Description:
This document describes how to set up the mail proxy in a LANCOM R&S®Unified Firewall. The mail proxy must be set up in order to use the Unified Firewall e-mail antivirus and antispam security features.

  • Notes on configuring the antivirus feature are available in following Knowledge Base article.
  • You can read about the options available with the antispam settings in the Unified Firewall user manual.

Up until LCOS FX version 10.4.x, the mail proxy can only be used for the POP3 and SMTP protocols.

Use for the IMAP protocol is an option as of LCOS FX version 10.5.0.

Requirements:
  • LANCOM R&S®Unified Firewall with firmware as of version 10 and an activated Full License
  • A configured and functional Internet connection on the Unified Firewall
  • Web browser for configuring the Unified Firewall.

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox

Procedure:

1. Activating the mail proxy:
1.1. Enable the proxy in the menu UTM → Proxy → Mail proxy settings.
1.2. Click on the Save button to confirm your settings.
  • Activate the option Verify server certificates if you require the mail proxy of your LANCOM R&S®Unified Firewall to validate server certificates.
  • If you choose the default setting Create certificates automatically, pseudo-certificates are automatically created for every mail server. If you select the option Select certificate, your LANCOM R&S®Unified Firewall uses one certificate for all mail servers. Select a certificate from the Proxy Certificate drop-down list.



2. Configuring how the mail proxy is used:
In this example, the LAN contains Windows PCs that each access their own mailbox. Throughout the LAN, access to e-mails is forced to go via the mail proxy of the Unified Firewall.
2.1. In the host/network groups desktop object for the LAN, click the connection icon and then click the WAN network object.
2.2. The dialog with the settings for this connection is opened. Now you have to click on the NAT option for the POP3/POP3s, IMAP4 and/or SMTP/SMTPs service. Alternatively, you can click on the Pencil icon in the “Edit” column and then open the Advanced tab.
2.3. Set a checkmark for the option Enable proxy for this service and click Save.
2.4. The entries in the list of services for POP3 and POP3s should appear as follows. Click on Save once again.

2.5. Finally, implement the configuration changes by clicking Activate in the firewall.


3. Export certificate and import it on a Windows PC:
In this example, the LAN contains numerous Windows PCs that each access their own mailbox. Access should be directed via the mail proxy of the Unified Firewall.
3.1. Go to the menu Certificate management → Certificates.
3.2. Expand the Certificates menu and, for the certificate of the default Mail Proxy CA, click the export icon.
3.3. The certificate has to be exported in PEM format. Click the Export button to start the process.

If necessary click on the "double arrow" symbol next to the Filter field to expand the menu. In this example the menu is already expanded.

3.4. On your computer, go to the folder where you exported the certificate.

3.5. In order to install the certificate under Windows, change the file extension from *.pem to *.crt.

Please note that you must have administrator rights to install the certificate on a Windows system.

3.6. Click the certificate file and acknowledge the subsequent security warning with OK.

3.7. In the Certificate dialog, select the option Install certificate.

3.8. In this example, the certificate installed on the local computer is to be used by all users of this computer.

3.9. Select the option Place all certificates in the following store, click Browse and select the Trusted root certification authorities store.

3.10. Click Next and continue until the Certificate Import Wizard is finished.

3.11. This concludes the certificate import. Any popular browser will be able to use the certificate after the computer is restarted.

Repeat the certificate import procedure (steps 3.7 to 3.11) on all of the other computers in the LAN.