Authenticated Relay

 Hello,

I would like to authorize authenticated relaying in XG.

I'm in MTA mode and I've created a user but when I tried with a SMTP client, it doesn't work.

It seems that the XG MTA don't ask/accept the AUTH command.

 

Regards,

Thibault

  • Dear Thibault

    Did you find any solution for this issue? I'm facing it in exactly the same way:

    220 sg-gw.mytestxgfirewall.ch ESMTP ready
    helo mytest.machine.local
    250 sg-gw.mytestxgfirewall.ch Hello mytest.machine.local [198.18.6.31]
    AUTH LOGIN
    502 Command not implemented

    I'm using the most current Version (17.1 GA).

    Kind Regards

    Christian

     

    Edit: Oh, there is possibly the answer here: https://community.sophos.com/products/xg-firewall/f/email-protection/103651/sophos-xg-smtp-mode-mta

  • Hi tdutrieux ,

    SMTP auth would not work , you may need to configure LDAP, AD connections with your mail server.

  • In reply to Aditya Patel:

    Hi, 

    "Authenticated relay" on XG is not like on UTM.

    Authenticated Relay on UTM is based on the SMTP transmission, while XG works via Policy authentication, like User based Firewall / live user. 

    Cheers

  • In reply to LuCar Toni:

    ManBearPig

    Authenticated Relay on UTM is based on the SMTP transmission, while XG works via Policy authentication, like User based Firewall / live user. 

    Cheers

    How do you mean this? There is a Authenticated Relay setting where Users can be set to allow them to send mails via Authenticated Relay. Do you have Authenticated Relay working? How does this need to be configured?

  • In reply to HuberChristian:

    In the meantime after 3 Weeks, I was able to get an valuable Answer from the support. I was told the following:

    1. Authenticated Relay as it's defined in SMTP Standard (tools.ietf.org/.../rfc4954) is currently NOT Supported on XG Firewall.
    2. Authenticated Relay on XG means, the User has to authenticate via STAS or SATC BEFORE he sends the Mail.
    3. Authenticated Relay as everybody in the world uses it (RFC4954) is going to be Implemented on SFOSv18.

    This is really awkward. I do have very few understanding for having implemented this not according the existing Standards. I have even less understanding for sophos not having documented it on a Public available KB.

  • In reply to HuberChristian:

    Where did you get the information from that it would be implementen in SFOSv18? I am really looking forward for this, but did not see it yet in the v18 manual.