1 2 Previous Next 12 Replies Latest reply: May 16, 2014 7:18 AM by Brad McGarr RSS

    email encryption

    mnoriega

      I'm trying to setup the Saas email encryption on my network. FOllowed all instructions but my smart host does not work.  I use a Watchguard as firewall and set a rule to only receive and send email from their addresses with not luck.  Any suggestions?  PLEASE HELP!!

        • 1. Re: email encryption
          Brad McGarr

          Hi mnoriega,

           

          What server environment are you operating with?

          • 2. Re: email encryption
            mnoriega

            Hi Brad thanks for answering.  Our email server is Exchange 2010 installed on a Windows 2008 R2 Standard.  I created the Smarhost using our internet connector that is working perfectly changin to "Route mail through sfbhn.org.outbound10.mslogic.net.  On the firewall Y modify the SMT RUles as follows:

             

            Incoming: From      208.65.144.0./21

                                           208.81.64.0/21   McAfee IPs

                              TO: 173.221.142.85 -> 192.168.1.103 (NAT from our external IP to Exchange Internal)  We also use filtering thru MCAfee

             

             

            Outgoing: FROM 173.221.142.85  (Our external, I also tried with the internal)

                                TO:      208.65.144.0/21

                                          208.81.64.0/21   McAfee IPs

             

            Not working.  I checked on our McAfee console and the smarthost is included in our inbound servers.

             

            DOn't know what I'm doing wrong.

             

            THANKS!

            • 3. Re: email encryption
              Brad McGarr

              mnoriega,

               

              You refered to an "internet connector", can you verify if this is the Send Connector? Follow these steps:

               

              • Open the Exchange Management Console
              • Click + next to Organization Configuration
              • Select Hub Transport, and select the Send Connectors Tab
              • Right click on your primary Send Connector, and select Properties
              • Go to the Network Tab
              • Select the option to Route mail thorugh the following smarthosts",
              • Click Add, and enter the smarthost address.
              • Port 25 should be open and allowed
              • No authentication should be configured
              • 4. Re: email encryption
                mnoriega

                HI Brad:

                 

                Yes is a send connector and I followed those instructions.  Port 25 is open but I only opened on the firewall for the McAfee IPs. I made sre that athentication was set to none.

                • 5. Re: email encryption
                  Brad McGarr

                  I'm not sure what is being missed. Is the send connector configured for all domains on the server? Something is preventing the send connector from sending outbound mail to the SaaS Cloud.

                  • 6. Re: email encryption
                    mnoriega

                    I did not created a second connector, only modified the existing one.  As soon as I create the connector the messages stop to go out, it does not matter what I have in the firewall. 

                    • 7. Re: email encryption
                      Brad McGarr

                      So, wait, when you have the connector enabled, mailflow stops?

                      • 8. Re: email encryption
                        mnoriega

                        Yes that is what hapen.

                        • 9. Re: email encryption
                          Brad McGarr

                          That usually indicates the IP address you believe the messages should be coming out on, is not actually the IP they are coming out on. Fastest way to figure out what IP others are seeing is to telnet to a host that reports back your IP address in response to a ehlo. I know comcast's servers do this, for example.

                           

                          Otherwise, I'd recommend contacting your supporting partner for additional assistance.

                          1 2 Previous Next