It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure the Mail Gateway Service

  • Last updated on

Before configuring the Mail Gateway service, you must create it. For more information, see How to Configure Services. You must also have a server installed on the Barracuda CloudGen Firewall.

Configure the Basic Mail Gateway Settings

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Mail-Gateway > Mail Gateway Settings.
  2. Click Lock.
  3. On the MailGW Settings - Basic Setup page, configure the host, local domain, and global domain settings. For more information on these settings, see the following Basic Mail Gateway Settings section.
  4. Click Send Changes and Activate.

For your server, configure more than one bind IP address that is reverse DNS resolvable. Otherwise, the mail gateway may not function correctly and the "Cannot bind to IP" error message displays in the system logs.

mail_gw_basic.png

Host Configuration

The server uses the standard SMTP port 25 and the listen IP addresses to listen for requests. An inbound and outbound mail gateway must have at least two listening IP addresses. Inbound and outbound mail traffic are identified by the following listening IP types: 

  • Internal – Usually connects your LAN clients. If you are operating a mail server in your internal LAN, you can specify the mail gateway's internal listening IP address as a mail relaying address. If you do not have a dedicated mail server, clients may specify the gateway's internal listening IP address as an outgoing SMTP server address in the configuration of their email client programs.
  • External – Connects your LAN to an external network. 

The mail gateway determines the transportation direction by the email's incoming IP address. Mail rules are only interpretable when internal and external listening IPs are configured properly.

In the Host Configuration section, edit the following settings to specify your listen IP addresses and the email address of the postmaster:

SettingDescription

External Listen Address |
Internal Listen Address

In the External Listen Address and Internal Listen Address tables, add the listen IP addresses for the mail gateway. When adding a new IP address, specify the following settings:

  • External Listen Address | Internal Listen Address – The external and internal listen IP addresses (IPv4 or IPv6). From these lists, you can select First-IP or Second-IP. To explicitly specify the IP address, select the Other check box.

    Listen IP addresses must also be part of the server network configuration. If you enter a new IP address, you must also configure it as a virtual server address.
  • Greeting Name – The SMTP "helo / ehlo" greeting name that the mail server sends to the client after an SMTP connection has been established. Do not enter special characters, ciphers, ".", "-", and "_". For more information, see www.ietf.org/rfc/rfc2821.txt.
Postmaster Mail-AddressThe email address of the postmaster.
Local Domain Settings

In this section, specify the mail server and trusted domains.

SettingDescription
Internal Mail Server

The internal mail server. The mail gateway redirects incoming mail to this server.

If you require another delivery policy setting, configure your mail gateway on the Extended Domains setup page.
My Domains List

In this table, add domains that are trusted by the mail gateway. The mail gateway will only accept mail relaying for these domains on its listening IP addresses.

The security restrictions for these internal domains are identical to the formerly known Protection Profile. If you require more protection, configure your mail gateway on the Extended Domains setup page.

When adding a domain, specify the following settings:

  • My Domains List – The name of the internal trusted domain (for example, barracuda.com). You can enter wildcards to include multiple domains (for example, barracuda.*). However, entering a wildcard at the end of the domain name presents a potential security risk, as the top level domain might be interpreted as subdomain (for example, barracuda.anyname.net). Instead, create one entry per domain.
  • Include Subdomains – Specifies if the subdomains of the domain should also be trusted. If the subdomains should also be trusted, select yes. By default, no is selected and the subdomains are not trusted.
Global Domain Parameters

In this section, specify the database, authentication scheme, and group patterns for recipient verification. You can also specify email relay hosts.

SettingDescription
Default Recipient DB

The relative path and name of the default database for recipient verification. If the configured server is unreachable or does not respond with the mail attribute, the email is not accepted.

Default RecipientsClick Ex/Import to export or import recipients in the default recipient database. 
Default Recipients Lookup

The authentication scheme used for an online mail recipient lookup in a meta directory for incoming mail. You can disable this setting, or you can select either MSAD or LDAP.

The recipient email address is checked against the meta directory attribute named mail. If the meta directory server is unreachable or does not reply with the mail attribute, the email is not accepted.

If you specify a Default Recipient DB and enable Default Recipients Lookup, the recipient email address must match both databases in order to be accepted.
Recipients Lookup req. Groups

The group patterns that must be matched by the recipient.

If you selected MSAD or LDAP from the Default Recipients Lookup list, make sure that you also specify the group attribute in the authentication scheme configuration.

Allow Relaying from 

The hosts that are allowed to forward emails to be relayed on the internal listen IP address.