This article aims to help with setting up IceWarp Server working with an external gateway. It should help you set up IceWarp to process messages through antivirus, antispam, and blacklist/whitelist modules, just like they would come from an external source (not from a trusted IP).
MX record pointing to the IP of the server acting as the mail gateway or MX record pointing to the MTA service provider. Gateway and service provider would be forwarding mail to the IceWarp server.
The IceWarp Server would handle mail from these sources as it would any regular source as long as the source IPs are not trusted. It is also necessary to ensure the forwarding of the source IP address of the original senders' IP, meaning NAT should not be used to ensure the correct functionality of all Antispam checks and features.
Use the Console or Webadmin to be sure the source IPs are not listed.
Console: Mail > Security > General > Trusted IPs
WebAdmin: Settings > API Console > Search for "security_relay_iplist"