You do not need to use NAT. The best way to set the UTM and exchange up is: Incoming mail: INTERNET > UTM SMTP Proxy > EXCHANGE Outgoing mail: EXCHANGE > UTM SMTP Proxy > INTERNET Remove you nat rule and ensure that your public DNS points to the UTM ip address or one of your additional ip addresses Remove any smtp rule from outside as well. The only way you want mail entering and leaving your organisation is via the UTM. This will stop spam and also guard from the inside being compromised with a spam bot etc Your Exchange server will also need a send connector configuring to send all mail to the UTM rather than directly out to the web As an additional safeguard, make sure your DNS is configured right on the Exchange server (point it to the UTM) and the firewall rules are in place for dns on the UTM so that only the dns servers you specify can be used. There is a really good guide on here called "rulz" or something and is a sticky post. Make sure to read that, it will be worth it.
↧