Transparent Mode on for port 465 and 587 - can't send

STMP/Advanced. Turned on 465 and 587 for Transparent mode. Sending failes - SMTP Log shows:

2019:05:22-16:09:20 astaro1-1 exim-in[32339]: 2019-05-22 16:09:20 SMTP connection from [64.145.65.7]:52789 (TCP/IP connection count = 1)
 
2019:05:22-16:09:22 astaro1-1 exim-in[32339]: 2019-05-22 16:09:22 SMTP connection from [192.168.1.9]:63135 (TCP/IP connection count = 2)
2019:05:22-16:09:32 astaro1-1 exim-out[20310]: 2019-05-22 16:09:32 1hTKRJ-0005As-Uz Completed
2019:05:22-16:09:40 astaro1-1 exim-in[20294]: 2019-05-22 16:09:40 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[64.145.65.7]:52789 input="\026\003\001"
2019:05:22-16:09:41 astaro1-1 exim-in[32339]: 2019-05-22 16:09:41 SMTP connection from [64.145.65.7]:52790 (TCP/IP connection count = 1)
 
Release 9.602-3
 
Any suggestions?
 
Or should I just leave the boxes unticked and be happy?
 
Thanks,
 
James.
  • This is the only log entry with useful information, but I cannot explain the error message.   You  would have to ask Sophos Support.

    2019:05:22-16:09:40 astaro1-1 exim-in[20294]: 2019-05-22 16:09:40
    SMTP protocol synchronization error (input sent without waiting for greeting):
    rejected connection from H=[64.145.65.7]:52789 input="\026\003\001"

    The log files capture data as events happen, but multiple things can happen at once.   So the first task is to find all of the entries that match.  To get a better picture, you need to find all of the entries that contain exim-in[20294]

    However, I do not understand what you are trying to do.   465 and 587 are normally used for a client such as Outlook to submit outbound messages to a mail server such as Exchange, using authentication.   I do not think the UTM SMTP server is intended to intercept that type of traffic, although it might work if the connection is unauthenticated.   

    If you are worried about your own clients being infected, I think you are better off concentrating on the antivirus configuration of the clients.   Many mail servers also support server-based anti-virus.   This technology prevents spam from spreading between internal users as well as preventing spam from internal users to external users.

    I think the SMTP server support for 465 and 587 are intended for situations where you want to allow a client device to submit authenticated messages using UTM as its outbound mail server and a UTM user object for the login.  I do not know if this configuration would work in transparent mode, since it assumes that UTM is the target of the connection.   At any rate, I believe mail should always be submitted through a real mail server, not through a perimeter device like UTM.   The fewer open ports, the better.

  • In reply to DouglasFoster:

    I think we need more information. The only way i use the UTM is as Smarthost sending with an Exchange Server behind it.

  • You don't want Transparent, James.  Turn that off and you'll be fine.  465 and 587 will work correctly then.

    Cheers - Bob

  • In reply to BAlfson:

    Thanks - I'll just leave those two boxes off and be happy.

    James.