SMTP Traffic Routing - Firewalls

This is a discussion on SMTP Traffic Routing - Firewalls ; Hello All, I am wondering if anyone knows of a way to Route all outbound SMTP traffic through a specific IP address. Here is the Scenario: I have a SonicWall with enhanced OS. It of course has a WAN IP ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: SMTP Traffic Routing

  1. SMTP Traffic Routing

    Hello All,

    I am wondering if anyone knows of a way to Route all outbound SMTP
    traffic through a specific IP address. Here is the Scenario:

    I have a SonicWall with enhanced OS. It of course has a WAN IP address.
    It also has 2 IP addresses associated with the OPT port for public
    servers. I recently changed the IP address of my mail server from
    public to private. What i am looking to do is tell the SonicWall to
    take any SMTP (Or all traffic if that is easier) and send it out of one
    of the IP addresses associated with the OPT interface.

    The reason for my doing this is that the MX record is pointed to one of
    the IP addresses of the OPT port. If I send mail out and it goes out of
    the IP that is associated with the WAN port (Different than the OPT IP)
    it is categorized as SPAM as the MX reverse look up is bad.

    If anyone can provide any opinions or solutions it would be greatly
    appreciated.

    Thanks,

    Jason


  2. Re: SMTP Traffic Routing

    DigitalKid wrote:
    > The reason for my doing this is that the MX record is pointed to one
    > of the IP addresses of the OPT port. If I send mail out and it goes
    > out of the IP that is associated with the WAN port (Different than the
    > OPT IP) it is categorized as SPAM as the MX reverse look up is bad.


    Tell whoever is doing this to stop being an idiot. The MX is the host
    supposed to *receive* mail. The MX record doesn't say anything at all
    about which host is sending out mail from this domain.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. Re: SMTP Traffic Routing

    On Sat, 20 Jan 2007 23:20:28 +0000, Ansgar -59cobalt- Wiechers wrote:

    > DigitalKid wrote:
    >> The reason for my doing this is that the MX record is pointed to one
    >> of the IP addresses of the OPT port. If I send mail out and it goes
    >> out of the IP that is associated with the WAN port (Different than the
    >> OPT IP) it is categorized as SPAM as the MX reverse look up is bad.

    >
    > Tell whoever is doing this to stop being an idiot. The MX is the host
    > supposed to *receive* mail. The MX record doesn't say anything at all
    > about which host is sending out mail from this domain.


    If I understand what you are saying, I can only ask......
    Are you for real?


    --

    Regards
    Robert

    Smile... it increases your face value!


    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----

  4. Re: SMTP Traffic Routing

    Robert wrote:
    > On Sat, 20 Jan 2007 23:20:28 +0000, Ansgar -59cobalt- Wiechers wrote:
    > > DigitalKid wrote:
    > >> The reason for my doing this is that the MX record is pointed to one
    > >> of the IP addresses of the OPT port. If I send mail out and it goes
    > >> out of the IP that is associated with the WAN port (Different than the
    > >> OPT IP) it is categorized as SPAM as the MX reverse look up is bad.

    > > Tell whoever is doing this to stop being an idiot. The MX is the host
    > > supposed to *receive* mail. The MX record doesn't say anything at all
    > > about which host is sending out mail from this domain.

    > If I understand what you are saying, I can only ask......
    > Are you for real?


    Ansgar is right.

    Please read RFC 974 / STD 10.

    Yours,
    VB.
    --
    "Pornography is an abstract phenomenon. It cannot exist without a medium
    to propagate it, and it has very little (if anything at all) to do with sex."
    Tina Lorenz


  5. Re: SMTP Traffic Routing

    Robert wrote:
    > On Sat, 20 Jan 2007 23:20:28 +0000, Ansgar -59cobalt- Wiechers wrote:
    >> DigitalKid wrote:
    >>> The reason for my doing this is that the MX record is pointed to one
    >>> of the IP addresses of the OPT port. If I send mail out and it goes
    >>> out of the IP that is associated with the WAN port (Different than
    >>> the OPT IP) it is categorized as SPAM as the MX reverse look up is
    >>> bad.

