Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hosted POP3/SMTP Email and Local Spam Filter

Posted on 2008-10-20
7
Medium Priority
?
368 Views
Last Modified: 2013-12-14
Our business currently has our email hosted with our dns provider and locally we have a watchguard firebox with all of the software subscriptions. The firebox has a great spam filter and quarantine server, however the smpt filtering (quarantine feature) only works if you have a smtp server behind the firebox.

Is there anyway to have our dns provider change our mx record to point to us, have the firebox filter the email and then push the email back to the isp so that clients can download the email via pop3 with their outlook clients? Our dns provider is willing to change our mx record but we are stuck on how or even if it is possible to "scrub" the email and then send it back to the provider.

Our goal is to not have to get a mail server onsite as it would create another server that needs to be maintained. Although, if anyone has any other suggestions that would be great as well.
0
Comment
Question by:ibgadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 22764340
>> Is there anyway to have our dns provider change our mx record to point to us, have the firebox filter the email and then push the email back to the isp so that clients can download the email via pop3 with their outlook clients?

I do not think this is possible; all the incoming traffic would come in and WG would filter the traffic; but it needs to send it to an internal server for further processing; there is no way we can the firebox hair pin the traffic out of external interface. If an option; you configure a mail relay server behind firebox.
Let firebox send all traffic to it first and then have the server relay all the traffic back to your ISP server; now the clients would download their emails using POP3. If you wish we can again inspect the incoming traffic using POP3 proxy at this time.

Please let know if I have overlooked anything.

Thank you.
0
 
LVL 1

Author Comment

by:ibgadmin
ID: 22768872
I will give it a shot and post my results back to this thread.
0
 
LVL 1

Author Comment

by:ibgadmin
ID: 22770440
Quick question. Is there any recomendation that you would make to secure this relay? Or is it secure enough as it is?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 22770496
for increased security may be you can use HTTPS and certificates; but am not an expert on those things and would not be the best person to suggest something.

The connection is outbound so your network would not be affected much, we would inspect all incoming SMTP packets; and also incoming POP packets.

Thank you.
0
 
LVL 1

Author Comment

by:ibgadmin
ID: 22770523
Ok, I just wanted to make sure that people could not use me as a spammer server.. So this should not be an issue then?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22770551
You can configure a service where only the mail server can send packets out to the server using your server using SMTP as:
Enabled and allowed; from server-interna;-ip; to your-isp-server-ip

Thank you.
0
 
LVL 1

Author Closing Comment

by:ibgadmin
ID: 31508019
Thanks, that did the trick. I appreciate your help.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question