Solved

Hosted POP3/SMTP Email and Local Spam Filter

Posted on 2008-10-20
7
352 Views
Last Modified: 2013-12-14
Our business currently has our email hosted with our dns provider and locally we have a watchguard firebox with all of the software subscriptions. The firebox has a great spam filter and quarantine server, however the smpt filtering (quarantine feature) only works if you have a smtp server behind the firebox.

Is there anyway to have our dns provider change our mx record to point to us, have the firebox filter the email and then push the email back to the isp so that clients can download the email via pop3 with their outlook clients? Our dns provider is willing to change our mx record but we are stuck on how or even if it is possible to "scrub" the email and then send it back to the provider.

Our goal is to not have to get a mail server onsite as it would create another server that needs to be maintained. Although, if anyone has any other suggestions that would be great as well.
0
Comment
Question by:ibgadmin
  • 4
  • 3
7 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22764340
>> Is there anyway to have our dns provider change our mx record to point to us, have the firebox filter the email and then push the email back to the isp so that clients can download the email via pop3 with their outlook clients?

I do not think this is possible; all the incoming traffic would come in and WG would filter the traffic; but it needs to send it to an internal server for further processing; there is no way we can the firebox hair pin the traffic out of external interface. If an option; you configure a mail relay server behind firebox.
Let firebox send all traffic to it first and then have the server relay all the traffic back to your ISP server; now the clients would download their emails using POP3. If you wish we can again inspect the incoming traffic using POP3 proxy at this time.

Please let know if I have overlooked anything.

Thank you.
0
 

Author Comment

by:ibgadmin
ID: 22768872
I will give it a shot and post my results back to this thread.
0
 

Author Comment

by:ibgadmin
ID: 22770440
Quick question. Is there any recomendation that you would make to secure this relay? Or is it secure enough as it is?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 22770496
for increased security may be you can use HTTPS and certificates; but am not an expert on those things and would not be the best person to suggest something.

The connection is outbound so your network would not be affected much, we would inspect all incoming SMTP packets; and also incoming POP packets.

Thank you.
0
 

Author Comment

by:ibgadmin
ID: 22770523
Ok, I just wanted to make sure that people could not use me as a spammer server.. So this should not be an issue then?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22770551
You can configure a service where only the mail server can send packets out to the server using your server using SMTP as:
Enabled and allowed; from server-interna;-ip; to your-isp-server-ip

Thank you.
0
 

Author Closing Comment

by:ibgadmin
ID: 31508019
Thanks, that did the trick. I appreciate your help.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question