Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 4 subscribers
  • Views 12137 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email Protection - SMTP Log without entries when transparent mode disabled

KereJehremathi

Hi there,

 

Having inherited a Sophos Firewall and being fairly new to these appliances, I have an issue I struggle to get my head around.

 

On the device we're using Email protection to check the emails, currently (unfortunately) transparent mode is currently active.

A DNAT for the incoming SMTP traffic is enabled.

When I disable the transparent mode, emails are still flowing but I can't see anything in the SMTP log.

From what I read in BAlfson's setup guide, the DNAT entry takes priority so as a test I turned it off which led to emails not being transmitted at all.

 

What settings am I missing to get the emails flowing and visible in the SMTP log and the transparent mode turned off?

 

Thanks for any input in advance & kind regards

Kere



This thread was automatically locked due to age.
Parents
  • 0

    Hey KereJehremathi.

    So, what are you trying to achieve? I take it you want to put UTM in front of messages that are coming and going to an on-premisse mail server, is that it?

    Transparent mode intercepts everything that traverses UTM on port 25 and re-route it to the proxy. It's a easy way to get things going, but I don't recommend it, so just keep it disabled. So I'm guessing you have a mail server behind UTM and that with Transparent Mode on every message that goes through your server is captured and filtered by the UTM on it's way out. For incoming messages you DNAT rule is delivering them directly to your mail server and not being processed by the UTM. Am I in the right path here?

    So what you wanna do is:

    1) Put your domain in Email Protection > SMTP > Routing > Domain, so UTM can accept messages destined to your domain.

    2) Put your on-premisse mail server object in Email Protection > SMTP > Routing > Host List, so messages accepted by the UTM for your domain are delivered to you mail server after filtering. 

    3) Put your Mail Server object in Email Protection > SMTP > Relaying > Allowed Hosts/Networks so UTM will accept messages from you mail server and relay them outside. 

    4) Configure your mail server to use Sophos UTM as a smart host.

    5) Disable your DNAT rule.

    As long as your MX record points to the UTM's WAN address, which I believe it already does since you have a DNAT rule to your mail server, messages would arrive at the UTM, be accepted, filtered for spam and malware and delivered to your mail server. Outgoing messages would be delivered from you mail server to UTM, be filtered for spam and malware and delivered to the outside world. Is this what you need?

    Regards.

    Giovani

Reply
  • 0

    Hey KereJehremathi.

    So, what are you trying to achieve? I take it you want to put UTM in front of messages that are coming and going to an on-premisse mail server, is that it?

    Transparent mode intercepts everything that traverses UTM on port 25 and re-route it to the proxy. It's a easy way to get things going, but I don't recommend it, so just keep it disabled. So I'm guessing you have a mail server behind UTM and that with Transparent Mode on every message that goes through your server is captured and filtered by the UTM on it's way out. For incoming messages you DNAT rule is delivering them directly to your mail server and not being processed by the UTM. Am I in the right path here?

    So what you wanna do is:

    1) Put your domain in Email Protection > SMTP > Routing > Domain, so UTM can accept messages destined to your domain.

    2) Put your on-premisse mail server object in Email Protection > SMTP > Routing > Host List, so messages accepted by the UTM for your domain are delivered to you mail server after filtering. 

    3) Put your Mail Server object in Email Protection > SMTP > Relaying > Allowed Hosts/Networks so UTM will accept messages from you mail server and relay them outside. 

    4) Configure your mail server to use Sophos UTM as a smart host.

    5) Disable your DNAT rule.

    As long as your MX record points to the UTM's WAN address, which I believe it already does since you have a DNAT rule to your mail server, messages would arrive at the UTM, be accepted, filtered for spam and malware and delivered to your mail server. Outgoing messages would be delivered from you mail server to UTM, be filtered for spam and malware and delivered to the outside world. Is this what you need?

    Regards.

    Giovani

Children
  • 0 in reply to giomoda

    Hi Giovani,

     

    I changed the settings on the firewall and added the UTM as a smart host on the Exchange Server (which I completely forgot in my first test).

    Incoming emails are fine, outgoing emails, however, don't receive their intended recipients.

    Am I missing something within the UTM configuration?

     

    Kind regards

     

    Kere

Unfiltered HTML