1. Store
  2. Apps
  3. Hardware
  4. Support
  5. Solutions

ClearFoundation

Forums
Welcome, Guest
Detailed Mail Gateway Setup for Spam and AV filter
(1 viewing) 1 Guest
Go to bottomPage: 1
TOPIC: Detailed Mail Gateway Setup for Spam and AV filter
#38467
Detailed Mail Gateway Setup for Spam and AV filter 2 Years, 4 Months ago  
I am planning to configure an existing ClearBOX 300 as a mail gateway at a site. They use GoDaddy for their email service now. They are interested in having additional Spam/AV filtering it would provide. The following is all I found for documentation...

--------------------
"Configuring the mail gateway is not much different than configuring a regular mail server. Go to the Antivirus and Antispam sections of the user guide to configure these software modules. The configuration options for these modules are straightforward.

For the SMTP Mail Server, the important option for configuring a mail gateway is the Mail Forward Domain List. If you are running your mail server at 192.168.1.10 for the domain example.com and example.org, the Mail Forward Domain List would be:

example.com - 192.168.1.10
example.org - 192.168.1.10

That is all there is to it. At this stage, you can double check that everything is in order. Change the outgoing (or SMTP) mail server settings in your mail client – use the IP address of the ClearOS gateway. Send a test message to your target domains (example.com or example.org) to make sure they arrive. You can also send a test spam message and Eicar test virus if you wish.

Firewall

The SMTP mail server port (25) must be open on the firewall. If you were running your ClearOS system as an Internet gateway, then you might have a port forward rule defined for your existing mail system. You want to disable this port forward rule!

Troubleshooting

The Primary Domain field can not be the same as one of the domain entries in the Domain Forward List."

-----------------------

It is a good start, and may be all I need; however, I have some questions.

1. Should all email clients on LAN be configured to point to ClearBOX for SMTP only? What about SMTP authentication, how is that handled?

2. Do I need to create actual users (email boxes) for each current user on ClearBOX to have a mail gateway filter only?

3. Should email clients on LAN continue to point to GoDaddy as they do now for POP3, or should they point to ClearBOX also?

4. Does it matter if they want to use POP3/IMAP, or POP3S/IMAPS as their email client config?

4. If their domain is COMPANY.COM can I make the primary domain field COMPANY.LAN?

Thanks. Would like to take the aggregate answers and add to docs above....
Dan
Senior Boarder
Posts: 41
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#38507
Re:Detailed Mail Gateway Setup for Spam and AV filter 2 Years, 4 Months ago  
Hi there,

I have a similar setup and you've pretty much got everything correct.

I made my primary domain.local

You must make sure the FW ports are open, the SMTP server is installed and running and then all you have to do is enter the domain to accept and relay it off to.

You do not need to setup users on the box either - it's a 'catch all per domain' sort of setup.

If you need help setting it up, let me know and I'll help - but really all the information you need is clear in the docs.

It's nice and simple
Christopher
Senior Boarder
Posts: 56
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#39507
Re:Detailed Mail Gateway Setup for Spam and AV filter 2 Years, 3 Months ago  
Christopher,

Thanks for the help. Read your posts and others about AV/Spam filtering.

You mentioned you changed the MX record for the domain you want to scan and pointed it to your ClearOS box, correct? The docs do not mention this step. Is this necessary?

Email is hosted at GoDaddy. Clients are all behind ClearOS box.

Have added domain "COMPANY.com" (which is different than primary domain on server "COMPANY.lan") and pointed to "smtp.secureserver.net" as Mail Forward Domain List entry using port 25.

Just point outgoing email clients to ClearOS box internal (private) IP? Sounds too simple.

Thanks.
Dan
Senior Boarder
Posts: 41
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#39648
Re:Detailed Mail Gateway Setup for Spam and AV filter 2 Years, 3 Months ago  
Are the following revisions to the online docs accurate? Thoughts?

