SMTP Authentication (Sophos as smtp relay to internal Exchange server)

Question

Hi, 
 
 we have Sophos as SMTP relay to our internal Exchange server. SMTP authentication is not yet enabled on the Exchange. 
 So the Sophos will relay the emails to the Exchange. 
 Right now is possible to send emails using SMTP port (25) from one or our domain's user accounts to any another of our domain's user accounts without authentication. Which is, of course to me, a very big security vulnerability. (I tested it with telnet from outside of our networks... like if I were an attacker). 
 
 So the questions are: 
 
 1) Right now (when SMTP authentication is not enabled in the Exchange server), is there a way to stop that behavior? 
 
 2) Once we enable SMTP authentication in the Exchange server, the sophos will still be whitelisted as the Exchange server needs to "rely" on the Sophos. How can we stop that behavior then?

BAlfson · Answer

Basic Exchange setup with SMTP Proxy . 
 Cheers - Bob

Alexander Busch · Answer

Hi The Bee, 
 just create a receive connector for the UTM which receives SMTP without authentication on your exchange server. 
 Configure the other receive connector(s) following your needs with authentication. 
 And finaly take a look into the concept of receive connectors within exchange. Example 
 I think that should give you the right direction. 
 Best 
 Alex

mod2402 · Answer

Hi The Bee, 
 you should create a public SPF record for your domain and enable Perform SPF check in Antispam settings at your UTM. 
 Regards 
 mod