Activate Anti-Spam on a Sonicwall NSA-2600 and forward mail to local Exchange 2010 Server

We currently have a Sonicwall NSA 2600.  We also have a Small Business Server 2011 running Exchange 2010.  The Sonicwall has NAT and firewall configured to pass the mail to the server.  That is working fine.

I have activated a 30 day trial of Sonicwall's Anti-Spam Service.  During the initial configuration I received the following pop up error: "Mail Server Auto-Detect Failed.  The system detects there are one or more NAT and/or Rule policies that use a service group of a service port range that includes SMTP and non-SMTPservice ports.  The system could not enable the Anti-Spam service using the current configuration.

The user guide for enabling Anti-Spam lists a step where you identify the mail server.  I am assuming I need to delete the current NAT and Firewall rules forwarding mail to the server and let the Anti-Spam setup configure them again.  Am I correct?

Any help is appreciated.
rrinconesAsked:
Who is Participating?
 
Blue Street TechConnect With a Mentor Last KnightCommented:
Hi rrincones,

You definitely need Access Rules & NAT policies...you just have to configure them correctly.

To resolve Mail Server Auto-Detect Failed errors do the following:

1. Remove SMTP ((Send E-Mail) port 25) in the applicable service group.

a) Go to Firewall > Access Rules and choose view style as matrix and select from zone: WAN and to zone: LAN (assuming the Exchange server is in LAN...if its in the DMZ then you'd select DMZ accordingly). Hover over the service groups and check if it contains SMTP (Send E-Mail) service in the service group.
b) if it is present go to Network > Services and click on the configure button in the service group which contains SMTP (Send E-Mail) service and then select the SMTP (Send E-Mail) service and click on the left arrow so that will remove the SMTP (Send E-Mail) service from the group and click OK to save the changes.

2. Configure the Antispam engine using the Wizard

a) Go to Antispam > Settings and check the checkbox Enable Antispam Service & then the antispam configuration wizard will open. Click on proceed to configure.

3. Mail Server IPs & Junkstore settings

a) Click on Next in the mail server info needed alert & it will ask you to enter Mail Server Public IP, Mail Server Private IP, and Junkstore IP address.
b) If you are going to install junkstore on the same exchange server then you can check the option Junkstore runs locally in mail server. That will populate the IP address of mail server automatically in the Junk store IP field. If you want to install junkstore on a different server then you can uncheck the option Junkstore runs locally in mail server & specify the IP address of server where you are going to install junkstore later.

Note: The Junkstore can be downloaded from Antispam > Settings page.

4. Configuring NAT for Antispam

a) After entering the mail server info click on confirm & that will automatically create NATs and rules for Antispam Service.

5. Test it!

a) go to Antispam > Status & check the destination mail server status. If it shows operational SonicWALL is able to reach the mail server & the next step is to install junkstore.

Let me know if you have any other questions!
0
 
Craig BeckCommented:
Mail will be received by the Sonicwall and it will then forward to the Exchange server. You don't need NAT in that scenario so delete the NAT rule and that should be it.
0
 
Craig BeckCommented:
You don't need to configure NAT is what I was getting at. It is configured automatically.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
rrinconesAuthor Commented:
Thanks A lot.

Does Junk Store need to be installed on a server?  I wanted to install on my desktop (windows 10 Pro).
0
 
Blue Street TechLast KnightCommented:
You are welcome!

Yes, JunkStore needs to be installed on your Exchange server or another server but nonetheless a server. Antispam can create a Junk Store on your Exchange server. The Junk Store quarantines messages for end-user analysis & provides statistics. This is NOT something you install on each user's machine...it is centralized.
0
 
rrinconesAuthor Commented:
worked perfectly.  Note:  had to change setting on exchange server to allow it to receive anonymous emails.
0
 
Blue Street TechLast KnightCommented:
Glad I could help...thanks for the points!
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.