This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound SMTP for Scan to email not working

We have setup an XG 135 running v18 MR4. Default out of the box our Canon Copier with scan to email is blocked. This was working on the firewall we pulled out, so we know the scan to email settings are working. We are scanning to port 2525 using smtp2go.

I have searched far and wide on how to allow outbound SMTP. Either it is for an earlier version (v17 or earlier) and does not directly translate.

I have tried both MTA and Legacy mode

I have created a service group for ports 2525, 465, 587 and created a firewall rule for Traffic to WAN.

I have watched the logs and not seen anything of value to help me troubleshoot.

Does anyone have instructions on how to allow a single IP to send outbound email over port 2525?

Thanks



This thread was automatically locked due to age.
Parents
  • Hello Jeremy,

    Thank you for contacting the Sophos Community.

    If you run a drop-packet-capture on the XG for port 2525 what do you see?

    console> drop-packet-capture 'port 2525'

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Here is the output:

     

    console> drop-packet-capture 'port 2525'                                        
    2021-04-16 19:22:02 0102021 IP 173.255.233.87.2525 > 96.36.225.244.2926 : proto 
    TCP: R 975563789:975563789(0) checksum : 39666                                  
    0x0000:  4500 0028 0000 4000 3206 6f60 adff e957  E..(..@.2.o`...W              
    0x0010:  6024 e1f4 09dd 0b6e 3a25 ec0d 0000 0000  `$.....n:%......              
    0x0020:  5004 0000 9af2 0000                      P.......                      
    Date=2021-04-16 Time=19:22:02 log_id=0102021 log_type=Firewall log_component=Inv
    alid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A i
    n_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=1c:ab:c0:08:34:c2 dest_
    mac=7c:5a:1c:84:ce:90 bridge_name= l3_protocol=IPv4 source_ip=173.255.233.87 des
    t_ip=96.36.225.244 l4_protocol=TCP source_port=2525 dest_port=2926 fw_rule_id=N/
    A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_
    id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_f
    ilter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 
    dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 conni
    d=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0     
                                                                                    
    2021-04-16 19:22:02 0102021 IP 173.255.233.87.2525 > 96.36.225.244.2926 : proto 
    TCP: R 975563859:975563859(0) checksum : 39596                                  
    0x0000:  4500 0028 0000 4000 3206 6f60 adff e957  E..(..@.2.o`...W              
    0x0010:  6024 e1f4 09dd 0b6e 3a25 ec53 0000 0000  `$.....n:%.S....              
    0x0020:  5004 0000 9aac 0000                      P.......                      
    Date=2021-04-16 Time=19:22:02 log_id=0102021 log_type=Firewall log_component=Inv
    alid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A i
    n_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=1c:ab:c0:08:34:c2 dest_
    mac=7c:5a:1c:84:ce:90 bridge_name= l3_protocol=IPv4 source_ip=173.255.233.87 des
    t_ip=96.36.225.244 l4_protocol=TCP source_port=2525 dest_port=2926 fw_rule_id=N/
    A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_
    id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_f
    ilter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 
    dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 conni
    d=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0     
                                                                                    
    2021-04-16 19:22:02 0102021 IP 173.255.233.87.2525 > 96.36.225.244.2926 : proto 
    TCP: R 975563890:975563890(0) checksum : 39565                                  
    0x0000:  4500 0028 0000 4000 3206 6f60 adff e957  E..(..@.2.o`...W              
    0x0010:  6024 e1f4 09dd 0b6e 3a25 ec72 0000 0000  `$.....n:%.r....              
    0x0020:  5004 0000 9a8d 0000                      P.......                      
    Date=2021-04-16 Time=19:22:02 log_id=0102021 log_type=Firewall log_component=Inv
    alid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A i
    n_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=1c:ab:c0:08:34:c2 dest_
    mac=7c:5a:1c:84:ce:90 bridge_name= l3_protocol=IPv4 source_ip=173.255.233.87 des
    t_ip=96.36.225.244 l4_protocol=TCP source_port=2525 dest_port=2926 fw_rule_id=N/
    A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_
    id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_f
    ilter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 
    dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 conni
    d=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0
  • Hi,

    2525 is not part of the smtp proxy ports. You would need to set a specific rule to allow that port using the http proxy and add that port to the proxy list if you want it scanned.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • When you say rule, are you meaning a firewall rule?

    I have created a Traffic to WAN rule with Copier IP address and a service group that has ports 2525, 465 and 587 in it.

    this current rule above is ANY and not just the copier IP

  • Hi,

    now in that rule tick the web box and allow all with the tick use http. Then try to see if access is allowed.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Do you mean this?

    It was None and I changed it to Allow All. Tried to scan to email and same result.

  • You need to tick the use web proxy and if feeling a bit adventurous scan http and decrypted https ( at this stage your are not decrypting https).

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • You need to tick the use web proxy and if feeling a bit adventurous scan http and decrypted https ( at this stage your are not decrypting https).

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children