Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Mailtransfer doesn't work (legacy mode)

Hello,

I need support with configuring mail traffic (SMTP) from external via noSpamProxy (DMZ) to the internal Exchange (LAN) and back again.

I have largely followed the Sophos instructions "Protect internal mail server in legacy mode" ( ( https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/HowToArticles/EmailProtectInternalMailServerLegacyMode/index.html ) but the mail flow doesn't really work - sometimes mails arrive from external sources, sometimes not... (e.g. when I have recreated the firewall and NAT rules). The same goes for mails from internal to external sources - it works like a bag of fleas - completely uncontrolled.

The following configuration:

WAN: Public IP
DMZ: noSpamProxy (10.0.1.10)
LAN: Exchange (192.168.200.15)

My settings on the Sophos XGS (20.0.2 MR-2 Build 378) are as follows:

Firewallrules

Otherwise, the other properties of the firewall rules remain unaffected, in particular no DPI or “Scan SMTP(s)” is not activated.

NAT-Rules

The Queues at noSpamProxy report: “The email server 192.168.200.15:25” refused the connection (email server = internal Exchange server)
The properties of the corresponding Receive-Connector (on the Exchange server) are configured as follows
The properties of the Send-Connector:
 
Thanks for reading and for supporting!


Edited TAGs
[edited by: Erick Jan at 12:25 AM (GMT -7) on 30 Sep 2024]