Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 6292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stop SMTP proxy from changing sender name

MatthewArciniega1

We have an internal Exchange 2010 server. The bulk of our mail is currently delivered through Barracuda's Email Security Service (configured in UTM as an upstream host), but we also have several external servers that must relay directly through our Exchange server (configured as allowed relay hosts, along with the Exchange server itself). I have the SMTP proxy configured for transparent interception. Everything is working perfectly in terms of mail delivery. But there is one major annoyance.

On one of the aforementioned external servers, we have a helpdesk system. When not using the proxy, it will deliver new ticket notifications to our internal staff as "Joe Client <support@ourdomain.com>", so that we can easily see from whom the ticket is coming. However, when using the proxy, the client's name gets replaced with the real email user's name as registered in our Active Directory, for example: "Acme Support <support@ourdomain.com>".

Is it possible to stop this display name change from happening? I thought that perhaps it was related to recipient verification, so I made an Exception that would exclude that check for the server in question. There was no change.



This thread was automatically locked due to age.
  • 0

    I usually recommend avoiding Transparent with the SMTP Proxy.  If that's not possible, make a DNAT for SMTP traffic coming from that external server - that will capture the traffic before the Proxy can see it (see #2 in Rulz).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob. Indeed, creating an exception to the transparent proxy and a DNAT rule is the workaround I've ended up with. This is not very satisfying to me, though, as there are multiple mail-sending services on that remote server, and only one of them is having this annoyance. Yet the exception must be made for the entire server.

    Are you quite sure that the DNAT intercepts traffic *before* the transparent proxy? Because in my testing it does not appear to work this way. Before moving to the SMTP proxy, I had a DNAT rule in place to handle incoming Exchange mail delivery. But once I turned on the transparent proxy (and without disabling the DNAT rule), the SMTP proxy log was abuzz with activity.

    I have seen you several times in the forums here recommend avoiding using transparent SMTP proxying, but I'm not clear on your reasons for this. In our case it appears to work just fine. Furthermore, if there are any problems there I can simply switch it off and let the DNAT rule take over. I'd like to know if I'm missing something here...

    -----------------------
    SG210/UTM 9.407-3

  • 0 in reply to MatthewArciniega1

    I've never tested the Transparent mode against a DNAT, but I'm absolutely certain that a functional DNAT would trump it.  If your DNAT doesn't capture the traffic, it may be because of #4 in Rulz.

    In my experience, there's no reason to use "Transparent" except to prove that a server is indeed attempting to relay through the SMTP Proxy.  If things only work when in that  mode, it indicates that the server wasn't listed correctly in 'Allowed Hosts/Networks' for 'Host-based Relay' on the 'Relaying' tab.

    As it is, I worry that you could have an open SMTP relay.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob,

    It turns out I had "transparent" enabled when it did not have to be, as I already had my servers listed correctly on the Relaying tab. Chalk that up to inexperience. I was also breaking Rulz #4: I had a host object defined for the public IP of my Exchange server, and I was using this in my DNAT rules instead of the interface IP object created by the UTM. I went and cleaned that up.

    Once I disabled the "transparent" option, the DNAT rules did indeed trump the proxy. But I'm going to stand by what I said earlier: transparent trumps DNAT. To test, I kept my DNAT rule enabled (the one I created to exempt the one server from the proxy), and re-enabled transparent mode on the proxy. Sure enough, that traffic started going through the proxy and I experienced the same display name change that started this thread. Try it yourself. And it doesn't matter whether I use my own host object or the system-generated address object in the DNAT rules

    -----------------------
    SG210/UTM 9.407-3

  • 0 in reply to MatthewArciniega1

    Thanks, Matthew, for testing that and letting us know about it.  I'll modify #2 in Rulz to reflect this.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML