Good day,
I have been fighting to get Sophos XG to accept incoming email in MTA mode for a few days now, and I'm not sure if I've somehow broken the config or if there's a bug?
My ISP seems to block port 25 everywhere, so my scenario for SMTP is:
- Offsite hosted mail relay
- Onsite mail server in DMZ zone
- DMZ, WAN and LAN zones have "SMTP Relay" enabled
- SMTP deployment mode: MTA
- Smarthost configured to offsite relay
- Relay settings
+ Upstream host - allow relay server only
+ Host based relay - allow internal mail server only
- Offsite server set to deliver to 587 of WAN Port on XG
Where I'm stuck is:
- exim is running on the XG, and is listening on port 587
- Firewall rule set to accept all traffic from anywhere to WAN port 587 (top rule)
- I cannot open a TCP connection to port 587 to XG from anywhere except localhost on XG
- tcpdump port 587 shows incoming packets, no replies
- Firewall log on XG has zero records for incoming requests to port 587!
I have tried:
- removing all the auto generated rules (Firewall & NAT rules), and configuring by hand, with no success.
- disabling SMTP/SMTPS scan on the firewall rule
- disabling/re-enabling SMTP relay on WAN zone
If I switch the SMTP mode to Legacy, and NAT port 587 through to my internal server (not desired), that works.
Anyone able to point me in the right direction to get the XG to accept SMTPS (587) connections?
TIA
This thread was automatically locked due to age.
