Internet <-> Encryption Gateway <-> EFA <-> Exchange -> How to set up? [FIXED]

Questions and answers about how to do stuff
Post Reply
Theresienklinik
Posts: 2
Joined: 28 Sep 2018 11:24

Internet <-> Encryption Gateway <-> EFA <-> Exchange -> How to set up? [FIXED]

Post by Theresienklinik »

Hi,

i am working with the efa since yesterday - playing around :)

What i realy need ist the following setup:
internet <=> email encryption gateway <=> EFA <=> exchange <=> email client

I played around with the Domain Relay, the Postfix Transport Settings and so on. I am able to configure the EFA so i takes Mails from Exchange Server and sent them to den encryption GW, but can´t configure it the same way it will recieve Mails from the Encryption GW.
An other try i played around with the above settings and changed ip adresses so it takes Mails from the Encryption GW, but cant´t sent them to Exchange :(

Bevore i get to detailed i just want to ask if someone already has a working config for this scenario? If necessary i can post detailed what i did and what was the failure, step by step.

Thank you in advance,
Chris
Last edited by Theresienklinik on 02 Oct 2018 16:53, edited 1 time in total.
thewomble
Posts: 50
Joined: 17 Jan 2017 12:52

Re: Internet <-> Encryption Gateway <-> EFA <-> Exchange -> How to set up?

Post by thewomble »

What is the purpose of the Encryption Gatway? To send mail out encrypted using PKI (like PGP), or send a web messenger link if PKI is not avilable and decrypt the replies?

I would recommend the inbound mail flow

Internet >>> EFA >>> Encryption GW >> Exchange, EFA is be better placed the protect you from internet attacks, DMARC, DKIM, SPF, Greylisting,RBL' etc.

Outbound I would configure Exchange >> Encryption GW >> Internet
Theresienklinik
Posts: 2
Joined: 28 Sep 2018 11:24

Re: Internet <-> Encryption Gateway <-> EFA <-> Exchange -> How to set up?

Post by Theresienklinik »

Hi thewomble,

first of all thank you for the reply.

We, as a hospital, are handling very sensitive data. Facing the german law we installed TLS and End2End Encryption (PGP and S/MIME) in our environment. Since efa is not able to handle encrypted mails, i have to place efa behind ciphermail MTA.

Today i figured out the correct settings ;-)

Logged into Webmin:
Postfix, Transport:
maildomain.de -> smtp:[mailserverip] (Exchange)
Postfix, Setting:
Local Networks: ipadreessofciphermail (Encryption Gateway)

I am not shure if adding the ip´s of both servers (ciphermail & exchange) into the hostfile did the final trick: but as i switched ciphermail to transport all mail traffic to efa bevore, i got error in ciphermail like "454 Relay access denied" and "450 4.7.1 Client host rejected: cannot find your reverse hostname".

Now, everything works fine and very well :) :)

Thank you!
Post Reply