Can't send and receive mail Sophos UTM SG210

Hi cheikh ka 

Are you using Email Protection in Sophos UTM? Or have you configured a simple firewall rule to allow SMTP traffic? Also, check your Public IP and see if it's listed in any RBL.

Fisrt I activate email protection it was working and after a long time it stops working

but even I disable email protection it doesn't work

As said I allow emails ports by a firewall rule

should I understand by your question that I should use firewall rule or email protection, but not both of them?

Hi cheikh ka 

You should only use one of them. Please refer to this KBA: Sophos UTM: Email Protection Basics. Also, check if the database is working fine or not. If the database of UTM fails, it also stops the Email communication in UTM.

Hi Jaydeep,

Thanks for your suggestions

where is UTM database and how to get it on hands?

You means by that I should delete firewall rule and just use email protection?

Salut,

Compare your configuration to Basic Exchange setup with SMTP Proxy and tell us what you're doing differently.

Cheers - Bob

Hi,

Mail are working but i didn't change anything

and a precision, when i got the issue even i disable Mail Protection it was not working

This is my problem The mail can work 3 weeks and stop working 2 or 3 days

The Mail server is on cloud and guys who are administering says that nothing happend there 

The difference of configuration are :

- 'Routing': Add yourdomain.com to 'Domains', choose 'Route by' insted of "Static host list"  select "DNS hostname"  and give the name of DNS hostname" and add the host definition for your Exchange server. 'Verify recipients' "with callout."

• - 'AntiVirus': should be OK as delivered here i don't have this items 
• - 'AntiSpam': 'Reject at SMTP Time' "Confirmed Spam." Check 'Use recommended RBLs'. For your 'Spam filter' selections, click on the ? at the top of the page to read the help and decide for yourself, i select (Spam action: Quarantine, Confirmed spam action:Quarantine, Spam Maker : SPAM .  All of the 'Advanced anti-spam features' should be selected. I usually deselect 'Greylisting', but others here like it , I don't have this
• - 'Exceptions': should be OK as delivered, there no exception here
• - 'Relaying': If your Exchange server also receives mail via an upstream host, you'll need to add the upstream host to the list at the top. Add the host definition for Exchange to 'Host-based relay'; don't include your internal network. Do leave 'Authenticated relay' empty. At the bottom, select to have outgoing mail scanned. in Upstream Hosts/Networks i added the IP and Server Mail name here and in Allowed Hosts/Networks i added my local network range that sould send and receive mails
• - 'Advanced': Don't select 'Use transparent mode'! In 'Advanced settings', modify if needed the 'SMTP hostname' and/or 'Postmaster address'
• in Advanced with Transparent Mode item under Select transparent mode ports i check Port 25, 465, 587, under "Skip Transparent Mode Hosts/Nets" i selelect any and check Allow SMTP traffic for listed hosts/nets
• Under TLS setting, with TLS certificate i select webadmin certificate for xxxx, in TLS version i select TLSv1 or Higher

i need to know what is the problem exactly

Hi cheikh ka 

It would be a good thing to look at the Email logs when you were facing the issue. Or also check the tcpdump on SMTP ports while you're facing an issue. Would you have look at SMTP logs and see if you can find anything unusual?

Hi,

Where to look at the Email logs ? Email server you mean?

How to check the tcpdump on SMTP ports ? 

How and where to look at SMTP logs ? 

i need a step by step manuals please

Hi cheikh ka 

You should browse to  Logging & Reporting > View Log Files > Archived Log Files and check for SMTP proxy and download the logs for the days when you were facing the issue.

For the live troubleshooting with tcpdump, you need to take SSH access of the UTM and start packet capture and download the PCAP file following this KBA: https://community.sophos.com/kb/en-us/134286