Solved

Sonicwall TZ215 - SMTP quetion

Posted on 2014-01-29
7
1,120 Views
Last Modified: 2014-02-03
I recently purchased a Sonicwall TZ215 unit and have a question on configuring the mail flow across SMTP. I have found a document online about how to limit inbound access on port 25 except from certain IPs (my GFI spam filter) and I have enable it, by creating the access rule, NAT policy and service object. However, when I ran through the wizard and setup a Mail server, it listed standard ports of (IMAP, POP, and SMTP) be default. My question is, do I need to remove the SMTP port from that configuration? I am not sure if by doing that wizard I emabled all SMTP mailflow to my email server, and now my spam filter settings I just created are invalid and not enforced. I hope this makes sense, I tried to explain the best I could. If you need more clarity, I will try my best if you let me know.

Thank you!
0
Comment
Question by:fluidequipment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 39819153
The actual email comes across port 25 and at least this will be needed for email to flow in.  The other two, Imap and POP are only needed if you have external clients that connect in that manner.  I will generally only do the port 25 part, then have them connect to email via OWA and active sync/Outlook Anywhere. (443 and 80)

Then on the exchange server, you want to mod your receive connector on the exchange server to the IP's that your GFI is (assuming it actually receives and sends, vs active scan and pass). If it does not, then leave it be send a few, and see what needs ot be tweaked.  It is rare to get spam filters going correctly on first try.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39819172
I thought I would clarify, there are some services like MXLogic, reflexion, that will spool your email, then relay it to your server.

This is different than a filter/scanner appliance like barracuda, GFI, and Untangle, which reads the header for blocked IP, message size, sender, etc.  Those that are allowed the connection is opened, those who are not, get a rejection or it will do nothing and just not allow the connection (soft fail).

The easiest way to confirm which is which, is telnet to your WAN IP over port 25 and see who responds.  If it is your server, then you are using a scan/filter.  If some other device answers, then you are in the relay style.  One only looks at the basic info and lets Exchange do the heavy lifting, the other handles the email from start to finish and sends the completed to you. (relay)

There are benefits to both, and if you are becoming an exchange admin, you will want to become familiar with both, since when people complain of email not arriving, it changes where you would look for log entries.
0
 

Author Comment

by:fluidequipment
ID: 39819201
We currently use GFI Max Mail for a spam filter. I can log into the web interface and see emails that are in the send/receive queue and that are blocked. I remember on our exchange server when it was setup, configuring an SMTP connector to GFI. does that help?
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 9

Expert Comment

by:tsaico
ID: 39819216
Just telnet to your highest priority MX record and if the GFI box responds then you have a relay type config, if your exchange does instead, you then have your answer.

Oh, I also forgot to mention, a really good site to become your new best friend is
https://testconnectivity.microsoft.com/
and
http://www.mxtoolbox.com

they both have really good trouble shooting tools and can teach you a lot.
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39828902
Hi fluidequipment,

All you need to do is run the configuration wizard for mail server. Then lookup the newly created Access Rules and simple change the source from All to the IPs from the GFI servers.

Let me know how it goes!
0
 

Author Closing Comment

by:fluidequipment
ID: 39829275
Thank you! That is perfect!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39830328
Glad I could help...thanks for the points!
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question