After resetting our Pro 330 and installing firmware 6.6, I restored the rules from the saved file from the person who previously held my position, but it was incomplete. Some of the ruels were there, but the e-mail rules (as well as some others) were not. As of now I have enabled outbound e-mail from our exchange server, and sent mail does reach it's recipient. However, incoming mail does not reach the clients, and the sender gets no NDR.

The rules I have configured:
Action -- Service -- Source -- Destination

Allow -- HTTP Management -- LAN -- 192.168.1.196 (LAN)
Allow -- SSH -- * -- 192.168.1.60 (LAN)
Allow -- SecureWorks -- * -- 192.168.1.60 (LAN)
Allow -- SecureWorks Other -- * -- 192.168.1.60 (LAN)
Allow -- Web (HTTP) -- * -- 64.9.36.113 (LAN)
Allow -- Key Exch. (IKE) -- * -- 192.168.1.196 (LAN)
Allow -- Key Exch.(IKE) -- 192.168.1.196 -- (LAN) *
Allow -- Retrieve(POP3) -- * -- 192.168.1.53 (LAN)
Allow -- Snd mail(SMTP) -- * -- 192.168.1.53 (LAN)
Allow -- IMAP3 -- * -- 192.168.1.53 (LAN)
Allow -- IMAP4 -- * -- 192.168.1.53 (LAN)
Allow -- E-mail -- * -- 192.168.1.53 (LAN)
Allow -- email -- * -- 192.168.1.53 (LAN)
Deny -- IRC -- LAN -- *
Deny -- Default -- WAN -- DMZ
Allow -- Default -- LAN -- *
Deny -- Default -- WAN -- *

you will see two extra 'email' services... they are for ports 465 and 587, because when I googled e-mail ports, they were listed, and I figured it's better to have them than not.

So my exchange server is 192.168.1.53, I have all smtp pointing to there as a rule, but it's not working. What am I missing? I don't know much about firewalls, so if you mention NAT stuff, please talk to me like I'm a 3 year old!!

(Speaking of, it's configured as NAT enabled, and nothing in the one-to-one NAT. I'm not sure if something should be there to point e-mail to the exchange server, and I can't afford to make a mistake with the firewall during operating hours because we cannot have the internet down, too many mission critical apps use the net.

Thank you for any thoughts!!

Basically, for incoming mail to work, you need to allow port 25 SMTP in, setting up a port forwarding rule to your exchange server's ip.

If you did this, and it's still not working, outside the network, attempt to telnet to port 25 on the public ip address to eliminate the firewall as the reason for it not working. If you can telnet to it, then it's probably a problem with DNS or the Exchange server.

Please help survivors of Hurricane Katrina.

www.redcross.org

First you need to determine the external address that your domain is using for e-mail. It may not be the primary WAN address of your Sonicwall. Do a DNS lookup for your domain's MX record.

If it is something other than your primary WAN address, which I suspect it is from your description, then you need to go to the Advanced settings section of the Sonicwall and set up a 1-to-1 NAT mapping.

Send me an email if you have further problems. I am a Sonicwall partner.