Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » SMTP EOP Relay (Relay is failing due to IP address alteration)
  •  
Corey

Messages: 3
Karma: 0
Send a private message to this user
TLDR: Can I pass SMTP traffic through Kerio Control and hit the on-premise Exchange server without the sending IP address being altered?

Running version 8.3.4 Build 2461.

Everything has been running fine for years, however we've now migrated to a Hybrid Office 365/Exchange 2010 on-premise setup.

As part of the configuration the receive connector "Inbound from Office 365" is created (to relay all email from Office 365 to the world through the on-premise server), all the various IP addresses for Exchange Online Protection (EOP) are populated for relaying on the connector, I ran the command to allow anonymous relay etc. Everything looks to be in place however after checking the log files in Exchange I can see that the wrong connector is being hit, and this is because at some point the inbound email IP address is changed from whichever o365 server sends it to the IP address of the LAN on the Kerio Control Box.

So I'm assuming this is a configuration setting I need to change in Kerio Control?, or alternatively I might look at trying to bypass Kerio Control for SMTP traffic.

The rule that is in place for email is:

Source: Internet Interfaces
Destination: Firewall
Service: HTTPS/SMTP
Action: Allow
Translation: NAT Balancing per host MAP 10.0.29.4

Does anyone know how I can achieve what I'm trying to do?

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Yes. Change your traffic rule and disable NAT. Leave only MAP part.
You don't need NAT there.

Petr Dobry
Product Development Manager | Kerio
  •  
Corey

Messages: 3
Karma: 0
Send a private message to this user
Sorry I forgot to mention I did try that, once I do it email stops flowing into the Exchange Server.

If I then try to telnet into the server from an external source it fails with the error:

421 4.3.2 Service not available
Connection to host lost.

Do you have any other suggestions?

Cheers
Corey
  •  
Corey

Messages: 3
Karma: 0
Send a private message to this user
I did some more checking on some Exchange forums related to the above message and found I needed to adjust my other non Office 365 receive connector to accept all addresses (0.0.0.0-255.255.255.255), I then checked to ensure I was not an open relay and it all looks good. Email appears to be flowing correctly again.

Thanks for pointing out that setting, which led to me follow it up.

Cheers
Previous Topic: Kerio Control 9.0.0 RC1 is ready for testing.
Next Topic: libVPN: Authentication failed(161)
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Jun 26 14:15:10 CEST 2017

Total time taken to generate the page: 0.00401 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.