--------------------
"Configuring the mail gateway is is simpler than configuring a regular mail server. Your specific steps to implement a Mail Gateway depends on which of the following two setups you are using:

1. ISP <-> ClearOS <-> Mail Server (like MS Exchange)

2. Hosted Mail Server <-> ISP <-> ClearOS

Scenario 1
Since your MX record all ready points to your ClearOS box, so you simply need to go to the Antivirus and Antispam sections of the user guide to configure these software modules. The configuration options for these modules are straightforward. Then you need to configure the ClearOS SMTP Mail Server. the important option for configuring a mail gateway is the Mail Forward Domain List. If you are running your mail server at 192.168.1.10 for the domain example.com and example.org, the Mail Forward Domain List would be:

example.com - 192.168.1.10
example.org - 192.168.1.10

That is all there is to it. At this stage, you can double check that everything is in order. Change the outgoing (or SMTP) mail server settings in your mail client – use the IP address of the ClearOS gateway. Send a test message to your target domains (example.com or example.org) to make sure they arrive. You can also send a test spam message and Eicar test virus if you wish.

Scenario 2

Your MX record currently points to your hosted email server. The first (lowest priority number) MX record needs to point to your ClearOS box so it can filter all inbound and outbound mail. Your DNS service (usually provided by the company you purchased your domain through) is where you change your MX record to point to your ClearOS box. You may want to leave your current MX record intact and simply add a new first MX record (with a lower priority number) that points to your ClearOS Mail Gateway, this way if the ClearOS box is not available, mail will still be delivered to your hosted email server as a backup.

Once the change is made, it usually takes a few hours for mail to start to route through you ClearOS box so you may want to make this the last change and do it at night so everything will be settled in for your next day of email.

The rest of the setup is similar to Scenario 1 above. Go to the Antivirus and Antispam sections of the user guide to configure these software modules. The configuration options for these modules are straightforward. Then you need to configure the ClearOS SMTP Mail Server. The important option for configuring a mail gateway is the Mail Forward Domain List which needs to point to your hosted provider. A great way to find this is to use www.mxtoolbox.net and enter your domain. Use the IP address for the MX record for the domain example.com and example.org, if you are running on GoDaddy the Mail Forward Domain List would be:

example.com - 72.167.238.201 (using GoDaddy servers as an example)
example.org - 72.167.238.201 (using GoDaddy as an example)

That is all there is to it. At this stage, you can double check that everything is in order. Change the outgoing (or SMTP) mail server settings in your mail client – use the IP address of the ClearOS gateway. Send a test message to your target domains (example.com or example.org) to make sure they arrive. You can also send a test spam message and Eicar test virus if you wish.

Firewall Ports Need

The following ports must be open on the ClearOS box in the Network -> Incoming section.

SMTP port 25 (or whatever SMTP port you use, GoDaddy also uses 3535)
POP/POPS/IMAP/IMAPS ports (your email clients like Outlook or Thunderbird use)

If you were running your ClearOS system as an Internet gateway, then you might have a port forward rule defined for your existing mail system. You want to disable this port forward rule!

Troubleshooting


The Primary Domain field can not be the same as one of the domain entries in the Domain Forward List."

-----------------------
Dan
Senior Boarder
Posts: 41
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#39751
Re:Detailed Mail Gateway Setup for Spam and AV filter 2 Years, 3 Months ago  
Hi all,

Could you provide me with some clarification for the mail relay function: In the setup guide it states: "The Primary Domain field can not be the same as one of the domain entries in the Domain Forward List."

I have my system setup with the Primary Domain as: bataltd.co.uk

This is the domain I have listed in the mail forward domain list - and its working without a problem, all my @bataltd.co.uk mail is getting to the server listed in the forward list.

why is the guide advising not to do this?
David Clayton
Platinum Boarder
Posts: 398
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
Go to topPage: 1
  get the latest posts directly to your desktop