Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Nov 2014
    Location
    Western Canada
    Posts
    2

    Default Phish Blocked seeing almost no messages to/from Exchange

    Hi all. I'm a newbie with Untangle.

    I just set up Untangle in bridged mode between our Juniper SSG firewall and our internal network.
    The Juniper has 5 external IP addresses bound to the Internet port and has various rules that route traffic from these addresses in to servers inside our network. Mail, Citrix Xenapp, Web, etc.


    Web Filter Lite, Virus Blocker Lite and Ad Blocker all appear to be working fine and seeing lots of traffic so I think I have it plugged in properly and reasonably well configured.

    Our mail server is Exchange 2010, and gets all incoming SMTP from a 3rd party spam filter. Our Juniper firewall allows only SMTP from the IP addresses associated to the spam filter, and routes SMTP from one of our external IP addresses, to the Exchange server inside our network.

    Our internal network has a single subnet, no vlans, nothing really complicated.

    So far after about 2 hours, Phish Blocker shows that it's only received 7 messages. We have probably received hundreds.
    At one point I saw the received messages count go up and I looked at the current sessions.
    It showed a session between the spam filter and our mail server.
    So I'm wondering why Phish Blocker isn't seeing most of the mail traffic?

    Any suggestions would be appreciated.
    Thanks

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,024

    Default

    Quote Originally Posted by The_Penguin View Post
    It showed a session between the spam filter and our mail server.
    So I'm wondering why Phish Blocker isn't seeing most of the mail traffic?
    But what specifically did it show?

    Could be many things...
    Phish Blocker scans smtp port 25. Also, If you are relaying through with TLS then its encrypted and can't be scanned. If you are bypassing or sending it to a rack without Phish Blocker it also won't scan it.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Nov 2014
    Location
    Western Canada
    Posts
    2

    Default

    Quote Originally Posted by dmorris View Post
    But what specifically did it show?

    Could be many things...
    Phish Blocker scans smtp port 25. Also, If you are relaying through with TLS then its encrypted and can't be scanned. If you are bypassing or sending it to a rack without Phish Blocker it also won't scan it.
    Thanks for the quick reply! Looks like it was TLS on the receive connector. I turned it off as a test and am seeing many more messages being scanned.

    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2