How do authentication Mailenable login for smarthost?

[H.c.K]

Hi, we used sophos before, but we decided to use pmg now because pmg is much more beautiful and configurable.
We have about 10 mailenable servers. There are thousands of accounts in it. I understand that every server can use and display pmg as smarthost. In other words, a mail server I don't know can show my pmg server as smarthost and send mail. Idont want this. I want pmg to only accept and forward mail from the ip address I allow. How should I proceed? Can you help me?
I use translation for English. I'm sorry if there's a mistake.

 

[Stoiko Ivanov]

In PMG the restriction on who can send works based on the internal and external port.
Default settings are port 25 = external port, port 26 = internal port
All IP's listed under 'Configuration' -> 'Mail Proxy' -> Networks can send e-mail (to all addresses ) to the external port (no other IP can send e-mail there)

The whole internet can send email to your Relay Domains on the external port

I hope this explains it!

 

[H.c.K]

In PMG the restriction on who can send works based on the internal and external port.
Default settings are port 25 = external port, port 26 = internal port
All IP's listed under 'Configuration' -> 'Mail Proxy' -> Networks can send e-mail (to all addresses ) to the external port (no other IP can send e-mail there)

The whole internet can send email to your Relay Domains on the external port

I hope this explains it!

Hello Stoiko,
I tried to ask today. Mail Proxy -> Relaying error when I try to send an e-mail from a mail server that is not in the section. That was the answer to my question. I thought different servers could send my pmg address as smarthost and send mail without my knowledge.

"Relaying" section can only send and receive mail from the ip address. Provided it's in Relay Domains. It might be the answer to those who think I'm thinking.

Stoiko, I want to ask you this question. I think it will help me. I have 9 example mailenable servers. I want the PMG to check incoming and outgoing emails. What kind of path do I have to follow?

mail1.abc.com -> 1.1.1.1
mail2.abc.com -> 1.1.1.2
mail3.abc.com -> 1.1.1.3
mail4.abc.com -> 1.1.1.4
mail5.abc.com -> 1.1.1.5
mail6.abc.com -> 1.1.1.6
mail7.abc.com -> 1.1.1.7
mail8.abc.com -> 1.1.1.8
mail9.abc.com -> 1.1.1.9

pmg1.abc.com -> 1.1.1.10
pmg2.abc.com -> 1.1.1.11

Can I connect 9 mail servers to 2 pmg servers as a cluster?
Can you guide me on this? When I finish my work, I think about collecting the subject and opening a general topic about how we do it.
Since my English is poor, I would appreciate it if you could help us through the sample servers above.

 

[Stoiko Ivanov]

You configure all your 'downstream' servers (mail1.abc.com - mail9.abc.com) to relay mail via pmgX.abc.com (which is a DNS-entry having 2 A records
(1.1.1.10 and 1.1.1.11)) on port 26 (this is outgoing checking)

You add 1.1.1.1 - 1.1.1.9 in 'Configuration'->'Mail Proxy' -> 'Networks'
You add all domains that are hosted on mail1.abc.com - mail9.abc.com in 'Configuration'->'Mail Proxy' -> 'Relay Domains'
For each domain that is hosted on mail1.abc.com you create an entry in 'Configuration'->'Mail Proxy' -> 'Transports' pointing it to mail1.abc.com
(the same you do for mail2 - mail9)

you change the MX records for all domains to point to the public IPs of pmg1.abc.com and pmg2.abc.com

That should be it

I hope this helps!

 

[H.c.K]

You configure all your 'downstream' servers (mail1.abc.com - mail9.abc.com) to relay mail via pmgX.abc.com (which is a DNS-entry having 2 A records
(1.1.1.10 and 1.1.1.11)) on port 26 (this is outgoing checking)

You add 1.1.1.1 - 1.1.1.9 in 'Configuration'->'Mail Proxy' -> 'Networks'
You add all domains that are hosted on mail1.abc.com - mail9.abc.com in 'Configuration'->'Mail Proxy' -> 'Relay Domains'
For each domain that is hosted on mail1.abc.com you create an entry in 'Configuration'->'Mail Proxy' -> 'Transports' pointing it to mail1.abc.com
(the same you do for mail2 - mail9)

you change the MX records for all domains to point to the public IPs of pmg1.abc.com and pmg2.abc.com

That should be it

I hope this helps!

Stoiko, you're a great person. Thank you.

My mx records and pmg servers:
pmg1.abc.com - 1.1.1.10
pmg2.abc.com - 1.1.1.11


Here's what I'll do:
1- I add all the servers to the network section. 'Configuration'->'Mail Proxy' -> 'Networks'
mail1.abc.com -> 1.1.1.1
mail2.abc.com -> 1.1.1.2
mail3.abc.com -> 1.1.1.3
mail4.abc.com -> 1.1.1.4
mail5.abc.com -> 1.1.1.5
mail6.abc.com -> 1.1.1.6
mail7.abc.com -> 1.1.1.7
mail8.abc.com -> 1.1.1.8
mail9.abc.com -> 1.1.1.9

2- I have added all domain addresses in 9 mailenable servers to 2 pmg servers (pmg1.abc.com and pmg2.abc.com). 'Configuration'->'Mail Proxy' -> 'Relay Domains'

3- I'm adding my mail servers to the transports section. 'Configuration'->'Mail Proxy' -> 'Transports'

Relay Domain	Host	Port	Use MX	Comment
mail1.abc.com	1.1.1.1	25		1. mail server
mail2.abc.com	1.1.1.2	25		2. mail server
mail3.abc.com	1.1.1.3	25		3. mail server
mail4.abc.com	1.1.1.4	25		4. mail server
mail5.abc.com	1.1.1.5	25		5. mail server
mail6.abc.com	1.1.1.6	25		6. mail server
mail7.abc.com	1.1.1.7	25		7. mail server
mail8.abc.com	1.1.1.8	25		8. mail server
mail9.abc.com	1.1.1.9	25		9. mail server

The mx section confused me. I don't know exactly what it means.

4- I'm updating the mx record of the domains on all my mail servers as pmg1.abc.com and pmg2.abc.com.

5- pmg1.abc.om -> Confugariton -> Cluster -> Create

6- pmg2.abc.om -> Confugariton -> Cluster -> Join to pmg1.abc.com

If there's something wrong, can you fix it?


--

I also have one more question.

We are currently using 'pmg1.abc.com'. We use it for 'mail1.abc.com'. We are able to receive mail successfully. We can successfully send mail as smarthost.

On the pmg1.abc.com server, the 'Configuration' -> 'Mail Proxy' -> 'Relaying' section is configured as follows.
Refault Relay: 1.1.1.1
SMTP Port: 587
Disable MX Lookup: no
Smarthost: none
We are now able to successfully receive mail to the 'mail1.abc.com 1.1.1.1' server and send mail via pmg1.abc.com.

what if someone sends an email to an address on 'mail2.abc.com'?
As we talked to you: Is it a problem when mail comes to mail2.abc.com?
a) Sent mail -> pmg1.abc.com -> Relay -> Configuration -> Mail Proxy -> Default Relay -> 1.1.1.1 -> The domain 'mail1.abc.com' does not exist. Mail could not be delivered.
b) Sent mail -> pmg1.abc.com -> Relay -> Configuration -> Mail Proxy -> Network -> 1.1.1.2 -> This domain exists on server 'mail2.abc.com'. Was delivered.

I know I ask a lot of questions. It's been a long article. Please tolerate want to fully understand the structure.