Mailtransfer doesn't work (legacy mode)

Question

Hello, 
 I need support with configuring mail traffic (SMTP) from external via noSpamProxy (DMZ) to the internal Exchange (LAN) and back again. I have largely followed the Sophos instructions "Protect internal mail server in legacy mode" ( ( https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/HowToArticles/EmailProtectInternalMailServerLegacyMode/index.html ) but the mail flow doesn't really work - sometimes mails arrive from external sources, sometimes not... (e.g. when I have recreated the firewall and NAT rules). The same goes for mails from internal to external sources - it works like a bag of fleas - completely uncontrolled. The following configuration: WAN: Public IP DMZ: noSpamProxy (10.0.1.10) LAN: Exchange (192.168.200.15) My settings on the Sophos XGS (20.0.2 MR-2 Build 378) are as follows:

Firewallrules 
 
 Otherwise, the other properties of the firewall rules remain unaffected, in particular no DPI or &ldquo;Scan SMTP(s)&rdquo; is not activated. 
 
 NAT-Rules

The Queues at noSpamProxy report: &ldquo;The email server 192.168.200.15:25&rdquo; refused the connection (email server = internal Exchange server)

The properties of the corresponding Receive-Connector (on the Exchange server) are configured as follows

The properties of the Send-Connector:

Thanks for reading and for supporting!

dirkkotte · Answer

Hello Martin,
I have never used the "legacy mode" before.
I don't have such problems in MTA mode.
What does the (mail) log on the XGS say?
I would switch off the mail scan to test it. If it's OK then, you should open a support case with Sophos.

MartinSKS · Answer

Hi Dirk, 
 Thanks for your Input! I&rsquo;ve managed to solve the problem, and it turns out that at least the "Reflexive NAT-Rule" wasn&rsquo;t necessary. Everything is running smoothly now. ;-) 
 Bye Martin

Mailtransfer doesn't work (legacy mode)

Top Replies