Short Answer:
- Create an "address object" on the SonicWALL for the LAN IP of your Exchange server. Name it something like InternalMailServer and use the IP address of your Exchange server.
- Setup a port forward for inbound SMTP traffic addressed to your public IP address (same as your MX record on your public DNS registration) directing it to address object InternalMailServer .
- Setup rules on the SonicWALL
- Deny all SMTP from LAN to WAN.
- Allow SMTP InternalMailServer in LAN zone to WAN.
- Allow SMTP from WAN to InternalMail in LAN zone.
- Make sure your MX record is defined/recorded with your public domain.
- You should also have PTR record for your mail server.
Regarding the SMTP rules, rules 1 & 2 restrict outbound SMTP traffic to ONLY your designated mail server. This helps keep your mail server from being blocked as a result of in infected computer inside your network spamming using your firewall's public IP address. If you have a mail filter server, you will need to modify the above configuration after testing it successfully.
Note: Many of the SonicWALL appliances have a pretty good SMTP wizard supporting an internal mail server. Said wizards walk you through most of the above steps and help "cover the bases". Having used the wizard to setup your Exchange server traffic to/from the Internet; having taken care of your public DNS; and having tested SMTP traffic to/from your mail server and the outside world; then you can backup and modify the configuration (if needed) to support a mail filter server, if desired.
- Tom
