amcorjon
asked on
watchguard allows Exchange's outbound smtp, but not 3rd party outbound smtp
We run w2k3SBS with exchange, and we have a firebox x500. We have an SMTP proxy because we use NAT to take incoming mail to our external IP and fwd them to our internal server IP. Outgoing smtp is from our internal server IP to Any.
Our outside sales guy lives by his usa.net email and so we just fwd his company email to his usa.net account (smtp.postoffice.net). When he is in the building he can surf around and do most things, but he can not send email via port 25.
He can log in and use webmail to send, but he can not send via Outlook.
My guess is this: because the smtp proxy wants to see SMTP traffic coming from the server's IP, and because Mr. Salesman's laptop has a different IP, the firewall blocks it. I have tried adding a host IP, host name, network IP, etc. The firebox sees his computer, but still, he can not send smtp traffic out.
Last week we had a DNS issue where we ended up deleting the DNS proxy and recreated a DNS Filter instead. It seems this would be the thing to do here for the SMTP issue, however we use NAT, and I couldn't see that the SMTP Filter would allow me to recreate a similar NAT. Any thoughts?
Thanks!
Our outside sales guy lives by his usa.net email and so we just fwd his company email to his usa.net account (smtp.postoffice.net). When he is in the building he can surf around and do most things, but he can not send email via port 25.
He can log in and use webmail to send, but he can not send via Outlook.
My guess is this: because the smtp proxy wants to see SMTP traffic coming from the server's IP, and because Mr. Salesman's laptop has a different IP, the firewall blocks it. I have tried adding a host IP, host name, network IP, etc. The firebox sees his computer, but still, he can not send smtp traffic out.
Last week we had a DNS issue where we ended up deleting the DNS proxy and recreated a DNS Filter instead. It seems this would be the thing to do here for the SMTP issue, however we use NAT, and I couldn't see that the SMTP Filter would allow me to recreate a similar NAT. Any thoughts?
Thanks!
Have you tried to add a packet filter rule on port 25 with Mr. Salesman IP address?
ASKER
Where exactly would I do that? Within the SMTP Proxy, or the SMTP Filter, or on another proxy? (please excuse the newbie for ignorance, my learning curve these past few months is hectic, but great, none-the-less)
Hold on a sec here.... You are saying that when he is in the US his email works fine.. He plugs his laptop on your lan and cant use a specific SMTP server from his USA ISP to send email out?
-Unless I misunderstood, it sounds to me like your ISP does not allow any SMTP traffic that is not directed towards their relay servers, or the US guys ISP does not allow use of the server if your address is not part of their network.
-Unless I misunderstood, it sounds to me like your ISP does not allow any SMTP traffic that is not directed towards their relay servers, or the US guys ISP does not allow use of the server if your address is not part of their network.
ASKER
Let me try to clarify. When Mr. Salesman comes to the office, he connects via WiFi. He does not authenticate to our domain. He just grabs an IP to establish a connection. If he uses a browser he can log into his web-based email account to send/receive. If he uses Outlook, he can only receive, and not send. Here is one log file entry, maybe this will help:
11/14/04 09:35 firewalld[118]: deny out eth1 48 tcp 20 128 192.168.1.167 165.212.11.125 1269 25 syn (SMTP)
Any thoughts?
Thanks!!
11/14/04 09:35 firewalld[118]: deny out eth1 48 tcp 20 128 192.168.1.167 165.212.11.125 1269 25 syn (SMTP)
Any thoughts?
Thanks!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok i'll try that as soon as he visits the office again. thanks housenet. i'll follow up with the results.
ASKER
Found the problem in the SMTP proxy. Strangely enough it had to do with the INCOMING smtp proxy - ESMTP "Allow Auth" needed to be checked. The firewall was stripping the authentication info and the server wouldn't recognize him.
I checked the option, saved/flashed the firebox. Had the user resend, and success!
This was not very intuitive because the traffic in question is outbound SMTP, whereas the checkbox that affected this was in the incoming properties of the SMTP proxy. Strange.
thanks.
I checked the option, saved/flashed the firebox. Had the user resend, and success!
This was not very intuitive because the traffic in question is outbound SMTP, whereas the checkbox that affected this was in the incoming properties of the SMTP proxy. Strange.
thanks.
