Home Page


Email & Spam

Security Terminology

Security Topics

VPN & Cryptography



Email Security and Spam Terminology

Zero Day Window


Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Email Load balancing

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Outbound email filtering

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails


Spoofed email

Stopping spam for Networks guide

Email Throttling

What is Spam

Which Spam filter

Whitelists and Blacklists


Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?


What is Guide

What is a Firewall?

What is a Virus?

What is Spam?


Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security



Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?





Email Server - Port Forwarding


You can use either of the following methods to route email messages to your spam proxy firewall as below;

• Port forwarding is used when a spam proxy firewall is behind a corporate firewall running NAT (Network Address Translation)

• MX records are used when a spam proxy firewall is located in a DMZ with a routable public IP address


Port Forwarding

If your spam proxy firewall is behind a corporate firewall, you need to setup port redirection (port forwarding) of incoming SMTP traffic (port 25) to the spam proxy firewall.


MX Records

If your spam proxy firewall is in the DMZ (not protected by your corporate firewall), follow the below guide to route incoming email messages to the server:


How email is routed over the internet

Mail servers send and receive email for and from specified domains.


DNS – is used to identify where email should be delivered. A minimum of two DNS records are used when delivering email.

MX records – Specify which email servers should accept email for each domain

A records – Identifies the IP addresses of each email server.

With the above records specified email can then be routed from email servers to email servers over the internet.


DNS changes required as below

1 Create a DNS entry for your spam firewall.

The following example shows a DNS entry for a spam firewall with a name of firewall and an IP address of

firewall.company.com               IN           A


2 Change your DNS MX Records.

The following example shows the associated MX record with a priority number of 5:

IN        MX      5          firewall.company.com


If you are intending to host your own spam firewall and domain, then you would need to register a domain with an ISP, purchase some public IP addresses, and either give a public address directly to the spam firewall itself or use port forwarding via the corporate firewall. If you do have a public address on the corporate firewall and are intending to use port forwarding, then you would not need any more public addresses. You would need to specify the relevant MX and A records via your ISP, usually done via a control panel on the ISP website. This is to tell the world where to route the company's emails destined for that particular domain.

Further Reading

Wikipedia's guide to Port Forwarding