Hello all, I have a fortigate firewall, and a groupwise 8 server. Recently, I rebuilt our groupwise 8 server, and put it behind my firewall, on a protected VLAN. I then NAT'd a virtual IP, on the fortigate, to the Groupwise 8 server. My old email address for the server was 199.xxx.xxx.xxx, so I nat'd that address to an internal address, IE:

199.216.xxx.xxx -->10.10.10.xxx

Everything works great, the world can see it, except that...Something weird is happening with sending..If I leave relaying off, I get a message when people send internally to an external email address:
550 relaying denied

If I add an exception, that allows relaying from the VLAN Gateway..then everything is fine, IE:

Allow email from--> 10.10.10.xx

to me this seems odd that I should have to do this...as well, recently, while relaying was on, our network was attacked from china..and since I had allowed relaying from 10.10.10.xx so that mail would be forwarded, all the mail coming in from my nat's address 199.216.xxx.xxx -> 10.10.10.xx was let thourgh, because tachnically, the NAT'd address, comes thorugh to this network, and relay allowed it.

So there lies my issue...not sure how to fix this...I really need to NOT allow these bozo's in, but I'm not sure why I need relaying in the first place...