This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosXG v19 ((home) - redirect Mail requests to an external (open source) secure mail gateway

Hello Community,

if upgrade to SophosXG v19 (Home Edition) and it takes a view minutes, but is was well done.
now i would like to scan/monitor the form/to sender and the definition of "white/gray/black" listet mails that are coming trough SophosXG
I've no internal Mailserver and no Sophos Central in place. An SSL Certifikate from my external FQDN can be served for this solution,

My challange
How to configure SophosXG to redirect all out-/ingoing requests trough the mail ports in the 1st steop to my SMG in the extranet to filter the mail traffic ? My Client connection is always established from the LAN to the WAN when the client is running. There is no DNAT in place.

Does anyone here have an idea how/if to configure this in the SophosXG


Thanks to all in advance.



This thread was automatically locked due to age.
Parents
  • If you have XG configured in MTA mode try Email > General settings > Smarthost settings

    This will send outgoing mail to an external relay server.

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • He was asking for incoming mail, too.

    You have to define an "SMTP-Policy" und "Email/Policies&Exceptions" where you set up a "Domain and routing target" with a static route to your (external) mailserver.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • thanks for your response. you are right, the "pre-scan" of mails and links / attatchments should be also given in the inbound traffic. any idea from your site, perhapse a product, that can be used outsite the LAN/DMZ intrastructure that scan the registered mailboxes of an public provider and move junk mails directly to the junk forder in an recommended cycle ? 

    thanks and regards
    Chris 

  • I don't get you, or it is a complete misunderstanding of the concept of "Email protection in MTA-mode".

    The Sophos XG Email protection IS scanning both incoming and outgoing mails, if configured properly.

    That is for incoming mail: set your MX to your public IP of the Sophos XG firewall's external interface ("WAN").

    For outgoing mail, your mails are scanned by the "Email protection" module as well, no need for another server.

    Have a look here: https://www.sophos.com/de-de/medialibrary/PDFs/documentation/SophosFirewall/Pocket-Guides/ProtectCloudhostedEmailServerMTAMode.ashx

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data