The following article refers to the section How to Configure the Mail Gateway Service and describes how to setup advanced parameters within the Barracuda NextGen Firewall F-Series configuration menu.
Configure Advanced Mail Gateway Settings
To configure the advanced settings for the mail gateway, complete the following steps:
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Mail-Gateway > Mail Gateway Settings.
- In the left menu, select Advanced Setup.
- Click Lock.
In the Operational Settings section, configure the MTAs, maximum number of NextGen Admin connections to system on which the Mail Gateway service is installed, HA synchronization, and DSN mails.
Mail Transfer Agents (MTAs)
The maximum number of MTAs (default: 5). MTAs are service processes that deliver mails received from a client to other mail servers. MTA processes are only started when the mail gateway system needs them for mail delivery. They are stopped after delivery has succeeded.
MTAs for Urgent Mail
The number of MTAs that are reserved for mail classified as urgent (default: 1). To specify which mail types are urgent, configure the settings in the Expert Settings section (use with care). For more information on the Expert Settings, see How to Configure Custom Mail Gateway Rules.
The maximum number of NextGen Admin connections to the system on which the mail gateway service is installed (default: 5).
Specifies if DNS servers are queried sequentially or in parallel. You can select:
- parallel – The local firewall blocks DNS reply packets from DNS servers if the mail gateway has already received an answer from another DNS server.
- sequential – DNS servers are queried one after the other.
Spool Queue Sync
To synchronize mail between an HA pair, select yes. After enabling this setting, you must also restart the Mail Gateway service. Every ten seconds, the active mail gateway then sends mail bundles to the passive mail gateway for synchronization.
DSN Mails in MIME-Format
To send DSN mail in MIME format according to RFC1891 (SMTP Service Extension for Delivery Status Notifications), select yes. For more information on RFC 1891, see www.ietf.org/rfc/rfc1891.txt.
MTA Retry Sequence
In this field, enter the intervals in which the Mail Gateway service will attempt to deliver mail after an unsuccessful delivery. You can enter a space-delimited list that specifies multiple intervals. Use the following characters to specify the unit of measurement of time:
- m = minutes
- h = hours
- d = days
To send a Delivery Status Notification (DSN) to the original email sender after a specific interval, append the "w" character to the interval. The last message in the retry sequence generates a delivery failure notification.
For example, if you enter:
1m 5m 10m 1hw 1dwthe following delay message is generated after 1 hour:
Your Message to the following recipients <recipient> (reason: [reason for delivery delay])has been delayed. You do NOT need to resend your message!!! The mail server will keep trying to deliver your message and you will be notified if delivery is impossible. Received: from [IP] ([hostname]) by [mail gateway] id [JOB ID Number]; [Day Date Time]From: "Sender" email@example.com Subject: [Subject of mail message]</recipient>The following delivery failure notification is generated after 1 day:
Your Message to the following recipients <recipient> (reason: [reason for delivery failure])- maximum retries reached -could not be delivered. Received: from [IP]([hostname]) by [mail gateway] id [JOB ID Number]; [Day Date Time]From: "Sender" firstname.lastname@example.org subject: [Subject of mail message]</recipient>
Priority Switch after (minutes)
The Barracuda NextGen Firewall F-Series mail gateway schedules all mail jobs received from the clients. This setting specifies the period of time (default: 60 minutes) after which the mail gateway automatically changes scheduling priority to the next higher level.
In the Allowed Relaying section, specify the internal IP addresses (IPv4 and/or IPv6) that are allowed to forward mail traffic. Add these IP address to the Internal IP-Addresses table.
In the Cloning and Archiving section, specify the email addresses of senders and/or recipients whose addresses must be rewritten before their mail is forwarded and archived to an external email archiving system. This mail can also be forwarded to multiple recipients (cloned). To clone and archive mail:
- From the Enable Cloning and Archiving list, select yes.
- Next to Archiving Settings, click Set or Edit.
In the following tables, add the email addresses that must rewritten. You can use wildcard characters such as * or ? may be used in the pattern settings. To clone an email, enter a comma-delimited list of email addresses in the rewrite settings.
Table Description Sender | Recipient - Full Address Manipulation In this table, add the email addresses that must be fully rewritten. Sender | Recipient - Local Part Manipulation In this table, add the email addresses whose local parts must be rewritten (string preceding '@'). Sender | Recipient - Domain Manipulation In this table, add the domains whose local parts must be rewritten (string following '@).
- Click OK.
- Click Send Changes and Activate.
Continue with How to Configure Antivirus Mail Gateway Integration.