Activate Anti-Spam on a Sonicwall NSA-2600 and forward mail to local Exchange 2010 Server

We currently have a Sonicwall NSA 2600.  We also have a Small Business Server 2011 running Exchange 2010.  The Sonicwall has NAT and firewall configured to pass the mail to the server.  That is working fine.

I have activated a 30 day trial of Sonicwall's Anti-Spam Service.  During the initial configuration I received the following pop up error: "Mail Server Auto-Detect Failed.  The system detects there are one or more NAT and/or Rule policies that use a service group of a service port range that includes SMTP and non-SMTPservice ports.  The system could not enable the Anti-Spam service using the current configuration.

The user guide for enabling Anti-Spam lists a step where you identify the mail server.  I am assuming I need to delete the current NAT and Firewall rules forwarding mail to the server and let the Anti-Spam setup configure them again.  Am I correct?

Any help is appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
Mail will be received by the Sonicwall and it will then forward to the Exchange server. You don't need NAT in that scenario so delete the NAT rule and that should be it.
Blue Street TechLast KnightCommented:
Hi rrincones,

You definitely need Access Rules & NAT just have to configure them correctly.

To resolve Mail Server Auto-Detect Failed errors do the following:

1. Remove SMTP ((Send E-Mail) port 25) in the applicable service group.

a) Go to Firewall > Access Rules and choose view style as matrix and select from zone: WAN and to zone: LAN (assuming the Exchange server is in LAN...if its in the DMZ then you'd select DMZ accordingly). Hover over the service groups and check if it contains SMTP (Send E-Mail) service in the service group.
b) if it is present go to Network > Services and click on the configure button in the service group which contains SMTP (Send E-Mail) service and then select the SMTP (Send E-Mail) service and click on the left arrow so that will remove the SMTP (Send E-Mail) service from the group and click OK to save the changes.

2. Configure the Antispam engine using the Wizard

a) Go to Antispam > Settings and check the checkbox Enable Antispam Service & then the antispam configuration wizard will open. Click on proceed to configure.

3. Mail Server IPs & Junkstore settings

a) Click on Next in the mail server info needed alert & it will ask you to enter Mail Server Public IP, Mail Server Private IP, and Junkstore IP address.
b) If you are going to install junkstore on the same exchange server then you can check the option Junkstore runs locally in mail server. That will populate the IP address of mail server automatically in the Junk store IP field. If you want to install junkstore on a different server then you can uncheck the option Junkstore runs locally in mail server & specify the IP address of server where you are going to install junkstore later.

Note: The Junkstore can be downloaded from Antispam > Settings page.

4. Configuring NAT for Antispam

a) After entering the mail server info click on confirm & that will automatically create NATs and rules for Antispam Service.

5. Test it!

a) go to Antispam > Status & check the destination mail server status. If it shows operational SonicWALL is able to reach the mail server & the next step is to install junkstore.

Let me know if you have any other questions!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Craig BeckCommented:
You don't need to configure NAT is what I was getting at. It is configured automatically.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

rrinconesAuthor Commented:
Thanks A lot.

Does Junk Store need to be installed on a server?  I wanted to install on my desktop (windows 10 Pro).
Blue Street TechLast KnightCommented:
You are welcome!

Yes, JunkStore needs to be installed on your Exchange server or another server but nonetheless a server. Antispam can create a Junk Store on your Exchange server. The Junk Store quarantines messages for end-user analysis & provides statistics. This is NOT something you install on each user's is centralized.
rrinconesAuthor Commented:
worked perfectly.  Note:  had to change setting on exchange server to allow it to receive anonymous emails.
Blue Street TechLast KnightCommented:
Glad I could help...thanks for the points!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.