Endian FW SMTP Proxy Help

Joined
Mar 15, 2002
Messages
782
Hey

I've setup a new Endian box to perform smtp proxy services and nothing else to replace a our current spam filtering solution (hosted barracuda). According to MXtools my setup is correct. SMTP banner, MX and etc are all setup correctly for the EFW.

This is the setup.

Internet
V
Endian FW - Public IP
V
Internet
V
Exchange Server (port fowarded from Fortigate)

The Proxy service has been working fine. Emails being processed and deliverd. The issues I have is related to quarantine mails and system alerts not being sent to me from the EFW. I notice in the logs stuff is being quarantine however I never get any of the emails. Also whitelists don't seem to work because some of the IP blocking settings discard the mail before it even gets to the whitelist.

Second issue is that I wanted to do a test and get the Exchange server to send outbound through EFW for scanning. I put in the smarthost settings and the mail made it to EFW however it was rejected. The smtp banner on the exchange server is something like mail.domain.com with an appropriate A record and not something like fftu-5-5-5-5.domain.com which would be correct for Rev DNS checks. I'd like to whitelist certain mail servers without having to disable some of the features on EFW. We also have one small mail server (surgemail) setup that acts as our relay that we point our firewalls, SANs and etc to so we can get email alerts. That server getrs blocked too but I can't seem to whitelist it either.

I would've put this in the EFW forum but that fourm isn't very active and I know a lot of guys here use Endian.

Right now I have the settings on EFW pretty much default with all but two RBL targets on. Anyone have any info to share on perhaps the optimum setup to help prevent false positives?
 
Last edited:
Joined
Mar 15, 2002
Messages
782
No one :( ? Well I'm working on tuning the spam settings but the quarantine mail still isn't being sent to me and that is an issue.

Noticed that clam may not be working. I've sent in the EICAR test virus in many forms and clam never sees anything. Nothing in the logs and email makes it to me without problem. I may need to redo this install.
 
Last edited:
Top