external emails inbound skipping efa

Questions and answers about how to do stuff
Post Reply
ictsupport
Posts: 4
Joined: 10 Apr 2017 01:26

external emails inbound skipping efa

Post by ictsupport »

Hi there.
We got an EFA running out of our LAN with a public IP. I receive emails and EFA it's doing a great job filtering. But there are also some emails (specially spams) that are not going through EFA but directly to our Exchange servers. The server that has an anti-spam install has filtered them out. I know they are not going through EFA as those messages do not appear on EFA reports and clearly they are spam.
My Active mounted Exchange has receive connector configured with the public IP allocated to our EFA. My MX record is set to EFA's ip.

What configuration changes I need to make to force all incoming emails to go through EFA?
Thanks
TheGr8Wonder
Posts: 97
Joined: 01 Jul 2017 02:32

Re: external emails inbound skipping efa

Post by TheGr8Wonder »

Sounds like you still have a firewall NAT rule that points directly to your exchange for inbound mail. If you want to avoid external mail from getting to it directly, you will need to only allow SMTP inbound to hit EFA, and not both EFA and Exchange. spammers can be using the IP directly to exchange, and bypassing MX and DNS.

You can also limit the exchange receive connector to only accept from the internal IP of your EFA, and not the default 0.0.0.0-255.255.255.255 network on the receive connector.

It's always best to harden your exchange receive connectors, especially if using a filter appliance. :)
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: external emails inbound skipping efa

Post by pdwalker »

Exactly this. Your firewall is allowing mail to go to your exchange server directly, rather than bridged through your EFA box.

Once you have a working EFA setup, you need to make sure that mail is only delivered to the EFA box for processing at which point EFA will deliver it to your exchange server.
Post Reply