Description:

This document describes how to set up the mail proxy in a LANCOM R&S®Unified Firewall. The mail proxy must be set up in order to use the Unified Firewall e-mail antivirus and antispam security features.
  • Notes on configuring the antivirus feature are available in following Knowledge Base article .
  • You can read about the options available with the antispam settings in the Unified Firewall user manual.

If an E-Mail domain is falsely classified  (either desired E-Mail is falsely classified as Spam or undesired E-Mail is not classified as Spam), please send the following information to  LANCOM Support . For the purpose of correction, LANCOM Systems will then forward the affected E-Mail domain to the OEM partner, who operates the Antispam servers.

  • E-Mail domain in the format @<domain.com>.
  • Copy of an E-Mail from the affected domain as a ZIP file.
  • Description of the problem.

Up until LCOS FX version 10.4.x, the mail proxy can only be used for the POP3 and SMTP protocols.

Use for the IMAP protocol is an option as of LCOS FX version 10.5.0.


Requirements:
  • LANCOM R&S®Unified Firewall with firmware as of version 10 and an activated Full License
  • A configured and functional Internet connection on the Unified Firewall
  • Web browser for configuring the Unified Firewall.

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox

Procedure:
1. Activating the mail proxy:
1.1. Enable the proxy in the menu UTM → Proxy → Mail proxy settings.
Standard Alt-Text für alle Bilder in diesem Dokument
1.2. Click on the Save button to confirm your settings.
  • Activate the option Verify server certificates if you require the mail proxy of your LANCOM R&S®Unified Firewall to validate server certificates.
  • If you choose the default setting Create certificates automatically, pseudo-certificates are automatically created for every mail server. If you select the option Select certificate, your LANCOM R&S®Unified Firewall uses one certificate for all mail servers. Select a certificate from the Proxy Certificate drop-down list.



2. Configuring how the mail proxy is used:
In this example, the LAN contains Windows PCs that each access their own mailbox. Throughout the LAN, access to e-mails is forced to go via the mail proxy of the Unified Firewall.
2.1. In the host/network groups desktop object for the LAN, click the connection icon and then click the WAN network object.
Generischer Alt-Text für Bild
2.2. The dialog with the settings for this connection is opened. Now you have to click on the NAT option for the POP3/POP3s, IMAP4 and/or SMTP/SMTPs service. Alternatively, you can click on the Pencil icon in the “Edit” column and then open the Advanced tab.
This image shows a technical configuration menu for LAN and WAN settings with options for URL content filtering, application filtering, and application-based routing, including editable rules and actions for various services.
2.3. Set a checkmark for the option Enable proxy for this service and click Save.
A screenshot of a complex user interface displaying various settings such as Persie wrens, NATMasquerading, and directional controls with obscured or incomplete text descriptions.
2.4. The entries in the list of services for POP3 and POP3s should appear as follows. Click on Save once again.
An image displaying a technical configuration interface for network management including sections for rules, URL content filters, application filters, and application-based routing with options for editing specific settings like Windows media.
2.5. Finally, implement the configuration changes by clicking Activate in the firewall.


3. Export certificate and import it on a Windows PC:
In this example, the LAN contains numerous Windows PCs that each access their own mailbox. Access should be directed via the mail proxy of the Unified Firewall.
3.1. Go to the menu Certificate management → Certificates.
3.2. Expand the Certificates menu and, for the certificate of the default Mail Proxy CA, click the export icon.
3.3. The certificate has to be exported in PEM format. Click the Export button to start the process.

If necessary click on the "double arrow" symbol next to the  Filter  field to expand the menu. In this example the menu is already expanded.

Image showing a user interface for managing network security certificates, including options for certificate export, firewall settings, monitoring statistics, and various certificate authorities.

3.4. On your computer, go to the folder where you exported the certificate.

3.5. In order to install the certificate under Windows, change the file extension from *.pem to *.crt .

Please note that you must have administrator rights to install the certificate on a Windows system.

3.6. Click the certificate file and acknowledge the subsequent security warning with OK.

3.7. In the Certificate dialog, select the option Install certificate.

3.8. In this example, the certificate installed on the local computer is to be used by all users of this computer.

3.9. Select the option Place all certificates in the following store, click Browse and select the Trusted root certification authorities store.

3.10. Click Next and continue until the Certificate Import Wizard is finished.

3.11. This concludes the certificate import. Any popular browser will be able to use the certificate after the computer is restarted.

Repeat the certificate import procedure (steps 3.7 to 3.11) on all of the other computers in the LAN.

 

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH