Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 8183 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent Proxy+Country Code blocking and allowing all inbound smtp

MarkBolokofsky

Hello UTMers!

 

Quick question for the geniuses here (I'm talking to you balfson!): What is the proper design of a country code exception that allows SMTP inbound and outbound from all countries? I have seen a bunch of posts on these forums...some say the internal address needs to be added, others say the wan address also needs to be added (I assume it would be the IP that the MX record responds on) but I cannot get either to work. I do have the transparent proxy enabled as well as country code blocking enabled for almost all countries (disable access both ways).

 

My current rule looks like this:

Skip blocking of these regions : ALL COUNTRIES SELECTED

For all requests COMING FROM THESE

Hosts/Networks- Internal network address + External IP that MX record responds on (External WAN address).

Using SMTP.

 

What am I doing wrong here?



This thread was automatically locked due to age.
Parents
  • 0

    They are not a bunch of posts, but different configurations.

    Now supposing that you are receiving an email from North Korea IP. How come the request is coming from your MX (wan address)???

    Next time you will be able to resolve this things

Reply
  • 0

    They are not a bunch of posts, but different configurations.

    Now supposing that you are receiving an email from North Korea IP. How come the request is coming from your MX (wan address)???

    Next time you will be able to resolve this things

Children
  • 0 in reply to Ol Deda

    Hey Oldeda,

     

    I was not trying to imply anything other than I was having a hard time understanding exactly how the rules are supposed to function...with countries selected, without, with internal addresses, without, with the http proxy cache added, without...I just had a hard time understanding what applied to what situation.

     

    I tried your rules, and they do seem to be mostly functioning, so thank you for your help!

     

    I do have one that wouldn't go out until I disabled the country code blocking, seemed kind of strange. Sort of looked like it was on their side but I am not sure...The error was: 

    2018-06-02 14:38:16 xxxx@open-e.com R=dnslookup T=remote_smtp defer (-45): SMTP error from remote mail server after MAIL FROM:<prvs=06916bf604=mark@xxxx.com> SIZE=3831: host mx01.kundenserver.de [217.72.192.67]: 451 Requested action aborted: local error in processing

  • 0 in reply to MarkBolokofsky

    This Error has to do with your UTM. Maybe restarting the SMTP Service will solve this error. With Country blocking you will not see the log at all

    For the Exception: Only check the desired country if you want to skip only one Country, But your case is inbound/oubound all for smtp if Im Correct

     

    Incoming Example: (In this way you have to add another rule for Outbound)
    Skip Albania
    For All request going to Any (since you use Transparent SMTP mode) Or WAN Address
    Using SMTP

  • 0 in reply to Ol Deda

    Yep, I totally get it. I will reset the UTM in a bit as nobody is there anyway.

    Thanks for all your help, have a nice weekend!

     

    --Mark

  • 0 in reply to MarkBolokofsky

    Dont be confused next time with names. if your MX Record is the External IP, than it is your Wan Address! And it is used only "from incoming country going to wan address"

    Have a nice weekend

Unfiltered HTML