?
Solved

Sonicwall TZ215 - SMTP quetion

Posted on 2014-01-29
7
Medium Priority
?
1,141 Views
Last Modified: 2014-02-03
I recently purchased a Sonicwall TZ215 unit and have a question on configuring the mail flow across SMTP. I have found a document online about how to limit inbound access on port 25 except from certain IPs (my GFI spam filter) and I have enable it, by creating the access rule, NAT policy and service object. However, when I ran through the wizard and setup a Mail server, it listed standard ports of (IMAP, POP, and SMTP) be default. My question is, do I need to remove the SMTP port from that configuration? I am not sure if by doing that wizard I emabled all SMTP mailflow to my email server, and now my spam filter settings I just created are invalid and not enforced. I hope this makes sense, I tried to explain the best I could. If you need more clarity, I will try my best if you let me know.

Thank you!
0
Comment
Question by:fluidequipment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 39819153
The actual email comes across port 25 and at least this will be needed for email to flow in.  The other two, Imap and POP are only needed if you have external clients that connect in that manner.  I will generally only do the port 25 part, then have them connect to email via OWA and active sync/Outlook Anywhere. (443 and 80)

Then on the exchange server, you want to mod your receive connector on the exchange server to the IP's that your GFI is (assuming it actually receives and sends, vs active scan and pass). If it does not, then leave it be send a few, and see what needs ot be tweaked.  It is rare to get spam filters going correctly on first try.
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39819172
I thought I would clarify, there are some services like MXLogic, reflexion, that will spool your email, then relay it to your server.

This is different than a filter/scanner appliance like barracuda, GFI, and Untangle, which reads the header for blocked IP, message size, sender, etc.  Those that are allowed the connection is opened, those who are not, get a rejection or it will do nothing and just not allow the connection (soft fail).

The easiest way to confirm which is which, is telnet to your WAN IP over port 25 and see who responds.  If it is your server, then you are using a scan/filter.  If some other device answers, then you are in the relay style.  One only looks at the basic info and lets Exchange do the heavy lifting, the other handles the email from start to finish and sends the completed to you. (relay)

There are benefits to both, and if you are becoming an exchange admin, you will want to become familiar with both, since when people complain of email not arriving, it changes where you would look for log entries.
0
 

Author Comment

by:fluidequipment
ID: 39819201
We currently use GFI Max Mail for a spam filter. I can log into the web interface and see emails that are in the send/receive queue and that are blocked. I remember on our exchange server when it was setup, configuring an SMTP connector to GFI. does that help?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 9

Expert Comment

by:tsaico
ID: 39819216
Just telnet to your highest priority MX record and if the GFI box responds then you have a relay type config, if your exchange does instead, you then have your answer.

Oh, I also forgot to mention, a really good site to become your new best friend is
https://testconnectivity.microsoft.com/
and
http://www.mxtoolbox.com

they both have really good trouble shooting tools and can teach you a lot.
0
 
LVL 25

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39828902
Hi fluidequipment,

All you need to do is run the configuration wizard for mail server. Then lookup the newly created Access Rules and simple change the source from All to the IPs from the GFI servers.

Let me know how it goes!
0
 

Author Closing Comment

by:fluidequipment
ID: 39829275
Thank you! That is perfect!
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 39830328
Glad I could help...thanks for the points!
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month10 days, 5 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question