is it secure to allow a single external IP address to use the UTM as a relay although the device and the UTM are connected via internet and unencrypted.

Children
  • 0 in reply to redhorse2017

    I think it cannot be done without Transparent Mode.

  • 0 in reply to redhorse2017

    You can use DNAT rule for the external device to reach the Exchange Server

    Why do you need VPN for this?

  • 0 in reply to redhorse2017

    Your plan should work, assuming that the remote device connects using TLS.  

    I struggled with your idea because many devices can connect to your UTM using port 25, so how do you distinguish this device from the others?   But the difference is that you are going to tell UTM that this one IP address is a trusted relay, which is what will distinguish it from the other systems on the internet.

    You probably need to think about return path.   Will these messages get replies?   How will you handle undeliverable messages?

    You may want to estimate the volume of mail, to see if it creates any bandwidth concerns.   Every message will hit your ISP connection twice, once on the way in and once on the way out.  Assuming that the volume is not a concern, you should be fine.

Unfiltered HTML