We are running an Exchange 2013 behind a UTM with Mail Protection (SMTP Proxy). The Exchange server is using the UTM as smart host for sending outgoing email as well. Most of the users are using Outlook from the outside (protected by WAF). On the Exchange server are some rules configures e.g. to add a company signature to every outgoing email.
Everything is working fine so far.
But we have some users connecting by IMAP (993) / SMTP (587) - e.g. with Thunderbird. If these users are sending emails to an external recipient, the email will relayed to the final mail server by the UTM immediately - without traveling trough the Exchange Server. But this will skip the rules processing!
My idea was to DNAT the SMTP submission traffic on port 587 directly to the Exchange server and leave the "normal" SMTP MTA traffic to be handled by the Mail Protection proxy.
But this does not work unfortunately. If I enable the DNAT rule no SMTP submission from the outside is possible.
Any idea?
This thread was automatically locked due to age.