    >>
    >> Tell whoever is doing this to stop being an idiot. The MX is the host
    >> supposed to *receive* mail. The MX record doesn't say anything at all
    >> about which host is sending out mail from this domain.

    >
    > If I understand what you are saying, I can only ask......
    > Are you for real?


    Yes.

    However, if the OP must work around this he might try configuring the MX
    as the smarthost for his clients/MTAs and have the SonicWall send out
    all traffic from the MX on the OPT interface (if possible, I'm not
    familiar with SonicWall or the OP's network).

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  6. Re: SMTP Traffic Routing

    I understand what your issue is as we also have recently had this
    issue. For those who have previously replied you need the mx record to
    be attached to the emails or else companies such as aol and bt internet
    are unable to carry out a Rdns on the emails so classify it as spam and
    refuse to accept it.
    What you need to do is setup a NAT rule whereby the mx record ip
    address is transformed to your public address - then you need to tick
    the create reverse rule option - this will set it up to send mail from
    your internal to external ips using the mx record ip.
    Dont forget to apply the correct firewall rules as well.
    Should you have any problems feel free to email me as i know it can be
    a pain to solve.

    Phil


    DigitalKid wrote:
    > Hello All,
    >
    > I am wondering if anyone knows of a way to Route all outbound SMTP
    > traffic through a specific IP address. Here is the Scenario:
    >
    > I have a SonicWall with enhanced OS. It of course has a WAN IP address.
    > It also has 2 IP addresses associated with the OPT port for public
    > servers. I recently changed the IP address of my mail server from> take any SMTP (Or all traffic if that is easier) and send it out of one
    > of the IP addresses associated with the OPT interface.
    >
    > The reason for my doing this is that the MX record is pointed to one of
    > the IP addresses of the OPT port. If I send mail out and it goes out of
    > public to private. What i am looking to do is tell the SonicWall to


    > the IP that is associated with the WAN port (Different than the OPT IP)
    > it is categorized as SPAM as the MX reverse look up is bad.
    >
    > If anyone can provide any opinions or solutions it would be greatly
    > appreciated.
    >
    > Thanks,
    >
    > Jason



  7. Re: SMTP Traffic Routing

    Phil wrote:
    > I understand what your issue is as we also have recently had this
    > issue. For those who have previously replied you need the mx record to
    > be attached to the emails or else companies such as aol and bt
    > internet are unable to carry out a Rdns on the emails so classify it
    > as spam and refuse to accept it.


    Do they require that the rDNS lookup is successful (i.e. returns a name)
    or do they require that the rDNS lookup matches a/the MX record? The
    latter would be - as stated before - utter nonsense.

    > What you need to do is setup a NAT rule whereby the mx record ip
    > address is transformed to your public address -


    No. What you need to do - if you must work around this - is to use your
    MX as a smarthost for sending out mail, and make sure that outbound
    communication of the MX is NATed to the IP address given in the MX
    record.

    Or, since the MX host has a private address, maybe you can change the MX
    entry in DNS to the public IP address and forward port 25/tcp to the MX.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  8. Re: SMTP Traffic Routing

    59cobalt, you obviously have no idea how spam validation works, and you would be best suited to keep your mouth closed before you make a bigger idiot of yourself.
    Spam detection programs, check multiple sources to make sure that the sender matches the expected location, and AOL and BT check the sending IP matches a IP assigned against a MX record for the domain RDNS is one of these methods amongst multiple others, this along with SPF records and PTR records assigned against a IP.

    Our set up is the same as this, and we had to configure our smtp is set to go through the opt interface, however I cant remember how it was done and it was a right pain as we still needed failover, when failed over we couldnt send out, however it allowed inbound mail. I now this may not be much help other than to say it can be done

+ Reply to Thread