White list IP on SMTP Proxy.

dritanbdritanb
in Firebox - Subscription Services

I am using SMTP proxy for an email server and prevent spoofing is enabled. There are some services such as voltage secure email or mailchimp that users do not receiving emails. I assume it s as result of the above or headers.
Being asked to add some IP addresses to the white list so emails coming from those IP go through. I do not seem to find settings for it. Is any setting on it or how can i address that on any way at all?

Comments

  • Bruce_BriggsBruce_Briggs

    Add a SMTP policy From: those IP addrs.

    But first, check Traffic Monitor to see what is being logged related to those e-Mails. That may point out the real issue

  • dritanbdritanb

    here is what i find on logs:
    ProxyMatch
    ProxyDrop: SMTP header
    pri=6
    disp=Deny
    policy=SMTP-proxy-IN-ACMH-00
    protocol=smtp/tcp
    src_ip=198.2.140.21
    src_port=17930
    dst_ip=50.74.4.38
    dst_port=25
    src_intf=0-TW
    dst_intf=1-Trusted
    rc=594
    proxy_act=SMTP-Incoming.Standard.acmh
    header=From: username@acmhnyc.org
    rule_name=Prevent Spoofing
    1BFF-0003

    and here is to a gmail account:
    from: username@acmhnyc.org via gmail.mctxapp.net
    reply-to: username@acmhnyc.org
    to: gmailaccount@gmail.com
    date: Sep 27, 2019, 10:42 AM
    subject: Mailchimp Template Test - "Monthly Email (copy 01)"
    mailed-by: mail21.atl161.mctxapp.net
    signed-by: gmail.mctxapp.net
    Security: Standard encryption (TLS) Learn more:Important according to Google magic.

  • Bruce_BriggsBruce_Briggs

    1) Is the username in the from: username@acmhnyc.org a special one ?
    If so, you can add that as an allowed SMTP header.
    If not, perhaps whoever set up the mailchimp blast can change the username to one that is special and thus one that can be allowed on your SMTP proxy.

    2) 198.2.140.21 resolves to mail21.atl161.mctxapp.net
    You could try adding a SMTP packet filter From: *.mctxapp.net and see if that helps.

  • dritanbdritanb

    Thanks for the info. Question on another matter; is it possible to copy a policy and make changes after on different name?

  • Bruce_BriggsBruce_Briggs

    No - not for a policy.
    You can clone proxy actions, such as for a HTTP or HTTPS proxy, and use that cloned proxy action on a new policy, and then make desired changes to the proxy action.

Sign In to comment.