Mail protection internal mailserver on different port

Question

our mailserver listens on port 2525 (Exchange, recipient check works on different connector), i fiddled around with a DNAT rule, but it did not work. 
 On standard frontend connector with port 25 the recipient filter does not work as expected (flaw by design). 
 We want to do recipient validation should with server request from mail protection, not by ldap query (two issues with that: no ldaps + contacts are not resolved). 
 How we can do this?

BAlfson · Answer

That's close, but you need something like: 
 DNAT : Internet IPv4 -> SMTP -> External (Address) :to Exchange with SMTP-Empfang Exchange 
 2022-03-21 CORRECTION to not bypass the SMTP Proxy: 'DNAT : Internal (Address) -> SMTP -> Exchange : to SMTP-Empfang Exchange' which is what you had originally. Apparently, recipient validation does not use port 25! 
 If Exchange also sends outbound mail on 2525, you will also want a rule like: 
 SNAT : Exchange -> {port 2525} -> Internet IPv4 : from SMTP 
 However, if you want outbound mail to be processed by the SMTP Proxy, Exchange must use the UTM as a smart host and you will instead need something like: 
 DNAT : Exchange -> {port 2525} -> Internal (Address) : to SMTP 
 Gl&uuml;ck gehabt ? 
 Cheers - Bob