Hi
I have a mail test environment here where a Sophos XG is configured as MTA (Mail Transfer Agent). In the relay settings, two internal mail servers are configured as "Allow" and "Block" is defined as any. Since the Sophos should be able to receive mails from outside, "Any" is allowed as the upstream host. "Authenticated Relay" is not activated.
This configuration seems to work in principle, but anyone on the WAN side can configure Sophos as a mail server, and then transfer emails to the internal mail servers on behalf of the domains defined in "Domains and routing target / Protected Domains" without authentication. The only condition is that the sender and recipient domains are entered in "Domains and routing target / Protected Domains".
Even activating the "Authenticated Relay" does not change this behaviour.
Is there anything I can do to prevent this?
Hi Erick
As i wrote, as host based relay are just two internal mailservers configured.
Upstream host is "Allow Any", because if i block any, i have to enter every Mailserver that will send us an email. This is practically impossible to implement.
Greetings, rexer
Quote