Why Sophos UTM not sending emails out

I would assume that your ISP told you wrong.

1. Test DNS.   Can you do an MX Lookup on example.com using UTM as your recursive dns server?   Can you do a lookup on those mail server names and obtain an IP address.
2. Test with PING and TRACERT to see if you can get through the network to those devices.   No guarantee that they respond to ping, but I expect most of them will.
3. Test SMTP Connectivity.   Use the Microsoft Telnet client and try to "telnet mail.example.com 25".   If you do not get any response, you are getting blocked.   If you use Wireshark to monitor your test traffic, you may even see a reply packet that says "administratively blocked"

Of course, once you get connectivity solved, you have to get past the spam filters at the receiving end.   Have you updated your MX record in DNS?  Have you checked your domain and IP reputation using MXToolbox.com ?

Hey Douglas. Thanks for your response.

For 1, 2, 3 I've no issues. Already tested but have not tried wireshark yet.

For my external DNS has been updated. My mx record points to mail.mydomain.com.

If my ISP blocking port 25 I wouldn't be able to email out anything but some emails go through.

Any ideas what else could it be?

As Douglas says, go to mxtoolbox.com and check there.

A couple of things to also be aware of when changing IP address is:

1. Has the rDNS record been updated with the ISP as this can sometimes result in mail being bounced. Check this with mxtoolbox.
2. Have you got a true static IP and not a long lease from a dynamic range as this can cause mail to bounce also.

My rDNS points to my ISP as I'm not on a business plan however it was working before with my previous static IP still reverse DNS points to my ISP.

My IP doesn't change. It has changed because I asked my ISP to reset my connection to resolve the internet issue.

mxtoolbox resolves correctly to my new IP.

If th UTM is accepting the mail and spooling it, that suggests an issue with the outgoing. If some of it is going and some isn't, that elimates connectivity to the internet.

Are your SPF records ok?

SPF is correct including new IP and syntax is correct.

I've flush DNS from UTM.

Checked that I'm not blacklisted.

Nothing has changed other than updated my UTM which I don't think it's the issue and internet connection reset. Ran out of ideas :(

So, from the start:

1. Your internal mail server sends to the UTM

2. Some of that mail gets spooled on the UTM as the UTM is unable to send on the new external IP address?

That's correct. My UTM accepts email from my mail server no issues. I can send to gmail and my work domain as an example where I can't send to hotmail or office365 and other domains. Really strange one.

Just the same, "Connection timeout" means that the reply packet is not coming in.  You either have a routing problem or a packet drop problem.   Both are related to the mistakes made by your ISP.

Did you update your default gateway in UTM when you changed IP?   If you have an internal router that transmits through UTM transparently, it's default gateway needs to be updated as well.

I'm getting an IP dynamically from my ISP as well as GW.

My UTM is facing the internet behind a bridged modem.

If you think it's a routing or ISP issue why don't emails go out when I use a public or my ISP smtp?