Please Help!

Currently My Mail System  look like this

McAfee WebShield 4.5.1 Gateway listen on port 25 forward to Mail Server (FTGate 2.x )on port 5088  both are installed on same machine, client machine configure to send/receive on LAN IP address port 25

I try to install SpamFilter ISP to work with current mail system and my user can send mail to internet without change their mail configuration.

I have tried  

WebShield port 25  forward to port 5087 (SpamFilter)

SpamFilter  listen on port 5087 forward to port 5088 (FTGate mail Server)

But still cannot send mail to Internet.  

I need help!,  thanks very much

kjd

Hi,

I'm not sure I have an exact answer for your problem, but if Webshield is set to forward email it receives to Spam Filter, and Spam Filter is set to forward email it receives to your Email Server, then it is your Email Server that must be configured to send out the email. I am not familar with Webshields enough to know exactly how it's operating in your environment.

However, by having Spam Filter not answer for port 25 you lose the ability to block emails by IP since in your configuration the email is always coming from the same machine. A different approach might be to have Spam Filter on port 25, Webshield on a different port, and let Spam Filter handle incoming mail. In this scenario you get the benefit of using blacklist blocking on the emails.

Another approach, and I say it this way because I don't know how Webshield works, but you could leave your existing configuration as-is since it worksm, but add a second IP to your NIC on your server. Assign Spam Filter to answer port 25 on that IP only. Set your firewall to point incoming email to that same IP. This let's Spam Filter answer for port 25 and you get the ability to use the blacklist via incoming IP. Have Spam Filter forward email to the original IP port 25. Your users still use the original IP to send/receive email, incoming email from the Internet gets filtered, so both things may be addressed.

bill

Thanks Bill,

McAfee WebShield SMTP is an Anti-Virus Internet Mail Gateway, It's run on NT4 sp6a

yes, I have tried to set  spamfilter listen on port 25 and forward to webshield on port 5087 then forward to FTGate mailserver on port 5088

but LAN's user cannot send mail to internet, it's rejected -- no relay allowed

 it's error somethings like this...

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was mailto:'kitti10160@yahoo.com'" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - 'kitti10160@yahoo.com' . Subject 'test 7may04', Account: '128.4.200.1', Server: '128.4.200.1', Protocol: SMTP, Server Response: '557 You are not allowed to send mail to mailto:kitti10160@yahoo.com'" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - kitti10160@yahoo.com' , Port: 25, Secure(SSL): No, Server Error: 557, Error Number: 0x800CCC79

If all 3 servers are on the same machine, the "best" setup should follow the following: (ports can be your choic.  This is my example of a known working system.)

First Server: SpamFilter  LISTEN Port = 25  SEND Port = 26

Second Server: WebShield 4.5  LISTEN Port = 26   SEND Port = 5525

Third Server: (Standard Mail Server) LISTEN Port = 5525

The problem here is that WebShield is the server that your clients should mail through and the port is not standard.  So ....

The fact is that WebShield will ONLY LISTEN on the Windows NT PRIMARY IP so here is what can be done.  Set up a second IP and set your MX record to point to that.  Set SpamFilters LISTEN IP to be the Secondary IP and the Port to be 25. Set the destination server to the PRIMARY IP and the port to 25

Then you can set WebShield to LISTEN on 25 and send to what ever your mail server is set for.  Your clients should be set to send on the PRIMARY IP.

WebShield settings MUST be set as follows:

Under the "Delivery" Tab, And then the "Mail Send" tab, the "WebShield and the mail server are on the same server" must be checked.   Delivery Methode should be set to Deliver all email to the local mail server.

In the Anti Spam-Relay section, all your client IP must be included and you must (due to a bug) have at least one domain listed and it really doesn't matter what domain as long as it is one of your valid ones.

I hope this helps.  It is not as complicated as it sounds.  Just hard to explain.

Regards,

Dan S.

Kitti,

Please note that by default SpamFilter is configured and designed to handle your incoming email only, it will not allow emails to be relayed to the internet. It does this by accepting only emails addressed to the domains listed in your "Local Domains". Any email that is given to SpamFilter for delivery that is not going to a domain in that list will be rejected. If this was not the case, spammer on the internet would be using SpamFilter as an open relay to send their spam email.

This means that if you have SpamFilter configured to listen on port 25, and your internal customers have SpamFilter's IP and port configured as their "outgoing SMTP server" in their email client settings, they will not be allowed to relay when sending email to the internet.

If you'd like to allow them to relay, you will need to add the IP addresses (or class C's - B's) of your internal customers to an IP whitelist in SpamFilter so that relay can occur.

If instead you still have Webshield configured to listen on port 25, and have it forward email to SpamFilter, you will need to add Webshield's IP address to SpamFilter's IP whitelist so that it can relay mail. Please note that if you do this you'll need to configure Webshield properly so that it does not become an open relay.

Roberto F.
LogSat Software

Thanks to all,

My 3 servers configure perfect and worked as I expected.

Thanks again.

KJD