Sophos Firewall blocking outgoing IPv6 SMTP traffic

Question

Hello, 
 
 I'm trying to configure SMTP on Sophos Firewall ( SFOS 20.0.0 GA-Build222) : everything is running smoothly in IPv4, but Firewall is blocking outgoing IPv6 SMTP traffic : 
 
 I tried to define all kinds of (IPv6) rules to allow this traffic without success : with or without 'Scan SMTP' enabled, from any zone to any zone, with or without linked NAT:

Is it possible to have an internal SMTP server in IPv4 relaying email to Sophos Firewall in IPv4 and Sophos Firewall sending emails to Internet over IPv6? 
 
 Thanks, 
 Nicolas

Nicolas Michaux · Accepted Answer

Hi, 
 Today, I finally found the reason of all this mess. 
 If you read carefully the log of the smtp daemon, you can see when it receives an email that it tries to match a firewall rule : 
 S='xxxxxxxx@example.com' R='xxxxx.yyyyyygmail.com' Subject='Test Gmail' Size='1816' Status='Mail has been queued for delivery.' src_ip='xxx.xxx.xxx.xxx' src_port=46148 user_id=0 user_grp_id=0 fw_id=0 src_zone_id=10 
 If it match a rule (fw_id != 0), you'll be stuck in this rule and the firewall will not be able to send a IPv6 email. 
 However, it it doesn't match a rule (fw_id=0), some magic happens and it will be able to deliver both IPv4 and IPv6 emails on Internet! 
 I just had to delete my rule allowing SMTP from my email server AND add an exception to my dropping and logging rule to prevent SMTP to be intercepted. 
 I hope it could help someone to understand this strange behavior. 
 Regards, 
 Nicolas

Sophos Firewall blocking outgoing IPv6 SMTP traffic

Top Replies