This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Setup?

hello,

i have a question how to setup the mail security?
we have a exchange internal.
do i need to change anythink on the exchange?
is the a how to anywhere?
is search in the astaro kb but found nothing.

thanks
D.


This thread was automatically locked due to age.
Parents
  • Basic Exchange setup with SMTP Proxy

    The smart host setting in the SMTP Connector in Exchange Manager must point to the "Internal (Address)" of the Astaro. If you already had a different setting in Exchange, pointing at an external smart host that you must use, you must transfer that to the Astaro's 'Smarthost settings' at the bottom of the 'Advanced' tab.

    Other than that, here's the basic Exchange installation by tab:

    • - 'Global': "Simple mode"
    • - 'Routing': Add yourdomain.com to 'Domains', choose 'Route by' "Static host list" and add the host definition for your Exchange server. 'Verify recipients' "with callout."
    • - 'AntiVirus': should be OK as delivered
    • - 'AntiSpam': 'Reject at SMTP Time' "Confirmed Spam." Check 'Use recommended RBLs'. For your 'Spam filter' selections, click on the ? at the top of the page to read the help and decide for yourself. All of the 'Advanced anti-spam features' should be selected. I usually deselect 'Greylisting', but others here like it.
    • - 'Exceptions': should be OK as delivered
    • - 'Relaying': If your Exchange server also receives mail via an upstream host, you'll need to add the upstream host to the list at the top. Add the host definition for Exchange to 'Host-based relay'; don't include your internal network. Do leave 'Authenticated relay' empty. At the bottom, select to have outgoing mail scanned.
    • - 'Advanced': Don't select 'Use transparent mode'! In 'Advanced settings', modify if needed the 'SMTP hostname' and/or 'Postmaster address'


    Don't forget to disable any DNAT that was forwarding inbound SMTP to Exchange or to a different anti-spam device as that takes precedence over the SMTP Proxy. If you want outbound mail to leave with the IP of an Additional Address named "Mail," you will need to 'SNAT : Any -> SMTP -> Internet : from External [Mail] (Address)'.

    Et voilà!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Should we also disable DNAT that was forwarding inbound IMAP to the local Exchange server?

  • The UTM's Email Protection does not (yet!) include an IMAP proxy, so your DNAT for that remains necessary.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • The UTM's Email Protection does not (yet!) include an IMAP proxy, so your DNAT for that remains necessary.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data