Set Up UTM for SMTP Relay for Mail Server Behind Gateway

Question

Hi, 
 I currently have an IP address set ("internet [mail services]" via additional addresses) on my UTM that's pointed to by an mx record at my ISP. Using SMTP/Routing I have my internal mail server set in the Host List and this has worked fine for incoming emails: they are delivered to the server after being scanned by the UTM. My mail server (Kerio Connect) is currently set to send using the MX records, so it seems this means outgoing emails are not scanned by the UTM. Normally, the "Received: from..." mail headers on the receiving end of emails sent by my mail server show the domain of my mail server (mail.mydomain.com), I assume because I'm using the mxrecord to do the sending. 
 I would like to start using Data Protection, so I need to (I think) set my UTM as an SMTP relay for my mail server. 
 For testing I set a rule on my mail server to only use the relay when sending to my own outside (gmail) address. 
 When I set the relay to the internal IP address of the UTM, the mail forwards to gmail. The "Received: from..." in the recipient's source (or "Original" on gmail) shows the internal IP address of my UTM. 
 When I set the relay to the same domain name as my mx record (mail.mydomain.com which points to "internet [mail services]"), it shows the mail coming from the outward facing main Internet address of the utm (not the addresss pointed to by the mx record, but the internet address of the gateway). 
 My question(s) are: 
 Right now email traffic shows one IP address (the one corresponding to mail.mydomain.com) but it seems using the UTM as a relay would show another. Will this get us flagged or blocked because of spf or anything? 
 Is there a way to tell the UTM to make smtp traffic from the mail server to go out to the internet FROM the mail service address on the UTM? SNAT is already set to translate any source smtp traffic to come from the "internet [mail services]", ssd I'm not sure why it's not coming from that address. 
 If I specify the outward facing address (mail.domain.com) on my mail server, then is the traffic going from my mail server out to the internet, back to my gateway (from the outside) then back to my mail server to eventually get sent? Am I risking some sort of dns-loop nightmare? 
 Thanks so much, 
 Jeff

DouglasFoster · Answer

Current config: mail comes in on address A to UTM. mail goes out on address B from mail server. 
 Revised config: 
 
 mail comes in and out on address A from UTM. 
 If address B was reserved to mail server, it is no longer necessary. Outbound traffic (e.g. web browsing or Windows updates) can use the masquerading address shared with everyone else. 
 
 All you need to do is ensure that address A is in your SPF record, either explicitly, or with a +mx clause. This should be an easy transition.