Were using GFI MailEssentials on Exchange 2003. We have some remote users using IMAP/SMTP (due to limitations of their mail client). We use SSL on IMAP and TLS on SMTP. To send mail, these clients use authenticated SMTP (username/password) to the server.
However, it appears that GFI is filtering the messages from these authenticated sessions as if they were coming from an untrusted source. When the source IP fails the DNS blocklist, for example, because they're on a dynamic IP address, messages to internal recipients get blocked.
Is there a way in GFI to have authenticated SMTP sessions whitelisted or otherwise bypass the spam filtering engine to avoid this behavior?
The way to do this, apparently, is to create a new virtual SMTP server dedicated for trusted sessions. Bind it to port 587 and disallow anonymous users. Then, reconfigure all of your clients to use port 587 instead of 25 for SMTP.
There's also a bug in MailEssentials where the GFI will continue to monitor mail from both virtual servers, even though the GUI indicates it's only bound to the default server. To fix this, one needs to select the server on port 587, apply, then select the default server, and apply.