Re: [IMail Forum] Need help with configuring anti-spam

Sun, 10 Jul 2005 15:36:24 -0700

Since at this time there is only one ACL for the SMTP service this is your problem.... my setup would be like this for this scenario: 

Router with IMGate in the DMZ
IMail server on internal network
IMail relays for internal network and requires auth on port 587
Outbound mail to gateway (IMGate machine)

FW Rules:
all external port 25 traffic to DMZ
no external port 25 to internal
Port 587 allowed to IMail
Your users are given port 587 (set to require auth) for their outgong mail

I believe this will accomplish what you are wanting

Eric S



Jonas Fornander wrote:


I thought I understood how to configure Imail with port 587 but now
I'm more confused than ever. I hope someone can un-confuse me.
This is our setup:

Our MX records points to Imgate

Our hosting, DSL and dialup users has mail.netwood.net as their
outgoing server which is Imail. This server is configured to "Relay
for addresses" and our IP blocks are listed.

Our Imail is running 8.20 and port 587 is enabled and working. If I
change my own account to use port 587 it works if I enable "My
outgoing server requires authentication".

So everything is working as it should, sooooo now what?

I thought that I would be able to go to SMTP Security -> Control
Access and deny access for all IP addresses EXCEPT for our trusted IP
blocks. Then users on non-trusted IP addresses would be able to send
out mail using port 587 it they were authenticated. However if I deny
access to a non-trusted IP in SMTP Security -> Control Access then
they can't send out mail on port 587 either, even if they
authenticate. :-(

What am I missing?

How can I make our users  - on trusted IP addresses - being able to
use mail.netwood.net to send out mail and our users - on non-trusted
IP addresses - to send out mail on port 587 (with authentication) and
ALL other mail, sent directly to the Imail server should be rejected?

Jonas Fornander - System Administrator
Netwood Communications,LLC - www.netwood.net
Find out why we're better - 310-442-1530


 



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/






















					Reply via email to