Who is using Incoming Gateway
Question asked by Todd Hunter - 8/31/2020 at 3:08 PM
Answered
Wondering if people are using gateways in front of their SmarterMail server?

For load balancing, redundancy, spam or virus filtering etc.

Todd

21 Replies

Reply to Thread
0
Webio Replied
I'm using. Mostly for spam checking (main server does not perform any spam checks)

Question?
0
Sébastien Riccio Replied
We are too, using front end anti spam gateways (E.F.A. v4 actually, and in the future probably rspamd). Scanning is more efficient and lowers the resource usage of the SmarterMail server so they are saved for serving customers.
Sébastien Riccio
System & Network Admin

0
Todd Hunter Replied
We are using EFA as well.  

Currently on EFA 3 for production but have EFA 4 boxes that are in the works.  We really like EFA, stable, great support, active forum, strong development.  A few things missing like shared DB across multiple gateways.  

Anyone using gateways with SM 17?
0
Linda Pagillo Replied
Hi Todd. We have a number of customers who use different types of gateways with SM15x and 17x. Are you having an issue that you are hoping a gateway will solve or were you just curious?
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Todd Hunter Replied
We have been having a strange issue with our SM 17 regarding gateways.  

When using gateways in front of our SM 17 server it is using the IP of the gateway for spam tests.  This results all emails failing most tests, SPF,  DNS, Blacklists etc. and going to Junk.

It would help to know if others are having the same problem?  We are on the current build of 17.  

Todd
0
Todd Hunter Replied
I will add that we have entered our Gateways in the IP Bypass, but SM is ignoring the setting.  
0
Linda Pagillo Replied
Thanks for the addtional info Todd. How long has this been happening? Did it just start or has it been this way since the implementation of the gateway?
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Todd Hunter Replied
We've been using the gateways for years with our SM 15 server without issues using the IP Bypass Setting, along with Declude.

We have been beta testing 17 MAPI since the initial private testing, and then all through the public beta testing. 

It wasn't until we attempted to put 17 into production several months ago that we discovered the problem.  It looks like the problem has been there for a while but we were not doing spam testing on the 17 server so we did not notice.  

I am trying to figure out if the problem is in our installation or if anyone else sees this also. 

Todd
0
Webio Replied
On my end (gateways and main server are both on v17) all spam checks are being done by incoming gateway which is connecting to remote SpamAssassin server (another local VM) and then passed to main SM instance.

In received mail header it looks like below:
X-SmarterMail-SmartHostSpam: SpamAssassin [raw:1]: 3, SPF [Pass]: 0, DK [None]: 0, DKIM [Pass]: 0, , HostKarma - Yellowlist: 10
X-SmarterMail-SmartHostSpamWeight: 13
X-SmarterMail-SmartHostSpamSalt: -559352542
X-SmarterMail-SmartHostSpamKey: -210569157
X-Exim-Id: 20200902083138.baab2987-3fa8-46b6-8f31-a0ff3e4c52e7
X-SmarterMail-TotalSpamWeight: 13
0
Merle Wait Replied
Do inbound SM15 gateways.. work with SM17 ???
I know that outbound SM15 gateways do NOT work with originating SM17 server.

We are getting ready to migrate to SM17; but am trying not to have to migrate all inbound servers .. all at once
3
kevind Replied
@Merle, would it make sense to migrate your gateways to SM17 first? Seems like that would be an easier move to get familiar with SM17 before upgrading your primary server.  Oops, just called it SM17 (and so did everyone else).  Hope we don't get in trouble. :)

IIRC, the problem we found with inbound gateways is that they don't talk to the primary server for greylisting. So if someone adds a trusted sender, it could still get greylisted.
0
Linda Pagillo Replied
Todd, have you opened a ticket with ST support about this? It may be a bug if it worked before and nothing else has changed besides the fact that you upgraded.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Heimir Eidskrem Replied
We have a ticket opened, been open for over a month.

We tried both our EFA 3 and 4 gateways.
Even set up a new smartermail server with the same result.

The spam checks are done on the gateway IP so the RBL does not kick in and SPF etc fails.
[2020.09.02] 10:16:33.408 [99501028] SPF SoftFail. IP: 172.22.22.111, Sender: anntaylor@mail.anntaylor.com, FailReason: 

We dont want to reconfigure our servers to fix a broken config or software.

