![Untangle Networks [home]](http://www.untangle.com/templates/untangle_networks_template_950px/public/images/logo.gif){kind=logo}
![Untangle Networks [home]](http://untangle.com/templates/untangle_networks_template_950px/images/untangle_logo.gif){kind=logo}
06-10-2009, 12:45 AM
|
#1 (permalink) |
|
Newbie
Join Date: Jun 2009
Posts: 4
|
Spam Blocker not filtering SMTP mail ?
Hi,
Just installed UT 6.2 into my small network for it's content filtering capabilities after a long break, I have a perimeter firewall which acts as a router and NAT device. I then have the UT device acting in 'bridge' mode, after which the network including our email server. I am running : Spam blocker Phish blocker Spyware Blocker Virus Blocker Intrusion Prevention AdBlocker the email server is a standard SMTP/IMAP etc server, and all the clients and servers have no issues operating, for all services, including the email server recieving SMTP email, which the clients then connect to by IMAP. since installing UT the amount of Spam being delivered has increased dramatically into the tens a day. I have configured SMTP tarpitting, and even tried changing the settings to Very High, with quarantine as the action, all without a change. then this morning the coffee must have been stronger, as when looking at the spam blocker event log I realised the server IP is the external IP of the perimeter router and the port is IMAP. am I right in thinking this shows UT is 'only' seeing the IMAP streams as UT is marking emails as Spam ? Does this show I have got the UT ethernet connections mis-configured in bridge mode ? the email server is recieving all inbound email is SMTP and this should all be flowing through UT. I tried installing Web filtering, configured cnn.com to be blocked, sure enough trying to surf, from the internal clients, showed the UT this has been blocked as inappropriate etc page, so I thought this showed it was working ? Any suggestions, please  Thanks, nick |
|
|
|
06-10-2009, 12:48 AM
|
#2 (permalink) | |
|
Untangle Junkie
Join Date: Nov 2006
Location: San Mateo, CA
URLs submitted: 10
Posts: 5,166
|
Quote:
Are there any SMTP events in the eventlog? |
|
|
|
|
|
06-10-2009, 12:58 AM
|
#3 (permalink) |
|
Newbie
Join Date: Jun 2009
Posts: 4
|
well looked pretty
 Stop sign icon in the center of the UT grey box, untangle graphical logo, bold text : This web page was blocked because it is considered inappropriate. (I have removed the host etc lines to make the post) I cannot find any smtp events at all, the server column says xxx.xxx.xxx.xxx:143 for all events and nothing in the tarpitting log |
|
|
|
|
06-10-2009, 01:33 AM
|
#4 (permalink) |
|
Newbie
Join Date: Jun 2009
Posts: 4
|
Just to check I swapped the network interface connections, rebooted UT, could not access the mgt login screen and when surfing to the test cnn domain, I got the pure text non-pretty URL block msg.
changed back the interfaces, rebooted, re-checked all things back as they were, with the graphical block page. |
|
|
|
|
06-10-2009, 03:59 PM
|
#5 (permalink) |
|
Newbie
Join Date: Jun 2009
Posts: 4
|
as an update, I omited to state I was running my email server, UT and some more on a VMWare host platform.
I changed the interface for the email server, as I am running a dual homed box, voila, SMTP scanning, filtering, and quarantine all come to live. Having now beaten myself with the machines power cable, I will live and learn. Thanks, nick |
|
|
|
|
06-10-2009, 04:26 PM
|
#7 (permalink) |
  
Join Date: Apr 2008
Location: Phoenix, AZ
URLs submitted: 7
Posts: 7,722
|
HEHE VMWare + UT + being new to either product = HEADACHE!
Don't feel bad man, networks are complex enough without trying to navigate a "virtual network". Especially when a critical portion of said network is a VM.
__________________
Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com |
|
|
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
All times are GMT -7. The time now is 06:01 AM.
