3rd-party incoming gateway (spam filtering)
Question asked by Nicolas Fertig - 2/22/2018 at 10:15 AM
We are currently using SmarterMail 16 as primary mail server.
We're looking to use a front-end appliance for spam/virus filtering which then forward the mails to SmarterMail (for only a few domains, to begin with).
Our front-end appliance adds mail headers if a message is considered SPAM.
I saw in the Gateways / Failover settings menu that we can add an "Incoming Gateway" (we already use an Outgoing gateway and that works quite well).
So what is this Incoming gateway setting supposed to do ?
We created there an Incoming gateway, added the IP Address of our front-end Antispam appliance, set it as "Domain forward" and specified "Pass score to SmarterMail" for the SPAM actions.
Is that supposed to handle mails from that appliance addresse IP as they are coming from an incoming gateway and forward the spam score to our SmarterMail server ?
Actually when we activated this Incoming gateway thing, SmarterMail tried to send mail through it and it blocked our spool as the mail were refused by our appliance (it's an incoming gateway not outgoing...). Is that supposed to happen ?
If anyone got an idea, the documentation is quite confusing about this topic.
Thanks in advance!

2 Replies

Reply to Thread
Von-Austin See Replied
Employee Post
The Incoming Gateway setting is intended when you're using SmarterMail as an incoming gateway to offload work from the main primary server.
Since you are leveraging a front-end appliance an incoming gateway is not needed on your primary server. The spam front end will be acting as the incoming gateway. You will control the flow of mail to the incoming gateway by modifying your MX records.
No further configuration is required in SmarterMail. You may want to consider whitelisting the IP address of the front-end gateway for SMTP traffic under Settings -> Security -> Whitelist. This will ensure your gateway server does not get blocked by any IDS rules within SmarterMail.
I hope this helps clarify.
Von See
Technical Support Supervisor
SmarterTools Inc.
(877) 357-6278
Nicolas Fertig Replied

Okay, it was a bit confusing, it looked to us like if it was a panel to declare an incoming mail server ip address to tell SmarterMail to be aware that the ip address we give on this panel is our incoming gateway.

It's true, we could use the Whitelist to prevent IDS to block our incoming gateway, but Whitelist also disable spam checks.
We do not want to completly disable spam checks, but instead, create custom spam filters and disable all the others.

Our incoming appliance add headers such as:

X-Spam-Severity: LOW
X-Spam-Severity: MED
X-Spam-Severity: HIGH

We want SmarterMail to take this into account by creating these custom spam rules and disabling all others, so the work is done by the incoming gateway(s).

For exemple if header X-Spam-Severity: LOW is present we add 10 to SmarterMail Total Spam Weight. 20 for MEDIUM, 30 for HIGH.

If we don't to that, SmarterMail will not know that our incoming gateway considered a mail is a SPAM and it will break a lot of things.

It will break the ability of SmarterMail users to decide what to do with different spam levels (discard, move to spam folder, etc)

It also breaks the SmarterMail routine that prevent spam being forwarded to external mail servers when our users setup a mail forwarding etc.

We would like to whitelist IDS but not Spam Checking from our gateways. Looks to me that it's not doable at the moment.

How does a SmarterMail incoming gateway forward the spam score to a SmarterMail "main" server. (there is an option for this in the "incoming gateway" panel): "Pass spam score to Smartermail".

Could we simulate this from our incoming gateways ?

Sorry for the long text and thanks a lot for your help.

Reply to Thread