EFA behind another mail relay (inbound)

General eFa discussion
Post Reply
p_il_musicante
Posts: 3
Joined: 06 Oct 2017 09:55

EFA behind another mail relay (inbound)

Post by p_il_musicante »

EDIT
Actually we have in production an eFa appliance ahead of the mail server and behind internet firewall.

See the following scheme

| FW | --> | eFa | --> | Mail Server |

we want to put a new mail relay between firewall and eFa still leaving the original mail server (adding on other hop)

See the following scheme for the new infrastructure

| FW | --> | new mail relay | --> | eFa | --> | Mail Server|

is it needed any change on eFa configuration or it will still work correctly?

Should we expect any issue from the change of the senders IP adresses, from the orignal public IPs to the new mail relay private IP adress?

FYI our eFa configuration doesn't have reverse dns lookup or any kind of check on IP addresses
Last edited by p_il_musicante on 05 Apr 2018 15:00, edited 2 times in total.
budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: EFA behind another mail relay (inbound)

Post by budy »

It sure is - this is the way, we are doing it. Just configure your mail gateway correctly to send all messages for it's resp. domains to eFa.
p_il_musicante
Posts: 3
Joined: 06 Oct 2017 09:55

Re: EFA behind another mail relay (inbound)

Post by p_il_musicante »

See the following scheme

| FW | --> | eFa | --> | Mail Server |

we want to put a new mail relay between firewall and eFa still leaving the original mail server (adding on other hop)

See the following scheme for the new infrastructure

| FW | --> | new mail relay | --> | eFa | --> | Mail Server|

is it needed any change on eFa configuration or it will still work correctly?

Should we expect any issue from the change of the senders IP adresses, from the orignal public IPs to the new mail relay private IP adress?

FYI our eFa configuration doesn't have reverse dns lookup or any kind of check on IP addresses
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: EFA behind another mail relay (inbound)

Post by pdwalker »

Sure, all you have to do is configure EFA to use your new mail gateway as a "smart host". Thus, efa will forward the messages onto the new mail gateway and leave it to the mail gateway to forward the messages for you.
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: EFA behind another mail relay (inbound)

Post by jamerson »

Hi We have this configured on a production and it does works fine.

i dont know which FW are you using but it smart to configure a relay in case one of the EFA is down the emails keeps working.
| FW | --> | new mail relay | --> | eFa | --> | Mail Server|

Configure the Mail Server to hand out the emails to the EFA and the new Mail relay.
Configure the EFA to hand out the emails "smarthost" to the new mail relay.
Configure the new mail relay to send out emails using the mx records or ISP SMTP relay.
Configure the Firewall maybe a loadbalancing to forward port 25 to both EFA and new Mail relay.

we have this configure and its great for load balancing.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Post Reply