SophosXG v19 ((home) - redirect Mail requests to an external (open source) secure mail gateway

Question

Hello Community, 
 if upgrade to SophosXG v19 (Home Edition) and it takes a view minutes, but is was well done. now i would like to scan/monitor the form/to sender and the definition of "white/gray/black" listet mails that are coming trough SophosXG I've no internal Mailserver and no Sophos Central in place. An SSL Certifikate from my external FQDN can be served for this solution, My challange How to configure SophosXG to redirect all out-/ingoing requests trough the mail ports in the 1st steop to my SMG in the extranet to filter the mail traffic ? My Client connection is always established from the LAN to the WAN when the client is running. There is no DNAT in place. 
 Does anyone here have an idea how/if to configure this in the SophosXG 
 Thanks to all in advance.

PhilippRusch · Answer

He was asking for incoming mail, too. 
 You have to define an "SMTP-Policy" und "Email/Policies&Exceptions" where you set up a "Domain and routing target" with a static route to your (external) mailserver.

Peter-Paul Gras · Answer

When you configure you're XG in MTA mode it will scan your outgoing mail. It will then send it to the configured relay server.

PhilippRusch · Answer

I don't get you, or it is a complete misunderstanding of the concept of "Email protection in MTA-mode". 
 The Sophos XG Email protection IS scanning both incoming and outgoing mails, if configured properly. 
 That is for incoming mail: set your MX to your public IP of the Sophos XG firewall's external interface ("WAN"). 
 For outgoing mail, your mails are scanned by the "Email protection" module as well, no need for another server. 
 Have a look here: https://www.sophos.com/de-de/medialibrary/PDFs/documentation/SophosFirewall/Pocket-Guides/ProtectCloudhostedEmailServerMTAMode.ashx

SophosXG v19 ((home) - redirect Mail requests to an external (open source) secure mail gateway

Top Replies