Accessing FTGate from the Internet

FTGate is by default configured to allow SMTP access from the internet.

There are two ways that FTGate can be connected to the Internet:

FTGate has a fixed valid internet address

In this case you should be able to access FTGate from the internet using either the IP address of FTGate or its name.

e.g. 195.124.124.189 or myserver.mydomain.com

If external servers are unable to access FTGate on port 25 then you should check the following:

  1. Your network firewall is open on port 25 for external connections

  2. Your Windows firewall is open on port 25 (it is better to add an exclusion for FTGate on all ports).

Note: Each security policy has a dedicated address range for the internet that is listed as WAN. This contains the settings used when FTGate is accessed by any machine whose IP address is not listed in any other range.

FTGate is behind a NAT router

If your FTGate machine is behind a NAT router, and has an IP address that is either 192.168.x.x or 10.x.x.x, then you then you should check the following:

  1. Your NAT router has port forwarding enabled on port 25 from the Internet to the LAN address of FTGate.

  2. Your Network Router/firewall is open on port 25 for external connections

  3. Your Windows firewall is open on port 25 (it is better to add an exclusion for FTGate on all ports).

If you are behind a NAT firewall then there are additional steps you should take with FTGate to prevent your server becoming an open relay. You should determine the NAT IP address of your NAT router (which has the port forwarding) and add it to the “Global Security Policy” with only the PA flag set.

e.g. 192.168.1.124/255.255.255.255 with PA flag set

See Also:

Accessing other services from the Internet

If you wish to access POP3/IMAP/WebMail from the internet then you must change the security policy used by the appropriate service to be the “Global security Policy”

Getting the mail to FTGate

After you have configured FTGate and your network to allow connections to FTGate you must then arrange for mail to be delivered to FTGate directly from other servers:

  1. You must verify with your ISP that they allow delivery of mail from the Internet to your address, some ISP’s do not permit mail to be delivered directly to your server.
     

  2. Your ISP will deliver all the mail that is for your domain to your address
    or

  3. You must update your DNS server to include MX records specifying the IP address of FTGate is to handle mail for your domain. You should contact you DNS hosting company or ISP regarding this.

Note: If your ISP is delivering mail from their machines directly to your machine then you cannot use the options for Greylisting, SPF Validation, or PTR validation.