Domainname:
Q: Does this include the entire domain –including that of the logon domain group (ie.. group.domain.com where group is the group\username and domain.com is the e-mail domain)?
Regarding an Exchange Server...
Q: Does the EFA Srv need to authenticate with an Active Directory Server in order to link with the Exchange Server? If so, where does authentication take place?
Q: As for port forwarding, currently (prior to incorporating EFA server), the firewall port forwards ports 25 and 443 to the exchange server (ie.. 192.168.1.5). EFA Srv = 192.168.1.6 (statically assigned)
Does the port forwarding (25 and 443) need to be redirected to EFA Srv = 192.168.1.6?
"I did redirect port forwarding (25 and 443) away from 192.168.1.5 and redirected to 192.168.1.6 believing the EFA Srv (192.168.1.6) was going to redirect legitimate e-mail traffic to exchange server = 192.168.1.5.
Can someone fill in some of the gaps from my questions I may be missing? I believe I followed everything to a T and tested sending e-mail from gmail, yahoo, and hotmail accounts and the Exchange server didn't receive any of the test e-mail messages until I reverted the firewall to the way things were before ports were redirected. Thank you.
Initial configuration questions...
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Initial configuration questions...
The domain should match your mx and ptr records.eitconsulting wrote:Domainname:
Q: Does this include the entire domain –including that of the logon domain group (ie.. group.domain.com where group is the group\username and domain.com is the e-mail domain)?
You can authenticate to MailWatch using LDAP. The place where folks tend to get hung up is recipient verification for postfix, if desired. If you don't want your appliance to accept mail for unknown recipients, you need to populate the /etc/postfix/recipient_access file.eitconsulting wrote: Regarding an Exchange Server...
Q: Does the EFA Srv need to authenticate with an Active Directory Server in order to link with the Exchange Server? If so, where does authentication take place?
viewtopic.php?t=795
EFA does not handle port 443. So you want to configure your SMTP Transport in Exchange for just 25 and send 443 straight to Exchange.eitconsulting wrote: Q: As for port forwarding, currently (prior to incorporating EFA server), the firewall port forwards ports 25 and 443 to the exchange server (ie.. 192.168.1.5). EFA Srv = 192.168.1.6 (statically assigned)
Does the port forwarding (25 and 443) need to be redirected to EFA Srv = 192.168.1.6?
"I did redirect port forwarding (25 and 443) away from 192.168.1.5 and redirected to 192.168.1.6 believing the EFA Srv (192.168.1.6) was going to redirect legitimate e-mail traffic to exchange server = 192.168.1.5.
Be sure to look at the /var/log/maillog to see what is happening between EFA and Exchange.eitconsulting wrote: Can someone fill in some of the gaps from my questions I may be missing? I believe I followed everything to a T and tested sending e-mail from gmail, yahoo, and hotmail accounts and the Exchange server didn't receive any of the test e-mail messages until I reverted the firewall to the way things were before ports were redirected. Thank you.
-
eitconsulting
- Posts: 4
- Joined: 07 Sep 2016 06:13
Re: Initial configuration questions...
Great response, very helpful. Thank you. 
I required a reboot after the kernel update. After the reboot, the filters began working.
Q1. Regarding the following when a quarantined message occurs: "If you are satisfied that this message is not spam, you can release it from quarantine
by clicking" http://antispamserver.domain.com/cgi-bi ... xxxxxx4140
**I temporarily reconfigured the firewall away from the httpS://exchange.com/owa and pointed it the EFA anti-spam server and the link to UNquarantine the quarantined message was successful.
The problem now is, ...Exchange currently uses https/443 for OWA (Outlook Web Access) and therefore, https://exchange.com/owa is now inaccessible.
Can the EFA antispam server's http to https redirection be prevented OR altered to a different port so that it doesn't take https/443 away or conflict with Exchange's https://OWA on the same router? If so, how, please?
Q2. Also, can the "redirected" web page be customized to include the administrator's phone number, an e-mail and/or our https://helpdesk.xxx site on the page?
I required a reboot after the kernel update. After the reboot, the filters began working.
Q1. Regarding the following when a quarantined message occurs: "If you are satisfied that this message is not spam, you can release it from quarantine
by clicking" http://antispamserver.domain.com/cgi-bi ... xxxxxx4140
**I temporarily reconfigured the firewall away from the httpS://exchange.com/owa and pointed it the EFA anti-spam server and the link to UNquarantine the quarantined message was successful.
The problem now is, ...Exchange currently uses https/443 for OWA (Outlook Web Access) and therefore, https://exchange.com/owa is now inaccessible.
Can the EFA antispam server's http to https redirection be prevented OR altered to a different port so that it doesn't take https/443 away or conflict with Exchange's https://OWA on the same router? If so, how, please?
Q2. Also, can the "redirected" web page be customized to include the administrator's phone number, an e-mail and/or our https://helpdesk.xxx site on the page?
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Initial configuration questions...
That feature is deprecated....just a heads up. You can disable it in EFA-Configure under Spam Settings
Yes, you can use a different port besides 443. I'll have to dig up some notes, but basically you need to tell Apache to listen on a different port, and then modify links in various places to use the new port. This could get a little hairy...but it should be possible.
Yes, you can use a different port besides 443. I'll have to dig up some notes, but basically you need to tell Apache to listen on a different port, and then modify links in various places to use the new port. This could get a little hairy...but it should be possible.