[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Sonicwall TZ215 - SMTP quetion

Posted on 2014-01-29
7
Medium Priority
?
1,152 Views
Last Modified: 2014-02-03
I recently purchased a Sonicwall TZ215 unit and have a question on configuring the mail flow across SMTP. I have found a document online about how to limit inbound access on port 25 except from certain IPs (my GFI spam filter) and I have enable it, by creating the access rule, NAT policy and service object. However, when I ran through the wizard and setup a Mail server, it listed standard ports of (IMAP, POP, and SMTP) be default. My question is, do I need to remove the SMTP port from that configuration? I am not sure if by doing that wizard I emabled all SMTP mailflow to my email server, and now my spam filter settings I just created are invalid and not enforced. I hope this makes sense, I tried to explain the best I could. If you need more clarity, I will try my best if you let me know.

Thank you!
0
Comment
Question by:fluidequipment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 39819153
The actual email comes across port 25 and at least this will be needed for email to flow in.  The other two, Imap and POP are only needed if you have external clients that connect in that manner.  I will generally only do the port 25 part, then have them connect to email via OWA and active sync/Outlook Anywhere. (443 and 80)

Then on the exchange server, you want to mod your receive connector on the exchange server to the IP's that your GFI is (assuming it actually receives and sends, vs active scan and pass). If it does not, then leave it be send a few, and see what needs ot be tweaked.  It is rare to get spam filters going correctly on first try.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39819172
I thought I would clarify, there are some services like MXLogic, reflexion, that will spool your email, then relay it to your server.

This is different than a filter/scanner appliance like barracuda, GFI, and Untangle, which reads the header for blocked IP, message size, sender, etc.  Those that are allowed the connection is opened, those who are not, get a rejection or it will do nothing and just not allow the connection (soft fail).

The easiest way to confirm which is which, is telnet to your WAN IP over port 25 and see who responds.  If it is your server, then you are using a scan/filter.  If some other device answers, then you are in the relay style.  One only looks at the basic info and lets Exchange do the heavy lifting, the other handles the email from start to finish and sends the completed to you. (relay)

There are benefits to both, and if you are becoming an exchange admin, you will want to become familiar with both, since when people complain of email not arriving, it changes where you would look for log entries.
0
 

Author Comment

by:fluidequipment
ID: 39819201
We currently use GFI Max Mail for a spam filter. I can log into the web interface and see emails that are in the send/receive queue and that are blocked. I remember on our exchange server when it was setup, configuring an SMTP connector to GFI. does that help?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 9

Expert Comment

by:tsaico
ID: 39819216
Just telnet to your highest priority MX record and if the GFI box responds then you have a relay type config, if your exchange does instead, you then have your answer.

Oh, I also forgot to mention, a really good site to become your new best friend is
https://testconnectivity.microsoft.com/
and
http://www.mxtoolbox.com

they both have really good trouble shooting tools and can teach you a lot.
0
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39828902
Hi fluidequipment,

All you need to do is run the configuration wizard for mail server. Then lookup the newly created Access Rules and simple change the source from All to the IPs from the GFI servers.

Let me know how it goes!
0
 

Author Closing Comment

by:fluidequipment
ID: 39829275
Thank you! That is perfect!
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39830328
Glad I could help...thanks for the points!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question