This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Something weird in outbound MTA setting document

Hi All,
I have always been skeptical about the setting of outbound MTA mode.
https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/HowToArticles/EmailSPXFinancialData/index.html#add-an-smtp-route-and-scan-policy

In the encrypt outbound setting,
the configuration manual instructs us to point the routing to the internal mail server.

But the outbound mails were received from internal mail server,
The configuration manual instructs us to route outbound mails back to internal mail server?
Wouldn't this cause an infinite loop?

I think the routing method should be modified as MX record for outbound domain.



This thread was automatically locked due to age.
Parents Reply Children
  • I don't think so.
    In the outbound email encrypt settings we help customers build, we need to enable "smtp route & scan", and then check the encryption method we want to use.
    In this case, "route by MX" must be selected.


    Then the encrypted mail can be sent to other domain mail server in the world.

  • And my real question as below.
    The inbound setting need to set the "route by" to internal mail server host;
    and the outbound encrypt setting need to set the "route by" to MX to route mail to intenet mail server.

    But one domain one policy in "smtp route & scan" setting.
    Can inbound and outbound be used for the same domain at the same time?

  • Or I can ask you, does the protected domain in "smtp route & scan" policy refer to the source or the destination domain in the mail flow?

    I think the protected domain in "smtp route & scan" setting should be refered to the destination domain.
    In this way, when the policy detects that the destination domain of the incoming mail matches, it can be routed to the internal mail server by the "route by" setting.

    But when setting with outbound mail encryption, all we can to do is create a "smtp route & scan" policy and enable email encrypt in this policy.
    Then put the protected domain refer to the source domain for encryption.
    But in this way, the definition of the protected domain conflicts with the Inbound just now!