Questions

Xerox Scan to Email

Tags:
+
0 Votes
Locked

Xerox Scan to Email

bladerunner13
I've just recently put up a SmoothWall 3.0 Express firewall and almost everything seems to be working well with the exception of my Xerox printers. I can no longer scan to email with them for some reason that's beyond me. They worked fine with no firewall. The printers in question are a Xerox W/C 7655 and four Phaser 3635 MFP's. It looks like a DNS issue, at least that's the error from the printers but I don't see why. Any ideas? Thoughts?

Thanks for your input
  • +
    1 Votes
    markp24

    can you ping the email server address by its dns name?
    do you have the email server in a dmz? (firewall you just put up between the printer and the mail server?)

    +
    0 Votes
    bladerunner13

    Our email server is hosted and no I can't ping it from within. No dmz's are configured either.

    +
    0 Votes
    WCarlS

    Can you ping your mail servers? Even if they're hosted, you should still be able to reach them? Are they using someting other than Port 25? Can you ping your Xerox machines? By name or by IP? Confirm that your Xerox machine names are in the firewall's Allowed list.

    +
    1 Votes
    robo_dev

    Do they use a web-client, or send from something like Outlook Express?

    If they use a client like Outlook, then of course the printers need to be configured identically with respect to SMTP settings.

    If your clients use webmail, I would configure a client like Thunderbird or Outlook on a PC to validate exactly what settings work with your ISP.

    Normally a mail server would require authentication and often requires TLS, meaning it's not using port 25, it's using port 110. Make sure the authentication type is correct.

    Your ISP email is only going to allow email sent from a specific sender with login credentials, so make sure that's set properly at both ends.

    +
    0 Votes
    bladerunner13

    I'll reply to the last two posts. I can't ping the mail servers from inside, they both use ports 25 and 587, neither config works anymore on the inside. The printers are in the allowed lists but from what I've read about SmoothWall and IPCOP there should be no problems with smtp being blocked.
    The clients use Outlook 2010, authentication is setup on the printers with a valid email address that does work, but only outside the firewall. Perhaps I'm setting the rules up wrong on the proxy. Could my isp somehow disallow smtp from behind a firewall. Sorry, probably a silly question but......I'm kinda stumped, lol

    +
    0 Votes
    robo_dev

    In order to do TLS, the firewall cannot simply proxy SMTP, since most proxies cannot process encrypted packets properly. Both VPN and TLS traffic have to be treated special, thus the firewall/proxy must do something different.

    First of all, do you have outbound firewall rules so you can get to your ISP mail server?

    See "Block Unauthorised Outbound Mail Traffic" on the page below:
    http://martybugs.net/smoothwall/iptables.cgi

    +
    0 Votes
    bladerunner13

    Thanks for the advice. I gave that a try but to no avail. I'm thinking because dns seems to be a problem with the firewall and the mail servers in question don't have ptr records there may not be much I can do. Our previous firewall was freebsd which crashed and I know nothing about but perhaps its time to build another one as a test machine. Our scan to email function worked with it soooo......

    +
    0 Votes
    robo_dev

    Since it worked before, your site appears to the ISP email server just like it did before, reverse DNS or not.

    Have you tried configuring the device to send to the IP address of the mail server vs the DNS name?

    Also, is the DNS setting in the printer correct? It may have to do with the way the Smoothwall forwards DNS requests, thus perhaps set the DNS server to be the real ISP DNS server, vs the gateway/router.

    Maybe has something to do with static DNS entries in the Smoothwall for your ISP?

    +
    0 Votes
    bladerunner13

    Nothing seems to work, I tried FreeBSD but the documentation for that is poor. I'll keep the SmoothWall running and have one printer off the network designated as the scanning station. Not optimum but until I find a fix it'll have to do. Thanks for all your advice

  • +
    1 Votes
    markp24

    can you ping the email server address by its dns name?
    do you have the email server in a dmz? (firewall you just put up between the printer and the mail server?)

    +
    0 Votes
    bladerunner13

    Our email server is hosted and no I can't ping it from within. No dmz's are configured either.

    +
    0 Votes
    WCarlS

    Can you ping your mail servers? Even if they're hosted, you should still be able to reach them? Are they using someting other than Port 25? Can you ping your Xerox machines? By name or by IP? Confirm that your Xerox machine names are in the firewall's Allowed list.

    +
    1 Votes
    robo_dev

    Do they use a web-client, or send from something like Outlook Express?

    If they use a client like Outlook, then of course the printers need to be configured identically with respect to SMTP settings.

    If your clients use webmail, I would configure a client like Thunderbird or Outlook on a PC to validate exactly what settings work with your ISP.

    Normally a mail server would require authentication and often requires TLS, meaning it's not using port 25, it's using port 110. Make sure the authentication type is correct.

    Your ISP email is only going to allow email sent from a specific sender with login credentials, so make sure that's set properly at both ends.

    +
    0 Votes
    bladerunner13

    I'll reply to the last two posts. I can't ping the mail servers from inside, they both use ports 25 and 587, neither config works anymore on the inside. The printers are in the allowed lists but from what I've read about SmoothWall and IPCOP there should be no problems with smtp being blocked.
    The clients use Outlook 2010, authentication is setup on the printers with a valid email address that does work, but only outside the firewall. Perhaps I'm setting the rules up wrong on the proxy. Could my isp somehow disallow smtp from behind a firewall. Sorry, probably a silly question but......I'm kinda stumped, lol

    +
    0 Votes
    robo_dev

    In order to do TLS, the firewall cannot simply proxy SMTP, since most proxies cannot process encrypted packets properly. Both VPN and TLS traffic have to be treated special, thus the firewall/proxy must do something different.

    First of all, do you have outbound firewall rules so you can get to your ISP mail server?

    See "Block Unauthorised Outbound Mail Traffic" on the page below:
    http://martybugs.net/smoothwall/iptables.cgi

    +
    0 Votes
    bladerunner13

    Thanks for the advice. I gave that a try but to no avail. I'm thinking because dns seems to be a problem with the firewall and the mail servers in question don't have ptr records there may not be much I can do. Our previous firewall was freebsd which crashed and I know nothing about but perhaps its time to build another one as a test machine. Our scan to email function worked with it soooo......

    +
    0 Votes
    robo_dev

    Since it worked before, your site appears to the ISP email server just like it did before, reverse DNS or not.

    Have you tried configuring the device to send to the IP address of the mail server vs the DNS name?

    Also, is the DNS setting in the printer correct? It may have to do with the way the Smoothwall forwards DNS requests, thus perhaps set the DNS server to be the real ISP DNS server, vs the gateway/router.

    Maybe has something to do with static DNS entries in the Smoothwall for your ISP?

    +
    0 Votes
    bladerunner13

    Nothing seems to work, I tried FreeBSD but the documentation for that is poor. I'll keep the SmoothWall running and have one printer off the network designated as the scanning station. Not optimum but until I find a fix it'll have to do. Thanks for all your advice