Enable Server Blacklist Check from behind Natted Router/Firewall
Idea shared by Jarron Stephens - 6/24/2014 at 11:17 PM
Like many small businesses we have deployed Smartermail 12.x on our local/private network behind an internet-facing Natted Router/Firewall:
  • The router has a Fixed PUBLIC IP Address.
  • The Smartermail server has a fixed LOCAL IP Address.
  • As admin, when I go to Settings->Bindings->IP Addresses I can see that Smartermail has picked up the Local Ip Address (it is unaware of the Public IP Address).
Everything is set up and we have been operating successfully like this for years.

We now want to start using the "Server Blacklist Check" functionality.
However, when we go to Security->Server Blacklist Check we see an empty list - no IP addresses are listed.
We assume that this is because Smartermail is only aware of the local IP address and will only (correctly) consider any (nonexistant) Public IP Addresses on the Server for Blacklist checking.
Our Proposal:
A new field that allows us to inform Smartermail of the router's fixed PUBLIC IP Address(es) so that the Server Blacklist Check function can refer to this field and test against it.
Final Note:
  • We suspect our deployment (behind Natted router) is a fairly common setup for Small Businesses
  • Being a small business, we do not wish to manage a server directly exposed to the Internet or setup/manage a DMZ.

Thx in advance for considering this proposal.

4 Replies

Reply to Thread
Any feedback on this pls?
First thing is that IPs only show up on that Server Blacklist Check if they actually appear on a blacklist. So in normal operation, having nothing there is a good thing.
However I suffer from your same fate. We would also like to see your suggestion implemented. We have one external IP that smartermail has no idea about, which seems ridiculous at this point.
This would be a welcome addition.  Multiple public IPs would be nice but I'd settle for one
I had same issue, I use Private IP address range and NATing with Firewall.
The solution is pretty simple, assign your server second IP address and use Public IP address.
You private IP address will have gateway while second IP address ( public IP address) will not have gateway option.
The go to BINDINGS - IP address and assign ports to Public IP address , just like you would to private IP address.
Now, when you go to Security and Server Blacklist Check - your public IP address is being checked.
Trick is to assign second IP address to network card and use Public IP address.
This configuration will not interfere with firewall NAT or any other networking since there is no gateway configured for second IP address.
I am not sure what this does to system resources now that SmarterMail has to have open ports on two different IP addresses.
Make sure to setup event notification to sent you email when your Blacklist status changes - see help page:

Reply to Thread