Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
i've got a strange issue, at least for me.
Once i had an older versoin of Sophos (I think it was 9.5 or similar) where i was not able to telnet the smtp port of my sophos. Which was fine, as the port was not visible to the outsiders. Nethertheless sophos accepted mails for redirecting it to an internal Linux SMTP server.
Today, working in other companies i see that TCP Port 25 is open for telnet on Sophos with similar (in fact the same) configurations like an exchange server for mails.
So what's the deal about it? Am i misundertanding something?
Furthermore, is there a possibility to change the message that appears if i execute "telnet EXTERNALIP 25" , as this gives me the internal hostname and i don't really think that this is a good idea:
220 myinternalserver.company.com ESMTP ready.
Hi Rumak18 Could you please let us know the setup of the email/exchange server?Did you configure DNAT in the firewall to allow port 25 access from WAN side?
In reply to Keyur:
no, there is neither a DNAT Rule for allowing SMTP nor a packet filter rule for this.
Configuration is set to route mails to my "host list" . There is one exchange server included.
For any device to accept emails, it will have to allow SMTP connection from any IP on the internet (As Sending Email server can be from anywhere). Unless you're accepting an Email from upstream Smart-host only, you will be able to Telnet on External IP on SMTP ports. There's nothing wrong with it.
In reply to Jaydeep:
Hmmm...and we‘re not even able to change the message one gets when connecting via telnet?
In reply to Rumak18:
Well, you can not change the message entirely if you're using UTM for the Email Protection. However, you may specify the SMTP hostname which will be used in HELO and SMTP banner strings. You can configure it under Email Protection > SMTP > Advanced | Advanced Settings.
thank you for your answers. In fact i was wrong. The old smtp server i've worked with is also reachable with "telnet SERVERNAME 25".
Changing the smtp hostname is no option as this would give me other problems in the process of smtp processing e-mails.