Back to Knowledge Base
Jan 13, 2009

How to Create a Sandwich Configuration with AXIGEN and an External Filter

This article explains how to create a sandwich-like configuration with AXIGEN and a SMTP-aware external filtering (antivirus/antispam) application

Solution

In our example, AXIGEN will listen on port 25 (on both an external and local interface) and your AV/AS filter mail gateway on another port (i.e. 25000).

We will presume that the respective AV/AS solution was configured to listen on port 25000, and forward the messages it receives via SMTP on this port back to Axigen, on port 2525.

A short schematic of the above configuration, indicating the message flow would be:

source --> axigen:25 --> AV/AS solution:25000 --> axigen:2525 --> destination

For the integration process it is required that you create an additional SMTP Receiving Listener, that will be designated for communication from the external AV/AS solution's SMTP Proxy service.


To add the required Listener please follow these steps:

1) Login via the Webadmin interface using the Axigen "admin" account.

2) Go to Services -> SMTP Receiving -> Listeners -> click the "Add Listener" button.

3) In the Quick add listener pop-up window, under the "Listen on" section enter the IP: 127.0.0.1 and port: 2525. Check the "Enable this listener" box and click the "Quick Add" button.

After applying the above settings create the following Acceptance / Routing rule in Axigen:

1) Login via the Webadmin interface using the Axigen "admin" account.

2) Go to Security & Filtering -> Acceptance & Routing -> Advanced Settings -> click the "Add Acceptance / Routing Rule" button.

3) in the new rule window enter a suggestive "Rule name" and make sure that the "Enable this acceptance / routing rule" option is checked.

4) in the Conditions section select from the drop down box "Local address -> Port" and click the "Add Condition" button. From the drop down box related to the new condition choose "<" and enter in the related box the port you set for the SMTP Receiving Listener designated for the communication from the external AV/AS solution. In our example the port is 2525.

5) in the same Conditions section select from the drop down box
"Local address -> Port" and click the "Add Condition" button. From the drop down box related to the new condition choose ">" and enter in the related box the same port used at the above step 3.

NOTE: The above conditions will ensure that any SMTP connections coming on different SMTP Receiving Listener, than the one configured for the communication from the external AV/AS solution, will be relayed to the AV/AS solution's SMTP listener, and after the scan, the message will be relayed back to Axigen on the designated listener, thus the new connection from the external AV/AS solution will not match the above rule.

6) in the Actions section select from the drop down box "Recipients ->
Recipient relay host" and click the "Add Action" button. In the new
action's text box enter the IP:Port on which the external AV/AS solution will listen for incoming connections. The IP must be entered between brackets (ex: [127.0.0.1]). After this add the corresponding port (ex: [127.0.0.1]:25000)

7) Save the new rule by clicking the "Save Configuration" button at the
bottom of the page.


Now you will have to create a second Acceptance & Routing rule, needed to allow unauthenticated relay for emails received via the external AV/AS solution (received on 127.0.0.1:2525).

NOTE:  This is not a security issue as the emails where already subjected to the "allow only authenticated relay" (or the other relay policies you have implemented), before first relaying the email to the external AV/AS solution.

To create the necessary rule follow these instructions:

1) Login via the Webadmin interface using the Axigen "admin" account.

2) Go to Security & Filtering -> Acceptance & Routing -> Advanced Settings -> click the "Add Acceptance / Routing Rule" button.

3) in the new rule window enter a suggestive "Rule name" and make sure that the "Enable this acceptance / routing rule" option is checked.

4) in the Conditions section select from the drop down box "Local address -> Ip" and click the "Add Condition" button. From the drop down box related to the new condition choose "Is" and enter in the related fields the Ip: 127.0.0.1

5) in the Conditions section select from the drop down box "Local address -> Port" and click the "Add Condition" button. From the drop down box related to the new condition choose "=" and enter in the related box the port you set for the SMTP Receiving Listener designated for the communication from the external AV/AS solution. In our example the port is 2525.

6) in the Conditions section select, from the drop down box related to the "For incoming messages that match" option, the "ALL of the conditions below" entry.

7) in the Actions section select from the drop down box "Delivery -> Remote" and click the "Add Action" button. From the new action's drop down box select "Allow delivery for all users".

8) Save the new rule by clicking the "Save Configuration" button at the
bottom of the page.

OS: LinuxWindowsFreeBSDNetBSDOpenBSDSolaris
antivirus antispam
Quick link: https://www.axigen.com/kb/show/235 Copy link

Axigen is a premium, scalable, all-in-one Windows & Linux mail server software. A free mail server version is available for personal and lab use, along with the business mail server and the MSP mail server, for Managed Service Providers, which also include features like personal organizer, groupware, AntiVirus, AntiSpam, or advanced security policies. The carrier-class ISP mail server solution completes the Axigen offering and comes with clustering support, delegated administration, extensive APIs, as well as a cloud-native, Kubernetes based deployment option.

Axigen uses cookies. By using our services, you’re agreeing to our Cookie Policy. GOT IT