Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 3133 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.1 (Configure SMTP server settings)

PC_Junkie

Greetings Sophos community.  I have a Windows 2016 server that serves as the Sophos management server and has SEC 5.5.1 running with client version 10.8.4 VE 3.74.1.

When I attempt to configure the SMTP settings from SEC > Tools > Configure SMTP settings, I enter the SMTP server (by either IP or DNS Hostname) and try to test it, I get "SMTP settings do not refer to a valid SMTP server or the server is inactive".

In my testing, I've:

  • verified the SMTP server includes the Sophos host server's IP in the "allow list"
  • confirmed I can ping the SMTP server AND telnet to it using [telnet smtp-servername 25]
  • tried using the IP and DNS name of the SMTP server with the :25
  • verified the GP that is applied to the Sophos management server allows traffic on port 25 and 587

I'm at wits end with this as I missed an alert that a PC had detected an infection.  Being the sole admin for 250 host environment makes email notification critical.  Any help getting this to work would be appreciated.  Thanks in advance for your time.



This thread was automatically locked due to age.
Parents
  • 0

    You could perform a network packet trace Wireshark from the SEC computer when performing a test/email test?  I've seen a few odd things regarding SMTP when using more obscure mail servers sending multi-liners banners etc.  What is the mail server out of interest? 

    Also, unless things have changed (I use Central more these days) the email alerts from SEC are more about thresholds than individual clients\alerts.  You can get the clients to send emails directly should they get a detection.

    If you lower the notification threasholds as a test, and then use the Eicar test file, can you get SEC to trigger an alert, you can also setup the email alert test from a client in policy also.  I just wonder if perhaps you're just seeing an issue with the test option, actual emails would be sent by SEC if the thresholds were breached and perhaps you're really after the clients sending emails.

  • 0 in reply to jak

    Hello PC_Junkie,

    there's a known issue with multiline responses but this should be fixed in 5.5.1. As jak suggests the packet trace is probably the fastest way to get some insight. Please note that this is a general message that covers any kind of failure - from an invalid name/IP, to unavailable port, timeout, unexpected response, to errors parsing the response. As you get a response with telnet it's likely one of the latter. Could you show the response?

    Christian

Reply
  • 0 in reply to jak

    Hello PC_Junkie,

    there's a known issue with multiline responses but this should be fixed in 5.5.1. As jak suggests the packet trace is probably the fastest way to get some insight. Please note that this is a general message that covers any kind of failure - from an invalid name/IP, to unavailable port, timeout, unexpected response, to errors parsing the response. As you get a response with telnet it's likely one of the latter. Could you show the response?

    Christian

Children
No Data
Unfiltered HTML