So at this point we dont have spam filtering and can't move client to a "broken" server of course.

Any feedback from the group would be nice while we wait and wait for smartertools.



0
Heimir Eidskrem Replied
After a month they finally took a real look and realize its a bug in the software.

A month.........
0
Robert Emmett Replied
Employee Post
Todd / Heimir, a potential resolution has been found and a custom build will be provided in the support ticket. As suspected, the IP bypass entry was not properly being skipped and thus falling to be look at next received line in the headers. This is what the custom build addresses.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
6
Tim Uzzanti Replied
Employee Post Marked As Answer
Really?  Do you want me to provide all the details in the community about how many tickets/messages went back and forth throughout this?  There was clearly confusion, which is why a manager called today to discuss it with Todd.  At no point were we not communicating or attempting to resolve the problem.

And even with this around and around, how many companies do you work with that provide bug fixes within a month or so? We work with 100's of vendors and we are lucky to get an acknowledgement of an issue within six months to a year, let alone a an actual fix.

Each and every time you post in the community it is to complain.  Next time, we will ban you.  If you or Todd continue to communicate with my employees poorly, we will no longer work with you.  My employees work hard and go the extra mile to provide the best possible service to our customers and they don’t deserve to be treated poorly.  If we fail to deliver, then we own up to that as well.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Heimir Eidskrem Replied
Tim,
Im not sure what the confusion was.
its  been clear from the moment we opened the ticket.
We didnt communicate poorly, this issue has been a priority for us.
We didnt treat your employees poorly either.  We did everything asked of us and went past that by installing a new server for testing, we found the same result and that was weeks ago.  we also tested using our old gateways and we added some new gateways.  

If there were any confusion then why didnt SM call us to clarify or even ask for clarification?

we did the private beta and the public beta.
Since March we have installed 31 versions of the software.
When we encounter issues that may or may not be software we ask. 
A simple answer would be helpful, being ignored gets frustrating.
I asked about the Microsoft remote analyzer working or not.
Couldnt get an answer, a simple yes or no would have been super.
Spent hours trying to understand what was wrong with our setup but nothing was wrong.
In that case a simple no would have saved time or if it was working a simple yes, open a ticket would have been great too but instead nothing.  Do you think thats the best way to handle that?

We have been a customer for 13 years or longer, you saying we always complain isnt true. 

Thanks.
H




0
Todd Hunter Replied
Tim,

What have I done that you would threaten to ban me?  

I asked this question in the forum to determine if our implementation was the only one experiencing this problem.  Because after 4 weeks of working with Smartertools the tech told us he did not know if it was a SM bug or something in our environment.  

it's unclear to me why rather than threatening your paying loyal customers in an open forum, you didn't just call me and get my perspective to find out why I feel this has taken longer that it should have.  

I did have a conversation with your manager yesterday and expressed frustration with the progress of our case - mind you this is after 5 weeks.  I asked weeks ago to have the case escalated.  My request was ignored.  It was not until I asked again and insisted, then the case was refereed to your manager and now, less than 48 hrs later, we have a resolution in site.  


Todd
2
Heimir Eidskrem Replied
Quick update.
The initial testing on the fix looks good.
I see SPF tag in the header but not revdns.
Not sure if it will show with the settings.

Looks good...
2
kevind Replied
Interesting because @Webio's example showed this working even with the IP bypass bug.

I could see it still working if primary server has spam checking (SPF, DKIM, etc.) turned off, is not listed in the MX, and only accepts messages from incoming gateway.
2
Webio Replied
My config is exactly like @kevind suggested. My primary server is not listed at all under domains MX entries. All traffic must be delivered by incoming gateways and that's why I'm using them to offload primary server from spam checks and limit number of incoming SMTP connections AND to have backup for incoming mail when primary server is not accessible.

EDIT: When it comes to accepting messages I could not limit SMTP connections because primary server is being used for mail sending by my customers so basically it accepts incoming connections but I didn't saw any traffic bypassing incoming gateways. Some time/years ago I've suggested also maybe something like outgoing SMTP gateway for customers which could offload SMTP traffic from primary server. It would be great to have something like that. Mechanism for this solution should sync users with this SMTP gateway to allow users to authenticate to this server. This would be GREAT for main server downtime and would allow users to send their emails anyway. We could call this a SMTP failover gateway.

Reply to Thread