This article describes how to workaround the issue when e-mail proxy is reconfigured in legacy mode and greylisting is enabled on the server side.
Applies to the following Sophos products and versions Sophos Firewall
If greylisting is enabled on the server side, all subsequent mails are getting rejected. This is because legacy mode doesn't support e-mail retry. If e-mail fails to be sent, legacy mode proxy generates a notification and inform the sender. So, as per greylisting, failed e-mail should retried but this is rejected with this log entry: "451 Temporary local problem, please try again!".
MTA will queue e-mails and retries it if failed to forward. So, e-mail gets rejected the first time due to greylisting but on next retry, it passes greylisting and gets delivered, and all subsequent e-mails will also gets delivered. Please refer to Sophos XG Firewall: How to configure Email Protection in MTA mode for detailed instructions.
There is one configuration parameter in static configuration file in legacy mode that needs to be added. Sender e-mail server will get an error response from the server immediately. Sender e-mail server then knows that mail was rejected, so it will try it again and it will pass greylisting. All subsequent e-mails will also be delivered.
Login to the command line interface (CLI) and choose option 5. Device Management then option 3. Advanced Shell, to run the following commands:
mount -o remount,rw /
service -ds nosync awarrensmtp:stop
service -ds nosync awarrensmtp:start
There are 2 side effects from this workaround:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.