efa-project.org

Hello

I would like to use efa.
I have mail server on internal network - LAN - 192.168.*.*
What is best practice to use EFA?

1. EFA on public IP with 2 interfaces (eth0 WAN, eth0 LAN) to communicate with mail server
2. EFA with internal IP - LAN + virtual IP on router with specific ports open?

I have tested both but with 1 option i cant set 2 different gateways, EFA config changes both gateway interfaces at once
with one IP on and router config i wasnt able to get email to mail server also and all traffic was from router IP - this is true.

What is Your experiance with configuration? Do You use 2 interfaces?

Best regards
Maciek

Hi,

in my opinion one interface/one firewall:

WAN
|
firewall --- DMZ --- EFA
|
LAN --- mailserver


with two firewalls:
WAN
|
firewall1
|
DMZ --- EFA
|
firewall2 --- LAN --- mailserver

EFA @ DMZ
mailserver @ DMZ (mailserver-only) OR @ LAN (with private DNS-Server, DHCP-Server, AD/Directory Server, Intranet & co. on it)
Of course in this constellation you have to make more firewall rules (https://efa-project.org/wiki/Firewall_ports), but it is (probably) safer.

Hi,

Thank You for Your answer & time.

I'll try to do it, but my last test showed me that Exchange can recive mail but EFA had problem to send mails to outside.


Best Regards
Maciek

If your network and firewalls are configured correctly, efa should have no problem sending mail outside.

perhaps you could be a bit more specific as to what that problem is?

maillog says: relay=none, delay=11499, delays=11498/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)

I'm tryin to build new envoirment for test but 2012 Updates are more than 1,5 GB

Do you have a static or a dynamic public IP(v4)?

static

From your EFA box, can you telnet successfully to another smtp box?

e.g. telnet <another mailserver 25>


What about /var/log/maillog? Are there any interesting messages in there that give more information?

telnet works fine
maillog says: relay=none, delay=11499, delays=11498/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)

Go to https://mxtoolbox.com/NetworkTools.aspx an check "mx", "smtp" and "blacklist".

There are no other interesting lines in maillog around the same place? Could you give us some more information from maillog, say 10 lines before and after that line.

on new envoirment everything works fine, thank You for Your time and help!