Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 6520 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pointing Postini Inbound Traffic to Sophos???

edanner

Hiya,

I am new to this board & I was wondering if anyone could assist me with a slight configuration issue I'm having. I want to use/point my inbound postini traffic/emails above my Sophos ES100 appliance, but I don't know how to corrrectly configure them so that they both run correctly. Is anyone else using this type of setup or could give me some advice?

Thanks

:38355


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I have a similar configuration – the Sophos email appliance runs on the DMZ between our Mimecast external services and the Exchange servers.

    I set it up as follows:

    -          During the wizard, put in our internal domains and the Exchange servers.

    -          Set antispam to pass-through (I want spam checking/quarrentine work done at Mimecast).

    -          Set up relay hosts as my Exchange servers plus app servers that relay through the machine.

    -          Set up trusted relays in the configuration screen, enter in the Mimecast datacentre IP ranges.  This is different than the relaying screen.

    -          Mimecast need you to send out through two relay machines to provide redundancy, I got this working by creating outbound.mydomain.com with 2 MX records with the same priority for the Mimecast service machines.  Go into the configuration, outbound mail proxy, enter outbound.domain.com and choose the type as MX.

    -          Optionally Setup certificates so you get TLS between you and Mimecast.

    -          Optionally set up AD synchronisation, though in our case we won’’’’t have invalid recipients since Mimecast do this at their gateway level as well.

    In terms of the firewall, the only inbound/outbound traffic from the appliance going externally is to the Mimecast service machines.  MX records are set at Mimecast, all spam checking is done there, then it forwards onto the SEA then onto the Exchange.  We have the SEA doing secondary AV scanning as well.

    Hope this helps.

    Andrew.

    :38443
Reply
  • 0

    Hi,

    I have a similar configuration – the Sophos email appliance runs on the DMZ between our Mimecast external services and the Exchange servers.

    I set it up as follows:

    -          During the wizard, put in our internal domains and the Exchange servers.

    -          Set antispam to pass-through (I want spam checking/quarrentine work done at Mimecast).

    -          Set up relay hosts as my Exchange servers plus app servers that relay through the machine.

    -          Set up trusted relays in the configuration screen, enter in the Mimecast datacentre IP ranges.  This is different than the relaying screen.

    -          Mimecast need you to send out through two relay machines to provide redundancy, I got this working by creating outbound.mydomain.com with 2 MX records with the same priority for the Mimecast service machines.  Go into the configuration, outbound mail proxy, enter outbound.domain.com and choose the type as MX.

    -          Optionally Setup certificates so you get TLS between you and Mimecast.

    -          Optionally set up AD synchronisation, though in our case we won’’’’t have invalid recipients since Mimecast do this at their gateway level as well.

    In terms of the firewall, the only inbound/outbound traffic from the appliance going externally is to the Mimecast service machines.  MX records are set at Mimecast, all spam checking is done there, then it forwards onto the SEA then onto the Exchange.  We have the SEA doing secondary AV scanning as well.

    Hope this helps.

    Andrew.

    :38443
Children
No Data
Unfiltered HTML