Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 15886 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM email anti spam setup

moekandi

Hello all, 

Could someone please help me please. 

lets assume this is my networks info

ex01 - 192.168.0.15  (external ip  10.10.0.100) 

DNS:

A > mail.test.com > 10.10.0.100

MX mail.test.com

NAT rule on the on the UTM

Any > outside ip (10.10.0.100) smtp > ex01 > smtp 

email works fine on send and receive. (my connectors are using MX record and all networks to be able to to send to my exchange server) 

however when i try to implement email spam i cant get it to work. 

when i go to utm > email protection > smtp and add the domain name "test.com" followed by "ex01" to the host list my emails arent being checked for spam.  

Questions

If i configure the above, do i need to change the mx record to point to the external ip instead of mail.test.com?

What about the connectors, what do i need to change the settings to? 

if there is a guide that  tells me how to configure exchange along with the mail spam on the utm that would be great. 



This thread was automatically locked due to age.
  • 0 in reply to vilic
    Okay,
    DNAT rule disabled - Do i need to create any firewall rules elsewhere?


    So i set my public mx record to ip instead of mail.test.com

    mx record = 10.10.0.100 (assume this 10.10 is public ip)
    my send connector is set to smtp > *.192.168.0.254 (internal interface of virtual firewall)
    my receive connector is set to to the public ip address of the firewall (10.10.0.100/32)

    any other settings i need to check on sophos utm?



    log from smpt proxy

    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: 2015-12-21 17:11:52 1aB400-00017v-0Q ctasd reports 'Unknown' RefID:str=0001.0A0B0204.567832D8.02F1,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: 2015-12-21 17:11:52 1aB400-00017v-0Q Greylisting: Greylisted 65.55.90.165
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [1\28] 2015-12-21 17:11:52 1aB400-00017v-0Q H=snt004-omc3s26.hotmail.com [65.55.90.165]:63065 F=<moe@kandi-care.co.uk> temporarily rejected after DATA: Temporary local problem, please try again!
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [2\28] Envelope-from: <moe@kandi-care.co.uk>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [3\28] Envelope-to: <moe@kandi-cloud.com>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [4\28] P Received: from snt004-omc3s26.hotmail.com ([65.55.90.165]:63065)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [5\28] by kandi-vfw with esmtps (TLSv1.2:AES256-SHA256:256)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [6\28] (Exim 4.82_1-5b7a7c0-XX)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [7\28] (envelope-from <moe@kandi-care.co.uk>)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [8\28] id 1aB400-00017v-0Q
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [9\28] for moe@kandi-cloud.com; Mon, 21 Dec 2015 17:11:52 +0000
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [10\28] P Received: from SNT150-W12 ([65.55.90.136]) by SNT004-OMC3S26.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [11\28] Mon, 21 Dec 2015 09:09:51 -0800
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [12\28] X-CTCH-RefID: str=0001.0A0B0204.567832D8.02F1,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [13\28] X-TMN: [xcO1BFSlVy2nCZUPM0auq8LMBkLShJwp]
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [14\28] X-Originating-Email: [moe@kandi-care.co.uk]
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [15\28] I Message-ID: <SNT150-W126482BFEEA3BB0D732DA1DEE40@phx.gbl>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [16\28] * Return-Path: moe@kandi-care.co.uk
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [17\28] Content-Type: multipart/alternative;
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [18\28] boundary="_b233975d-7aa2-4ed9-8172-fc26f00c3335_"
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [19\28] F From: moe kandi <moe@kandi-care.co.uk>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [20\28] T To: Moe <moe@kandi-cloud.com>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [21\28] Subject: RE: test1637
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [22\28] Date: Mon, 21 Dec 2015 17:09:50 +0000
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [23\28] Importance: Normal
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [24\28] In-Reply-To: <8E1CEEF4A0E3D4409E8669170EC5A605BACCFB@EX01.Kandi-Care.local>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [25\28] References:
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [26\28] <SNT150-W254C4264A93DE2FAD9164ADEE40@phx.gbl>,<8E1CEEF4A0E3D4409E8669170EC5A605BACCFB@EX01.Kandi-Care.local>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [27\28] MIME-Version: 1.0
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [28/28] X-OriginalArrivalTime: 21 Dec 2015 17:09:51.0428 (UTC) FILETIME=[6784A840:01D13C12]
    2015:12:21-17:11:53 kandi-vfw exim-in[4335]: 2015-12-21 17:11:53 SMTP connection from snt004-omc3s26.hotmail.com [65.55.90.165]:63065 closed by QUIT
  • 0 in reply to moekandi
    Disable that DNAT rule, and don't use MX record on connectors because it can be confusing when troubleshooting, whether it is resolved to public or private IP.

    Ensure that:
    - Public DNS MX record points to external public IP address of UTM WAN interface.
    - Exchange Send Connector points to internal IP address of UTM LAN interface.
  • 0 in reply to vilic
    so keep mx record the same. and connectors?
  • 0
    Disable DNAT rule, you don't need it when using Email Protection module. Check SMTP proxy log to be sure that mail is flowing through it.
Unfiltered HTML