Messaging Gateway

 View Only

  • 1.  How to configure: In/Out filtering and webserver

    Posted Feb 24, 2009 02:58 PM

    Hi!

     

    We just installed a trial of Symantec Brightmail Gateway (as VM, email only) configured for inbound and outbound filtering (with a virtual IP for outbound). That works great together with our mailservers.

    Unfortunately, we have a webserver that sends emails, inbound and outbound) using the Gateway. I wasn't able to configure the gateway correctly, so that all emails from the webserver (running a shop) are rejected by the gateway....

     

    My question is: How can I configure this correctly?? Is it correct that I need to different IP's for inbound and outbound email processing?? Are there any KB's or so?

     

    Kind regards from switzerland!

    martin



  • 2.  RE: How to configure: In/Out filtering and webserver

    Posted Feb 24, 2009 06:20 PM

    Hi Martin,

     

    Is the webserver inside your network or out on the internet?

     

    thanks,

     

    //ian



  • 3.  RE: How to configure: In/Out filtering and webserver

    Posted Feb 25, 2009 01:38 AM

    The webserver is on the internet; sending order confirmation emails to the customers and the order itself to the sales group....

     

    martin



  • 4.  RE: How to configure: In/Out filtering and webserver

    Posted Feb 25, 2009 03:40 AM

    So i think one of two things is happening here.

    Either the webserver is configured to relay through an IP address that is known to send spam or the webserver is not sending mail to the correct addresses.

     

    If you take a look in Message Audit Log, search for emails that are generated by the webserver (perhaps they use an email address orders@yourdomain.com).  What does it say there for the verdict on those messages?

     

    //ian 



  • 5.  RE: How to configure: In/Out filtering and webserver

    Posted Feb 25, 2009 03:55 AM

    The error message when trying to send emails via the outbound interface was "Reject invalid receipients, Rejected message for all receipients". This emails had two receipients, one internal and one external.

     

    martin



  • 6.  RE: How to configure: In/Out filtering and webserver

    Posted Feb 25, 2009 04:03 AM
    Right, does the internal email address actually exist in your LDAP directory?


  • 7.  RE: How to configure: In/Out filtering and webserver

    Posted Feb 25, 2009 04:12 AM

    I've done some more testing by telnet...

    When I send emails to the inbound interface, the GW answers "Relay access denied" when sending the "rcpt to:external".

     

    Isn't it possible to explicit allow one host to relay trough the inbound interface?

     

    The internal email address exists in the ldap, yes.

     

    martin



  • 8.  RE: How to configure: In/Out filtering and webserver

    Posted Feb 25, 2009 04:49 AM

    Hi Martin,

     

    You would need to publish the SBG Outbound interface to the internet and allow that remote webserver IP address to relay through it.

    HOWEVER: 

    Rather than opening up a potential security hole and allowing an external server to relay through your SBG device, it would be prudent to work out why the web application is attempting to relay through SBG rather than use a local SMTP server.