Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Mail being rejected after evaluated as sender being blacklisted

    Since yesterday (10-21-2021) i've noticed that a lot of emails, that used to pass, are being rejcted based on the evaluation that the senders ip has been blacklisted. Has anyone else have the same experience? SFOS 18.5.1 MR-1-Build326 Device acts as…
  • Firewall and NAT Policies for Internal Mail Server

    Hi, In our network infra we have 2 ISP configured on 2 interfaces of XG-210. Our Web Server and Mail Server is hosted in LAN Zone and the mail server is natted with WAN 2 IP address. The websites works fine but we are unable to sned or receive any…
  • Options for replacing an XG SFOS 18.5.1 with something that can send email reliably?

    I'm reaching the end of my ability to deal with my XG firewall. Came from a working UTM that expired. The XG just cannot/will not reliably relay email from internal servers to the internet. Messages keep hanging and Sophos tech support keeps deleting…
  • Sophos XG Email Protections - high amount of false positive Blacklist

    we are currently seeing high amounts of false positive blacklist hits, although none of the IPs is actually blacklisted. SFOS 18.0.4 MR-4 here are a few examples, of IPs which not blacklisted but got rejected. 194.56.219.38 194.56.219.33 …
  • Sophos XG und Spamhaus DROP List

    Hallo zusammen, wir haben bei der Präsentation einer OPNsense Firewall gesehen, das hier dynamische IP Blockierlisten von bekannten Schadservern eingebunden werden können und so der Zugriff auf diese IPs verboten ist. Kann die Spamhaus DROP Liste (…
  • SOPHOS XG is sending Junk/Spam email out

    i have XG125 (SFOS 18.5.1 MR-1-Build326), it is configured in MTA mode. email server is placed in LAN. from last four days i am continously seeing in sophos in logs that someone who is not from my domain is as sender and recepient is also random, in mail…
  • XG Email Block TLD

    Is there a way to block a TLD in email protection? For example I used "*@*.ru" in our UTM under Blacklisted Address Patterns, but do not see where to do this in XG. Thanks.
  • Allow email relay for internal and remote servers

    Hi, I need to allow some internal and remote servers which are connected through IPsec to be able to send emails through the XG firewall configured as MTA. I entered the servers' IP addresses under e-mail relay but it is not working and showing a message…
  • My XG ignore all email Exceptions

    Hello! I added an exeption to my email protection module on XG V18, to allow certain domains insteed they are not SPF safe. But it seems thats the XG ignore the Excetion and the domain remains blocked. How can I proceed. Crdl
  • Email > Mail Logs won't load

    Hi! I recently set up our Sophos XG Firewall, and everything is working beautifully! However, today we've run into an issue with the "Mail Logs" within Protect > Email. Previously we used to be able to go into that tab, and it'd tell us every email…
  • Remove SMTP Headers in MTA Mode

    In UTM, I was able to remove certain SMTP headers from outbound emails, but I can't find the same setting in XG. Can anybody point me in the right direction? Many thanks
  • Greylisting problems

    Hey, what is bothering me a lot is that Greylisting is not working. That feature does help with Spam but it is not helpful when the mails arrive sometimes half-a-day or even 4 days later. Also when any mail goes through exactly that constellation of…
  • how to stop SMTP Open Relay

    Hi Team, I need help to stop the SMTP open Relay on Sophos XG Firewal.. I have installed zimbra mail server and nated public ip through Sophos XG firewall and it is working but now some one using my smtp server to send emails as smtp open relay is…
  • MTA mode Configuration in XG135

    As we followed Sophos document to config MTA mode, - Same domain transfer is ok. - Email send from LAN to WAN is ok - can't receive any inbound email from other domain (sender received email: 550 Relay access denied) Our Email server is under…
  • Difference between "Check for RBL" and "Verify Sender’s IP Reputation"?

    What's the exact difference between them both (in MTA mode)? Email > Policies > $policy > Spam Protection > Check for RBL Email > General Settings > SMTP Settings > Verify Sender’s IP Reputation From my understandig, both check the IP…
  • XG outbound email on WAN Alias

    Hi, I am trying to configure email protection in XG v17-MR2 for a customer or ours in MTA mode. Everything works fine except for one thing. We want to send email from a particular WAN Alias IP but it seems that currently it is send email on the default…
  • After enabling Email protection in MTA. I am unable to send emails if connected to ouside internet network

    Hi, I recently configured email protection in MTA mode for my exchange server. I am using XG v17 MR-2 with the smart host option enabled as my ISP requires it. I have 2 local subnets, one for laptops/ PC’s (172.16.1.0/24) connected to port1 and the…
  • [Fresh from the Press: Latest KB's] Sophos XG Firewall v17: How to whitelist or blacklist email senders

    MTA mode in v17 now has this feature available. This KB article will show you where to find the configuration settings. Cheers, Karlos
  • TLS Certificate in MTA Mode

    Hi all, Does anyone have a decent walk-through explaining how to get a server cert onto an XG? I'm in MTA mode but using the appliance CA. I have a GoDaddy cert for my 2016 exchange server and I'm assuming that can be imported somehow, maybe. I see…
  • v17 in MTA mode disables use of TLS 1.0 which may cause email delivery failure

    Due to new behavior, v17 clients in MTA mode may have trouble receiving and sending emails to servers that don't support a higher TLS protocol than TLS 1.0. If this affects you, follow our KB Article: Advisory: Sophos XG Firewall email fails to send…
  • XG 105w Firewall: General Setup: Problem using MTA Mode for sending/receiving/scanning emails.

    Dear all, I am working with a XG 105w (SFOS 16.05.7 MR-7) and want to use the MTA Mode to check emails that are sent/received by a computer and WLAN devices (e.g. an Android phone). All in all unfortunately this email Server topic is a bit new to me…
  • XG MTA 550 No Such User or 550 Relay Not Permitted

    All, I'm having an issue. XG Firewall 16.05.6 MR-6 in MTA mode. Exchange 2016 using the XG as a smarthost. I'm having users report that if they send an email to multiple recipients (known correct and valid email addresses) that they often bounce with…
  • Sophos XG filters community notification e-mail

    I am using Sophos XG Home since a while but I am nex in this comunity forum. I was wondering what I did wrong in the setting not receiving notification E-mails. Today I found the reason in the log files of Sophos XG (SFOS 16.05.7 MR-7). Sophos E-Mail…
  • XG MTA Mode - Mail log. Dropping some, passing others

    #1 I'm having this issue where an email is sent from an external sender to two recipients in our organization and it make it through every time. If that same sender sends the same email to only one recipient, the message is dropped. #2 Also having an…
  • Exceptions for 'Reject invalid HELO or missing RDNS'?

    Hello, We just switched from the UTM 9 to the XG firewall, and so far I don't really understand why the email protection isn't doing what I expect it to... We are set up in MTA mode, and I have created email policies to allow 1 specific address to skip…