Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
3
Replies

SMTP route to Email Public address

galin.gospodinov
Level 1
Level 1

‎03-28-2024 07:28 AM

Hello community, 

i have a question, but can`t find answer on it. 

If we have one listener for inbound and outbound communication and this private IP has NAT to public IP. We don`t have communication to mail server on private IP.  Is it a problem if we use mail server public IP address ? This public IP is configured on SMTP routes and RAT. 

The NAT public IP of ESA and MAIL server are on same pool.

What may be the issues in this scenario ?

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎03-28-2024 07:38 AM

Depends upon if your firewall lets you hairpin traffic. Often it won't let something inside connect to the external IPs.
There isn't a "problem" per se, but in this case I wonder why you have the email server exposed now that you can expose the ESA, a hardened security device, instead.




________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful

galin.gospodinov
Level 1
Level 1

‎03-28-2024 08:04 AM

The email server administrator has some concerns and don`t want to create separate interface for private communication between mail server and ESA. The only option to convince him, that this is not the right topology,  is to tell him more disadvantages. 

0 Helpful

Ken Stieers
VIP
VIP
In response to galin.gospodinov

‎03-28-2024 08:16 AM

"Just won't work through firewall" is a pretty good reason.
Exposing email server to internet needlessly, also a good one.
Your "outbound" interface IS the "interface for private communication between the email server and ESA"


________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful
Customers Also Viewed These Support Documents