[SOLVED] PMG behind NAT SPF failed

[ciprianl]

Hi, is there a way to configure SPF when PMG and email server are behind NAT? PMG is working great but, in order to receive emails, I had to disable SPF check...
Thank you
Ciprian

 

[Stoiko Ivanov]

Which problems did you run into?

if PMG is behind a NAT device it should still see the original IP-address of the sending server and thus be able to do the SPF check...

 

[ciprianl]

If I set SPF check = ON, we can not receive emails , the error is "..recipient address rejected: rejected by spf: 192.168.100.1 is not a designated mailserver for ..."where 192.168.100.1 is my gateway internal IP address

 

[Stoiko Ivanov]

for ..."where 192.168.100.1 is my gateway internal IP address

seems your gateway is rewriting the source address as well - either you change your gateway/routers configuration - or you disable the SPF check in PMG - I don't see a way to change the SPF check to not use the source-IP

 

[ciprianl]

"seems your gateway is rewriting the source address as well"
This is happening always when behind the nat.

 

[ciprianl]

Very strange, I have another PMG in a similar config (behind NAT) and this one is working perfectly. Sender domain from same address is resolved correctly on this one . I don't know why on the other one is resolved as LAN IP of my gateway...

 

[ciprianl]

Well, I finally solved it. MAybe somebody will be in same situation as me so I will share it. The problem had nothing to do with PMG but with my router. The issue was related to bad config of masquerade. Thank you Stoiko for your clue: "if PMG is behind a NAT device it should still see the original IP-address of the sending server and thus be able to do the SPF check..." This made me look forward into my router config

 

[EugEnii]

Could you tell me in detail how you dealt with the problem?