This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No incoming mail to exchange

Simple Situation:
Internet>>utm425>>lan(exchange2010)

With a dnat rule email is delivered but not scanned(protected).
Without dnat rule incoming email is NOT delivered.
Smtp log: rejected rcpt verification (adress inknown)
Outbound mail functions normal but isn't logged in smtp log!
Tried everything , also add utm to relay list on transport hub exchange!

Does anyone have a config to get it work so incoming mail and mail protection works.

Routing: domain added
Hostlist: exchange added
Recipient verification: tried all options

This thread was automatically locked due to age.

0 BAlfson over 10 years ago

Hi, Wink, and welcome to the User BB!

Try working through Exchange with SMTP Proxy. Any luck?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 vilic over 10 years ago

Hi,

On the Routing tab you should define all your internal domains, same as in Exchange Accepted Domains definitions. Don't use Active Directory verification.

Regarding not logging outbound e-mail, check your Exchange Send connector, it should point to your UTM as a Smart Host. If not, then probably outbound mail is not going through your UTM (and therefore not logged).
Cancel
Vote Up 0 Vote Down

Cancel
0 stealthmatt_01 over 10 years ago in reply to vilic

If you want the UTM to do the SMTP filtering, then you do not need a dnat rule.

Bascailly, set your domains in the proxy filter, set the server its going to and thats all you need to do.

However, on exchange you need to set the receive connector to allow the IP address of UTM to send to exchange.

Also you may have another firewall outside of your UTM, make sure this is not interfering and that all ports go to your UTM.
Cancel
Vote Up 0 Vote Down

Cancel
0 iadh over 10 years ago

Basic Exchange setup with SMTP Proxy
The smart host setting in the SMTP Connector in Exchange Manager must point to the "Internal (Address)" of the Astaro. If you already had a different setting in Exchange, pointing at an external smart host that you must use, you must transfer that to the Astaro's 'Smarthost settings' at the bottom of the 'Advanced' tab.

Other than that, here's the basic Exchange installation by tab:
- 'Global': "Simple mode"
- 'Routing': Add yourdomain.com to 'Domains', choose 'Route by' "Static host list" and add the host definition for your Exchange server. 'Verify recipients' "with callout."
- 'AntiVirus': should be OK as delivered
- 'AntiSpam': 'Reject at SMTP Time' "Confirmed Spam." Check 'Use recommended RBLs' and 'Block dialup/residential hosts'. For your 'Spam filter' selections, click on the ? at the top of the page to read the help and decide for yourself. All of the 'Advanced anti-spam features' should be selected. I usually deselect 'Greylisting', but others here like it.
- 'Exceptions': should be OK as delivered
- 'Relaying': If your Exchange server also receives mail via an upstream host, you'll need to add the upstream host to the list at the top. Add the host definition for Exchange to 'Host-based relay'; don't include your internal network. Do leave 'Authenticated relay' empty. At the bottom, select to have outgoing mail scanned.
- 'Advanced': Don't select 'Use transparent mode'! In 'Advanced settings', modify if needed the 'SMTP hostname' and/or 'Postmaster address'
Don't forget to disable any DNAT that was forwarding inbound SMTP to Exchange or to a different anti-spam device as that takes precedence over the SMTP Proxy. If you want outbound mail to leave with the IP of an Additional Address named "Mail," you will need to 'SNAT : External (Address) -> SMTP -> Any : from External [Mail] (Address)'.

hxxps://www.astaro.org/gateway-products/mail-protection-smtp-pop3-antispam-antivirus/34156-how-setup.html
Cancel
Vote Up 0 Vote Down

Cancel