Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 3366 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent Mode on for port 465 and 587 - can't send

jlbrown

STMP/Advanced. Turned on 465 and 587 for Transparent mode. Sending failes - SMTP Log shows:

2019:05:22-16:09:20 astaro1-1 exim-in[32339]: 2019-05-22 16:09:20 SMTP connection from [64.145.65.7]:52789 (TCP/IP connection count = 1)
 
2019:05:22-16:09:22 astaro1-1 exim-in[32339]: 2019-05-22 16:09:22 SMTP connection from [192.168.1.9]:63135 (TCP/IP connection count = 2)
2019:05:22-16:09:32 astaro1-1 exim-out[20310]: 2019-05-22 16:09:32 1hTKRJ-0005As-Uz Completed
2019:05:22-16:09:40 astaro1-1 exim-in[20294]: 2019-05-22 16:09:40 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[64.145.65.7]:52789 input="\026\003\001"
2019:05:22-16:09:41 astaro1-1 exim-in[32339]: 2019-05-22 16:09:41 SMTP connection from [64.145.65.7]:52790 (TCP/IP connection count = 1)
 
Release 9.602-3
 
Any suggestions?
 
Or should I just leave the boxes unticked and be happy?
 
Thanks,
 
James.


This thread was automatically locked due to age.
Parents
  • 0

    This is the only log entry with useful information, but I cannot explain the error message.   You  would have to ask Sophos Support.

    2019:05:22-16:09:40 astaro1-1 exim-in[20294]: 2019-05-22 16:09:40
    SMTP protocol synchronization error (input sent without waiting for greeting):
    rejected connection from H=[64.145.65.7]:52789 input="\026\003\001"

    The log files capture data as events happen, but multiple things can happen at once.   So the first task is to find all of the entries that match.  To get a better picture, you need to find all of the entries that contain exim-in[20294]

    However, I do not understand what you are trying to do.   465 and 587 are normally used for a client such as Outlook to submit outbound messages to a mail server such as Exchange, using authentication.   I do not think the UTM SMTP server is intended to intercept that type of traffic, although it might work if the connection is unauthenticated.   

    If you are worried about your own clients being infected, I think you are better off concentrating on the antivirus configuration of the clients.   Many mail servers also support server-based anti-virus.   This technology prevents spam from spreading between internal users as well as preventing spam from internal users to external users.

    I think the SMTP server support for 465 and 587 are intended for situations where you want to allow a client device to submit authenticated messages using UTM as its outbound mail server and a UTM user object for the login.  I do not know if this configuration would work in transparent mode, since it assumes that UTM is the target of the connection.   At any rate, I believe mail should always be submitted through a real mail server, not through a perimeter device like UTM.   The fewer open ports, the better.

  • 0 in reply to DouglasFoster

    I think we need more information. The only way i use the UTM is as Smarthost sending with an Exchange Server behind it.

    Regards

    Jason

    Sophos Certified Architect - UTM

Reply Children
No Data
Unfiltered HTML