Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 4 subscribers
  • Views 11970 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email Protection - SMTP Log without entries when transparent mode disabled

KereJehremathi

Hi there,

 

Having inherited a Sophos Firewall and being fairly new to these appliances, I have an issue I struggle to get my head around.

 

On the device we're using Email protection to check the emails, currently (unfortunately) transparent mode is currently active.

A DNAT for the incoming SMTP traffic is enabled.

When I disable the transparent mode, emails are still flowing but I can't see anything in the SMTP log.

From what I read in BAlfson's setup guide, the DNAT entry takes priority so as a test I turned it off which led to emails not being transmitted at all.

 

What settings am I missing to get the emails flowing and visible in the SMTP log and the transparent mode turned off?

 

Thanks for any input in advance & kind regards

Kere



This thread was automatically locked due to age.
Parents
  • 0

    Hoi Kere and welcome to the UTM Community!

    Basic Exchange setup with SMTP Proxy might be helpful, too.

    Cheers - Bob
    PS The reason you don't want to use Transparent except for debugging purposes is that any infected device could relay off the UTM and get your IP onto all of the blacklists - not fun!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

     

    I did follow the recommendations but had issues with the mails not being visible in the Mail Manager afterwards.

     

    Adding the smarthost entry on the Exchange server did help to some extend - emails are being received correctly and are visible within the Mail Manager, sending emails isn't working, though.

     

    The outgoing emails only showed up in the log after I reverted back to the old settings.

     

    Any idea what I may have missed?

     

    Kind regards

     

    Kere

  • 0 in reply to KereJehremathi

    "The smart host setting in the SMTP Connector in Exchange Manager must point to the "Internal (Address)" of the Astaro. If you already had a different setting in Exchange, pointing at an external smart host that you must use, you must transfer that to the Astaro's 'Smarthost settings' at the bottom of the 'Advanced' tab."

    You should not use Transparent SMTP Proxy except to debug.  You've now proven that Exchange was sending emails directly out instead of using the SMTP Proxy as a smart host.  I'll guess that the smart host setting that Exchange is using is still your old smart host or, if you didn't have a smart host setting before, that your smart host setting in Exchange isn't done correctly.  That setting should have nothing to do with whether Exchange can receive emails - I bet you're now seeing inbound emails in the SMTP log because you disabled the old DNAT that you had that forwarded emails directly to your server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

     

    I used the following settings on the UTM and Exchange Server:

     

    UTM

    Network Protection > NAT - Exchange DNAT rule disabled

    SMTP > Global - Simple Mode

    SMTP > Routing - Domain: my Domain, host list: my Exchange Server, verify recipients: with callout

    SMTP > Malware - Standard Settings, dual scan

    SMTP > AntiSpam - Standard Settings

    SMTP > Data Protection - Standard Settings

    SMTP > Exceptions - communication to VOIP server

    SMTP > Relaying - allowed Hosts/Networks: my Exchange Server, scan relayed (outgoing) Messages: ticked

    SMTP > Advanced - transparent mode: ticked, SMTP hostname: mail.mydomain; use smarthost: not ticked

     

    Exchange Server

    mail flow > send connectors > active connector > delivery > smarthost: internal IP of firewall

     

    Prior to the change, the send connector was using the associated MX entry to send the emails.

    Previously a different connector was used which had a smarthost defined.

    It shouldn't have an impact as it's set to inactive and the parameters aren't longer valid either.

     

    Am I missing another Setting with the Exchange configuration?

     

    Kind regards

     

    Kere

  • 0 in reply to KereJehremathi

    That all seems right, Kere.

    Is the Host object for the Exchange server the same one on both the 'Routing' and 'Relaying' tabs?

    The only other thing I can think of is a packet capture that sees what destination IP Exchange is sending to.  That should give a hint as to what the problem is.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to KereJehremathi

    That all seems right, Kere.

    Is the Host object for the Exchange server the same one on both the 'Routing' and 'Relaying' tabs?

    The only other thing I can think of is a packet capture that sees what destination IP Exchange is sending to.  That should give a hint as to what the problem is.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML