Sophos UTM Home - Apple iCloud IMAP

To be honest I don't know if creating a host group would really help because a user accessing smtp.mail.me.com would be doing DNS lookup for the IP of it and it should be resolvable by any DNS forwarder. I think and I might be wrong here, is that if the UTM is used as a recursive DNS resolver, it would keep the IP address of smtp.mail.me.com updated at all times if the IP address changes.

I also don't think creating a firewall rule to allow outgoing SMTP service would help since the UTM allow all outgoing connections in the very last rule unless there is a rule above that would BLOCK it.

If the last firewall rule is Source: Internal Network--->Service: ANY---->Destination: ANY, it should just allow the traffic.

And I think that adding the SMTP service (port) to the allowed target services would be necessary only if the UTM web filtering proxy was in standard proxy mode and not transparent, but the UTM manual says otherwise. 

• DNS group: Similar to DNS host, but can cope with multiple RRs (Resource Records) in DNS for a single hostname. It is useful for defining firewall rules and exceptions in transparent proxies. 

Someone here might know more about it, but it definitely seems that the problem is that some of the IP addresses of the iCloud mail servers are not responding to pings so it's hard to tell if they are available.

Here's what's going on, you can see for yourself.

I performed an nslookup for smtp.mail.me.com, and the first IP address it resoved to responded to a ping, then a few seconds later it tried to ping a different IP address and was not reponding.

The is definitely not a problem with any of the firewall settings on the UTM.

That definitely makes a lot of sense, I did not try that since the beginning but it makes a lot of sense!, thanks for sharing!