forward Packets on Firewall
Posted on 2009-05-12
All....a question for the ages?
have a customer with an exchange server, domain is abc-america.com, .
We forward the MX records to an offsite email scrubber, IE, Postini, SpamSoap etc. The mail comes in great.
The company HQ is in Europe, they required all users to get have an email firstname.lastname@example.org. Currently that mail is
foward via a VPN to the local exhange server, all works okay. The European IT dept generates a list via LDAP query and fowards to the private IP of the exchange server. The particular European server foward can ONLY foward to 1 IP address.
We would like to foward these emails to the offsite SPAM site, but there is an issue, we can only use 1 IP address, most of these sites use a rotating IPs in their records. If we had Europe select 1 IP address, then if was rotated, users may get NDR or mail may hang in the sending queue.
Our best solution we thought was to use an available public IP (not our exchange server, not currently being used) also on a 2nd ISP provider. Then Have Europe point to that IP, then foward any traffic on that IP to the offsite Spam washer site (postini, or egivs).
to that end, we have tried to set up a firewall rule redirecting any packets on that Public IP to the SpamWasher site, on the sonicwall NSA3500 we have setup a WAN/WAN rule, that did not work, when I telnet to the PublicIP we provide on port 25, I am not redirected. Sonicwall logs provide no info. When I do a packet capture the packets are arrived and them dropped.
I also have done/tried a NAT Rule under the advice of Sonicwall, that also did not work, same thing.
I cannot redirect the entire MX for xyz-europe.com, as I am only concerned with perhaps 60-70 email address.
Has anyone ecountered this problem before, and what was your solution? ISA? Cisco/ Watchguard? a better sonicwall rule?
Looking foward to your replies.