Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

______________________________________________________________________________________________________________________________________

Table Of Contents

• Overview:
• Prerequisites:
• What To Do
  • Gmail:
  • Microsoft Outlook:
  • Any other email domains:    

  

Overview:

This article describes the troubleshooting steps & possible solutions when the email notifications don't work:

• Unable to receive/send backup emails
• Unable to receive/send notification emails
• Unable to send/receive scheduled report email
• Test email successful but not able to receive test emails.

Prerequisites:

• Modes/Types of Email (Email -> General Settings): a. MTA mode and b. Legacy Mode
• Ensure that you've configured email notification settings as per the KBAs below: 
  How does the email notification system work: https://support.sophos.com/support/s/article/KB-000038672?language=en_US
• Notification settings: https://doc.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/EmailNotificationSettings/index.html#set-up-an-external-mail-server
• Configure email notifications using Gmail: https://support.sophos.com/support/s/article/KB-000036315?language=en_US

What To Do

Gmail:

Prerequisites:

For Gmail users, please ensure that the following settings are in place: (Skip Step 1 in the "What To Do" section)

• Mail server IPv4 address/FQDN: smtp.gmail.com
• Port: 587
• Authentication required: Selected.
• Username: Your complete Gmail account
• Password: Gmail password if 2FA is disabled/App password if 2FA is enabled (Step 6)

Troubleshooting Steps:

Step 1: Verify all the details, such as FQDN/IP for the email server and SMTP port.

Step 2: Verify the log viewer -> email for the delivery status of the emails

Step 3: Click "Test Mail" and observe the smtpd debug logs. 

Note: Keep the service in debug mode to check the logs by running the following command in Advanced Shell CLI: 

• For HA setup(mostly for A-A) ,when enabling it on both the devices - service smtpd:debug -ds sync
• For non-HA setup - service smtpd:debug -ds nosync 
  Note: Execute the same command to disable the debug. 
• Execute the following command to view the output - tail -f /log/smtpd_main.log
  

Successful Logs:

Authentication Error / Less secure App is off -> 2-Step Verification is off:

• Verify the credentials or login again into Gmail using the same credentials.
• Go to step 4

IP Blacklisted/Email bounced:

Verify that the public IP is not blacklisted through Mxtoolbox (https://mxtoolbox.com/) - A handy website that provides information related to MX records associated with the domain. Contact the ISP to whitelist the IP address. 

Step 4: If you have turned on Two-Factor Authentication for Gmail, you'll need an App Password to enter as a password in the Email Notification settings on Sophos Firewall.

If 2FA isn't active, then use your Gmail password.

However, if you still cannot receive the email notifications, try enabling Less Secure App on Gmail and test.

Note: 2-way step verification is a more secure option

Step 5: To turn on the less secure app access option, refer to the screenshot below:

Less Secure App:

Step 6: Refer to the screenshots below to turn on 2-step authentication. Generate the app password and enter it into the Sophos Firewall.

2-Step verification (Generate App password)

App Password:

Microsoft Outlook:

Prerequisites:

• Mail server IPv4 address/FQDN: outlook.office365.com
• Port: 587
• Authentication required: Selected
• Username: Your complete Microsoft account
• Password: Outlook password if 2-Step is turned off or App Password if 2-Step is turned on
• Connection security: STARTTLS

Troubleshooting Steps:

Step 1: Verify all the details, such as FQDN/IP for the email server and SMTP port.

Step 2: Verify the log viewer -> email for the delivery status of the emails.

Step 3: Click on the "Test Mail" and observe the smtpd debug logs

Successful Authentication:

Unsuccessful authentication:

Verify the credentials or login into Outlook using the same credentials.

Sending an email using another domain

Outlook does not allow sending emails using other email domains.

Any other email domains:

Troubleshooting Steps:

Step 1: Verify all the details, such as FQDN/IP for the email server and SMTP port.

Step 2: Verify the log viewer -> email for the delivery status of the emails.

Step 3: Run the following command - telnet <FQDN/IP> <Port>

• If it is successful, get the exact valid port number.
• Run the following command - telnet <email server FQDN/IP> <SMTP Port>

Verify whether the email server is responding on the provided SMTP port or not.

Step 4: Check the smtpd-debug logs and verify if there's an authentication failure or any message provided by the remote email server.

Note: Keep the service in debug mode to check the logs by running the following command in Advanced Shell CLI: 

• For HA setup(mostly for A-A), when enabling it on both the devices - service smtpd:debug -ds sync
• For non-HA setup - service smtpd:debug -ds nosync 
  Note: Execute the same command to disable the debug. 
• Execute the following command to view the output - tail -f /log/smtpd_main.log

 

______________________________________________________________________________________________________________________________________

Edited format, Added Table of Content, Updated doc guide link, Horizontal lines.
[edited by: Raphael Alganes at 2:09 PM (GMT -7) on 9 Oct 2023]