We help IT Professionals succeed at work.

Sending Emails by IP and through a firewall

For security reasons weve got a firewall (i.e. Sonic wall pro) sitting in front of two servers sending emails, and Im curious on how best to set this up. The key requirement I have is that each email sent must take on the identity of the ip address assocaited to the server that sent it in order to ensure that if one ip get blacklisted as spam then the other continues going? Now I maybe over analyzing this but I unsure on the best way to do this i.e.  
1.      Do you foresee any complications if I host the public ips on the firewall router and use NAT to relate the local ip addresses accordingly i.e. will emails take the identity of the local ip? Or will it take the identity of the outbound ip nat routed to in the firewall
2.      Or will I need to have the public IPs on the box itself? In order to ensure that emails are sent and identified as being sent from a particular email .

As you can imagine both scenarios are valid however example 1) will be the more secure by hiding the internal ips but Im unsure how emails are assocaited to ips when sent so i'm not sure on the best way to go about this?

So with this in mind I would really appreciate your opinions along with any tips / tricks you could offer?

I hope this makes sense but if not please let me know and Ill try to elaborate more.

Thanks in advance
Watch Question

You should be able to do a one to one static NAT. So map your inside (private) address to an outside (public) Address. You will need to then open a hole through your firewall to permit port 25 (SMTP) traffic to your outside NAT'ed IP's
Assuming you are using a Sonicwall PRO 2040 or better with enhanced OS, and you have your servers connected to X0 and WAN on X1:

1.  You need to configure your X1 with 1 of your statics.
2.  Create a LAN address object for each of your servers Email1-Private and Email2-Private for example
3.  Create a WAN address object for the other static IP: Email2-Public, you dont need to make one for Email1 because you can use WAN Primary IP for that and its already there.
4.  Make 2 firewall rules to allow SMTP to your WAN address objects: WAN Primay IP and Email2-Public. Typically your incoming source would be any, but if you have a spam filter you can add that as an Address Object (AO) and only accept SMTP from that IP.
5.  Now you need to NAT the traffic.  
Original source: Any
Translated Source: Original
Original Destination: WAN Primary IP or Email2-Public
Translated Destination: AO of desired server
Original Service: SMTP
Translated Service: Original
Inbound Interface: WAN
Click OK.

That will bring your mail in and send it where it is supposed to go.  For outgoing, you need to NAT ONLY the Email2 traffic the opposite way.  Email1 will send it out the default WAN IP so you can leave it alone.

Original Source: Email2-Private AO
Translated Source: Email2-Public AO
Original Destination: Any
Translated Destination: Original
Original Service: SMTP or Any
Translated Service: Original
Inbound Interface: LAN
Click OK.

That should work.  Alternately you could put a switch between your Sonicwall and the WAN gateway and assign 1 static to your X1 and another static to your X2 and use 2 patch cables to the switch and 1 uplink to the GW.  If you do it that way, you will need to set up an appropriate route under the routing options.

Hope that helps.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.