Hello guys,
Another guy making his first steps with emails here.
I've set a PMG to relay emails for 3 domains to a single MS Exchange 2013 server (MB and CAS roles). Configured DKIM, TLS, DMARC, etc., and everything looks fine in the "tracking center". The thing is.. there is an external company (let's say ABC Co.) who provides services to my customer and that company used to send emails through a dedicated receive connector in the Exchange with anonymous auth from a specific public IP address.
Well, that NAT configuration is not active anymore and everything goes through the PMG, and I'm getting these lines for each email ABC Co. app/service is trying to send.
These are the options I've set for mail proxying
And this is how email flows in this case
Incoming
[MS EX] <=TCP 25== [PMG] <=TCP 25== [INTERNET] <=== [ABC Co.]
Outgoing
[MS EX] ==TCP 26=> [PMG] ========> [INTERNET] ===> [EXTERNAL CUSTOMERS]
My logic says, it is failing because no unauthenticated emails are allowed from external port 25.
I've read some posts recommending to add the remote IPs to "Configuration --> MailProxy --> Networks", but I think those are for internal networks only.. so the behaviour on external port 25 will be the same. Please correct me if I'm wrong!
is there a way to allow unauthenticated senders "from a known source IP address" on the external PMG port?
Is are any way at all to solve this?
If there is no workaround, I think I will configure that NAT directly to the mail server filtering by source IP addresses
Thanks in advance!!!
Max
Another guy making his first steps with emails here.
I've set a PMG to relay emails for 3 domains to a single MS Exchange 2013 server (MB and CAS roles). Configured DKIM, TLS, DMARC, etc., and everything looks fine in the "tracking center". The thing is.. there is an external company (let's say ABC Co.) who provides services to my customer and that company used to send emails through a dedicated receive connector in the Exchange with anonymous auth from a specific public IP address.
Well, that NAT configuration is not active anymore and everything goes through the PMG, and I'm getting these lines for each email ABC Co. app/service is trying to send.
Jun 8 16:49:07 pmg postfix/postscreen[22833]: CONNECT from [200.20.30.40]:52178 to [172.16.xxx.xxx]:25
Jun 8 16:49:07 pmg postfix/postscreen[22833]: WHITELISTED [200.20.30.40]:52178
Jun 8 16:49:07 pmg postfix/smtpd[22842]: connect from unknown[200.20.30.40]
Jun 8 16:49:07 pmg postfix/smtpd[22842]: NOQUEUE: reject: RCPT from unknown[200.20.30.40]: 554 5.7.1 <customer@gmail.com>: Relay access denied; from=<user@internal-domain.com to=<customer@gmail.com> proto=ESMTP helo=<asd.gestionbos.com>
Jun 8 16:49:07 pmg postfix/smtpd[22842]: lost connection after RSET from unknown[200.20.30.40]These are the options I've set for mail proxying
And this is how email flows in this case
Incoming
[MS EX] <=TCP 25== [PMG] <=TCP 25== [INTERNET] <=== [ABC Co.]
Outgoing
[MS EX] ==TCP 26=> [PMG] ========> [INTERNET] ===> [EXTERNAL CUSTOMERS]
My logic says, it is failing because no unauthenticated emails are allowed from external port 25.
I've read some posts recommending to add the remote IPs to "Configuration --> MailProxy --> Networks", but I think those are for internal networks only.. so the behaviour on external port 25 will be the same. Please correct me if I'm wrong!
is there a way to allow unauthenticated senders "from a known source IP address" on the external PMG port?
Is are any way at all to solve this?
If there is no workaround, I think I will configure that NAT directly to the mail server filtering by source IP addresses
Thanks in advance!!!
Max
