Oh, I thought I had read in your first post that you turned off the port forward to the barracuda.

This is the easiest way to set up the inbound mail:
- disable the NAT
- make the mx record point to the public IP of the Astaro
- add your mail domain(s) to Domains on the Routing tab
- set "Route by" to "Static Host list"
- add an object with the private address of the barracuda to the "Host list"
- for a start, turn "Verify recipients" off
- and, very important: tell your barracuda to accept mail from the internal interface of the ASG

For inbound mail, this is all you need. If this does not work, I would strongly suspect that the configuration problem is on the barracuda (i.e. it does not accept mail relayed through the Astaro).

For outbound mail, you can either send directly, or if you relay through the proxy on your ASG, then you need to add your internal network (or only the IPs allowed to send mail) to the "Host-based relay" on the Relaying tab. But inbound and outbound mail don't actually have much to do with each other.

This is, of course, a very simplistic guide. If it does not get you through, please find the relevant lines in the smtp log and post them here.

Good luck!

For example, check that the barracuda does not use RBL's when it gets the mail from the ASG. You should have a look in the barracuda logs for anything suspicious.

Yes, on the 'Relaying' tab, add your Exchange server to 'Allowed hosts'. The rest of the tab likely should be left empty, but with 'Scan relayed (outgoing) messages' checked to enable Anti-Virus scanning of sent mail.

My guess is that the Barracuda doesn't know how to answer when you set 'Verify Recipients' to "With callout." Depending on your network topology, it might also be blocking your AD requests. Have you confirmed that AD authentication works correctly?

It's unclear to me why you would want to keep the Barracuda if you have an Astaro Mail Security subscription. The current Astaro Anti-Spam is about as close to 100% right as possible, and with the upcoming V7.5, the CommTouch IP Reputation check should eliminate over 90% of the little bit that gets through today.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Yep, that's why I asked him (her) to turn verify recipients off in one of my first tips. But it did not seem to help...

Working now, but I changed a couple of things...probably better this way anyway.

I left the Nat translation of port 25 going to my barracuda then I after the barracuda processes it I forward it on to the Astaro appliance for processing, then on to my exchange server. I'm sure it's better to let the barracuda do most of the processing before it gets to my firewall to save on the firewall resources.

I disabled the transparent mode as well and listed ed only my exchange server and barracuda in the allowed hosts to relay box.

So far the astar hasn't blcoked anything that my barracuda hasn't so if it continues like that I may just shut down the smtp proxy anyway.


Thanks for the help.

This makes it almost certain that the problem was with the barracuda configuration (for some reason it did not accept the mails coming from the Astaro).

Or you can do it the other way around, and save money on the barracuda. (I am not an Astaro employee... ) Of course, it depends on your mail load.

I'm glad you succeeded finally.