Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: xof on May 18, 2010, 03:01:49 PM
-
I was wondering if it's possible to make SME forward all traffic for port 25 to a host on the inside? I would like to completely disable SME's email possibilities and make sure incoming mail is processed by another machine. Is that possible?
-
Please take time to read the manual, your answer is in there ;)
Heres a point of reference:
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#E-mail
Make sure you read the manual twice.
Thanks
-
Thank you for the reply.
However, I have been there. I guess you mean the delegate mail server? That's not what I mean. This functionality will still make SME accept incoming SMTP connections and forward them to the internal delegate mail server. This will break a lot of anti-spam techniques on the delegate mail server because the connecting IP will always be that of the SME server.
The question is if SME can be configured to just forward all traffic on port 25 to another host and NOT service the SMTP sessions.
-
Even if you do just the forwarding, the packets will still appear to the destination machine to have originated from the SME server, will they not?
-
I was wondering if it's possible to make SME forward all traffic for port 25 to a host on the inside? I would like to completely disable SME's email possibilities and make sure incoming mail is processed by another machine. Is that possible?
I guess (new esata crystal ball) you are using SME in server & gw mode
I would replace SME as a firewall with a real firewal and change to server-only mode
just a curiosity but.. why do you want to disable SME's AV/antispam capability?
-
xof
Is the internal host an Exchange server ?
If so there is "desirable" functional interaction when using Delegation, see the Email FAQ or search forums on Exchange.
Otherwise you answered your own question.
" ...... completely disable SME's email...... make SME forward all traffic for port 25 to a host on the inside".
Although if you completely disable all of SME's mail system, you will not get any system generated messages. Just disable the smtp server with a db command & stop the service. Port 25 will then be closed and can then be port forwarded. I think that should be sufficient.
-
Thank you @ all for sharing your knowledge on this. I will give it some thoughts.
@ Stefano. I'm not saying I don't like or wouldn't like to use SME's SMTP capabilities. It's just that my SMTP infrastructure is a little too complicated. I have my MX records pointing at a third party who forwards them to SME. SME then forwards them to Kerio on the inside. All three have anti-spam/antivirus capabilties. It's time to simplify this setup!
@ MSmith. If think that if you do straight port forwarding, the packets don't get to to application layer (SMTP in this case) and the SMTP session would seem to originate from the outside IP. You won't see SME in the SMTP session. Correct me if I'm wrong.
-
@ Stefano. I'm not saying I don't like or wouldn't like to use SME's SMTP capabilities. It's just that my SMTP infrastructure is a little too complicated. I have my MX records pointing at a third party who forwards them to SME. SME then forwards them to Kerio on the inside. All three have anti-spam/antivirus capabilties. It's time to simplify this setup!
I agree.. but I would start from the firewall..
-
If think that if you do straight port forwarding, the packets don't get to to application layer (SMTP in this case) and the SMTP session would seem to originate from the outside IP. You won't see SME in the SMTP session.
Correct.
Just forward port 25 using the server manager port forwarding panel. Have you tried that?
-
Glad I chimed in, even if incorrectly ... I learned something today. Thanks!