Product » A free email server for Windows and Linux » Installation scenarios

Installing Xeams as firewall on a different machine

Usage Scenario

  • You are already using an email server, such as MS Exchange
  • Users are currently connecting to this email server to send and receive their emails
  • Want to use Xeams to filter junk messages

Assumptions

  • You only have 1 public IP address. The address is 199.199.199.50. The MX record for your domain refers to this address.
  • The internal IP address of your primary server 192.168.1.5
  • Your firewall forwards in-coming traffic for port 25 to 192.168.1.5

Message flow before installation

  1. Inbound messages are sent to 199.199.199.50 on port 25, which hits your firewall and are eventually accepted by your primary email server running on 192.168.1.5
  2. Users connect to your primary server and fetch their email using either POP3, IMAP or HTTP protocols
  3. Users send their out-bound messages using SMTP to your primary server, which then sends the message out on the Internet.

Recommended Installation Procedure

The terms downstream and primary email server is referring to your Exchange server in the instructions below.
  • Install Xeams on a clean machine. No other process must be listening on TCP port 25. Refer to the system requirements to see the type of machine you need.
  • Assume the IP address of this machine is 192.168.1.10
  • Run the installer for your appropriate operating system.
  • Configure Xeams to run in Firewall mode
  • Configure SMTP Server in Xeams. Add every domain that is local and specify the IP address of your downstream server in the Forward To field.
  • Configure your firewall to forward all traffic for port 25 to 192.168.1.10 rather than 192.168.1.5

Preparing for Outbound

  • Configure your downstream server to route its outbound emails through Xeams. This is typically called configuring smart host. If you're using Exchange as the downstream server, configure the Send Connector
  • Configure Xeams to accept relaying from Exchange. This is done by going into Server Configuration SMTP Configuration, select the Relaying tab and add the IP address.
  • Whitelist Exchange's IP. Click Filter Management IP Filters Whitelisted IP Addresses
  • Add Exchange's IP as trusted. Click Filter Management Adaptive Filters Autolearn Sender Filter and click Manage Trusted IP Addresses

Message flow after installation

Following diagram shows the message flow after installation

XeamsInstallDifferentMachine.png


Following table describes what happens at each step.

StepDescription
Step 1In-coming messages are forwarded to Xeams listening on port 25 of 192.168.1.10. Xeams filtering engine analyze these messages and assigns a score to every message. Spam messages get quarantined on Xeams and never hits your downstream server. 
Step 2Good messages are forwarded to your primary server, which stores the message in its repository.
Step 3End-users connect to your downstream email server exactly the way they have been using it in the past. There will be no change on how they send and receive emails.
Step 4User composes a new out-bound message, which goes to your primary email server, such as Exchange.
Step 5Primary email server is configured to forward all out-bound messages to 192.168.1.10. Since the IP address of your downstream server is whitelisted as well as trusted, Xeams learns from what is going out.
Step 6Finally, the message is delivered to the recipient's SMTP server on the Internet.