Email Server - Port Forwarding



You can use either of the following methods to route email messages to your spam proxy firewall as below;

• Port forwarding is used when a spam proxy firewall is behind a corporate firewall running NAT (Network Address Translation)

• MX records are used when a spam proxy firewall is located in a DMZ with a routable public IP address


Port Forwarding

If your spam proxy firewall is behind a corporate firewall, you need to setup port redirection (port forwarding) of incoming SMTP traffic (port 25) to the spam proxy firewall.

OR

MX Records

If your spam proxy firewall is in the DMZ (not protected by your corporate firewall), follow the below guide to route incoming email messages to the server:


How email is routed over the internet

Mail servers send and receive email for and from specified domains.


DNS – is used to identify where email should be delivered. A minimum of two DNS records are used when delivering email.

MX records – Specify which email servers should accept email for each domain

A records – Identifies the IP addresses of each email server.

With the above records specified email can then be routed from email servers to email servers over the internet.


DNS changes required as below

1 Create a DNS entry for your spam firewall.

The following example shows a DNS entry for a spam firewall with a name of firewall and an IP address of 11.11.12.12:

firewall.company.com               IN           A         11.11.12.12


2 Change your DNS MX Records.

The following example shows the associated MX record with a priority number of 5:

IN        MX      5          firewall.company.com


If you are intending to host your own spam firewall and domain, then you would need to register a domain with an ISP, purchase some public IP addresses, and either give a public address directly to the spam firewall itself or use port forwarding via the corporate firewall. If you do have a public address on the corporate firewall and are intending to use port forwarding, then you would not need any more public addresses. You would need to specify the relevant MX and A records via your ISP, usually done via a control panel on the ISP website. This is to tell the world where to route the company's emails destined for that particular domain.
E-Mail Security
and Spam Terminology