Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosXG v19 ((home) - redirect Mail requests to an external (open source) secure mail gateway

Chris GER

Hello Community,

if upgrade to SophosXG v19 (Home Edition) and it takes a view minutes, but is was well done.
now i would like to scan/monitor the form/to sender and the definition of "white/gray/black" listet mails that are coming trough SophosXG
I've no internal Mailserver and no Sophos Central in place. An SSL Certifikate from my external FQDN can be served for this solution,

My challange
How to configure SophosXG to redirect all out-/ingoing requests trough the mail ports in the 1st steop to my SMG in the extranet to filter the mail traffic ? My Client connection is always established from the LAN to the WAN when the client is running. There is no DNAT in place.

Does anyone here have an idea how/if to configure this in the SophosXG


Thanks to all in advance.



This thread was automatically locked due to age.
  • 0

    If you have XG configured in MTA mode try Email > General settings > Smarthost settings

    This will send outgoing mail to an external relay server.

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
    • 0 in reply to Peter-Paul Gras

      He was asking for incoming mail, too.

      You have to define an "SMTP-Policy" und "Email/Policies&Exceptions" where you set up a "Domain and routing target" with a static route to your (external) mailserver.

      Mit freundlichem Gruß, best regards from Germany,

      Philipp Rusch

      New Vision GmbH, Germany
      Sophos Silver-Partner

      If a post solves your question please use the 'Verify Answer' button.

      • 0 in reply to PhilippRusch

        thanks for your response. you are right, the "pre-scan" of mails and links / attatchments should be also given in the inbound traffic. any idea from your site, perhapse a product, that can be used outsite the LAN/DMZ intrastructure that scan the registered mailboxes of an public provider and move junk mails directly to the junk forder in an recommended cycle ? 

        thanks and regards
        Chris 

        • 0 in reply to Chris GER

          I don't get you, or it is a complete misunderstanding of the concept of "Email protection in MTA-mode".

          The Sophos XG Email protection IS scanning both incoming and outgoing mails, if configured properly.

          That is for incoming mail: set your MX to your public IP of the Sophos XG firewall's external interface ("WAN").

          For outgoing mail, your mails are scanned by the "Email protection" module as well, no need for another server.

          Have a look here: https://www.sophos.com/de-de/medialibrary/PDFs/documentation/SophosFirewall/Pocket-Guides/ProtectCloudhostedEmailServerMTAMode.ashx

          Mit freundlichem Gruß, best regards from Germany,

          Philipp Rusch

          New Vision GmbH, Germany
          Sophos Silver-Partner

          If a post solves your question please use the 'Verify Answer' button.

        • 0 in reply to Peter-Paul Gras

          Hello Peter,
          thank you very much for your quick reply. If I configure MTA mode on my XG, can I send all, outgoing mail traffic through a relay server (in my administration) that will scan the mail for example and make sure there are no malicious attachments / link in it?
          if the mail is clean, i want to relay the mail to the actual hoster of the mailboxes so that the mail is allowed to send out to the receipion?

          • 0 in reply to Chris GER

            When you configure you're XG in MTA mode it will scan your outgoing mail. It will then send it to the configured relay server.

             
            SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
            Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
            [If any of my posts are helpful to you please use the 'Verify Answer' link]