Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 3122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.1 (Configure SMTP server settings)

PC_Junkie

Greetings Sophos community.  I have a Windows 2016 server that serves as the Sophos management server and has SEC 5.5.1 running with client version 10.8.4 VE 3.74.1.

When I attempt to configure the SMTP settings from SEC > Tools > Configure SMTP settings, I enter the SMTP server (by either IP or DNS Hostname) and try to test it, I get "SMTP settings do not refer to a valid SMTP server or the server is inactive".

In my testing, I've:

  • verified the SMTP server includes the Sophos host server's IP in the "allow list"
  • confirmed I can ping the SMTP server AND telnet to it using [telnet smtp-servername 25]
  • tried using the IP and DNS name of the SMTP server with the :25
  • verified the GP that is applied to the Sophos management server allows traffic on port 25 and 587

I'm at wits end with this as I missed an alert that a PC had detected an infection.  Being the sole admin for 250 host environment makes email notification critical.  Any help getting this to work would be appreciated.  Thanks in advance for your time.



This thread was automatically locked due to age.
  • 0

    Hi  

    Can you try restarting the following services on the server where the enterprise console is installed?

    • Sophos Agent
    • Sophos Message Router
    • Sophos Management Service


    Please make sure that you have the Enterprise console closed before you restart these services. You can follow Microsoft's KB to check the SMTP communication is working fine or not, use telnet as suggested in this article. Let me know if this helps. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Thank you for the reply and information.  Testing through your suggestions now.

  • 0 in reply to Shweta

    I stopped the services you specified and restarted them.  I got emails from the SEC (same ones I did when I restarted the server earlier) however still unable to use the test option in the SEC (same error message).

    I asked the Exchange/SMTP relay folks to check that there aren't any errors relating to this server.  

  • 0

    You could perform a network packet trace Wireshark from the SEC computer when performing a test/email test?  I've seen a few odd things regarding SMTP when using more obscure mail servers sending multi-liners banners etc.  What is the mail server out of interest? 

    Also, unless things have changed (I use Central more these days) the email alerts from SEC are more about thresholds than individual clients\alerts.  You can get the clients to send emails directly should they get a detection.

    If you lower the notification threasholds as a test, and then use the Eicar test file, can you get SEC to trigger an alert, you can also setup the email alert test from a client in policy also.  I just wonder if perhaps you're just seeing an issue with the test option, actual emails would be sent by SEC if the thresholds were breached and perhaps you're really after the clients sending emails.

  • 0 in reply to jak

    Hello PC_Junkie,

    there's a known issue with multiline responses but this should be fixed in 5.5.1. As jak suggests the packet trace is probably the fastest way to get some insight. Please note that this is a general message that covers any kind of failure - from an invalid name/IP, to unavailable port, timeout, unexpected response, to errors parsing the response. As you get a response with telnet it's likely one of the latter. Could you show the response?

    Christian

Unfiltered HTML