Solved

Sonicwall TZ215 - SMTP quetion

Posted on 2014-01-29
7
1,090 Views
Last Modified: 2014-02-03
I recently purchased a Sonicwall TZ215 unit and have a question on configuring the mail flow across SMTP. I have found a document online about how to limit inbound access on port 25 except from certain IPs (my GFI spam filter) and I have enable it, by creating the access rule, NAT policy and service object. However, when I ran through the wizard and setup a Mail server, it listed standard ports of (IMAP, POP, and SMTP) be default. My question is, do I need to remove the SMTP port from that configuration? I am not sure if by doing that wizard I emabled all SMTP mailflow to my email server, and now my spam filter settings I just created are invalid and not enforced. I hope this makes sense, I tried to explain the best I could. If you need more clarity, I will try my best if you let me know.

Thank you!
0
Comment
Question by:fluidequipment
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 39819153
The actual email comes across port 25 and at least this will be needed for email to flow in.  The other two, Imap and POP are only needed if you have external clients that connect in that manner.  I will generally only do the port 25 part, then have them connect to email via OWA and active sync/Outlook Anywhere. (443 and 80)

Then on the exchange server, you want to mod your receive connector on the exchange server to the IP's that your GFI is (assuming it actually receives and sends, vs active scan and pass). If it does not, then leave it be send a few, and see what needs ot be tweaked.  It is rare to get spam filters going correctly on first try.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39819172
I thought I would clarify, there are some services like MXLogic, reflexion, that will spool your email, then relay it to your server.

This is different than a filter/scanner appliance like barracuda, GFI, and Untangle, which reads the header for blocked IP, message size, sender, etc.  Those that are allowed the connection is opened, those who are not, get a rejection or it will do nothing and just not allow the connection (soft fail).

The easiest way to confirm which is which, is telnet to your WAN IP over port 25 and see who responds.  If it is your server, then you are using a scan/filter.  If some other device answers, then you are in the relay style.  One only looks at the basic info and lets Exchange do the heavy lifting, the other handles the email from start to finish and sends the completed to you. (relay)

There are benefits to both, and if you are becoming an exchange admin, you will want to become familiar with both, since when people complain of email not arriving, it changes where you would look for log entries.
0
 

Author Comment

by:fluidequipment
ID: 39819201
We currently use GFI Max Mail for a spam filter. I can log into the web interface and see emails that are in the send/receive queue and that are blocked. I remember on our exchange server when it was setup, configuring an SMTP connector to GFI. does that help?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Expert Comment

by:tsaico
ID: 39819216
Just telnet to your highest priority MX record and if the GFI box responds then you have a relay type config, if your exchange does instead, you then have your answer.

Oh, I also forgot to mention, a really good site to become your new best friend is
https://testconnectivity.microsoft.com/
and
http://www.mxtoolbox.com

they both have really good trouble shooting tools and can teach you a lot.
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39828902
Hi fluidequipment,

All you need to do is run the configuration wizard for mail server. Then lookup the newly created Access Rules and simple change the source from All to the IPs from the GFI servers.

Let me know how it goes!
0
 

Author Closing Comment

by:fluidequipment
ID: 39829275
Thank you! That is perfect!
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39830328
Glad I could help...thanks for the points!
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now