Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 8476 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STMP Proxy: Transparent Mode vs. Standard Mode?

DouglasFoster

What are the functional differences between Standard Mode SMTP and Transparent Mode SMTP?   

The documentation and a previous forum post suggest that there are none, but our community expert Bob Alfson has recommended against transparent mode in some of his responses.

How is Transparent logging content similar or different from Standard Mode?  

I am currently deployed using Standard Mode and it is working well, but because it adds a visible hop.  Because of that, devices behind UTM cannot perform filtering based on sender IP, sender Reverse DNS, SPF, or DMARC.

If the only impact of Standard Mode is to limit flexibility for back-end filtering, then maybe Transparent Mode should be the preferred configuration for everybody.



This thread was automatically locked due to age.
Parents
  • 0

    Standart Mode it is when you have to regulate anything with Firewall and DNAT rules (compromising your outgoing mail, in wich 99% is the main reason getting your IP blacklisted if you do some mistake with rules)
    Transparent Mode = Port SMTP (25) is property of Mail Protection (in any interface).  No need for Firewall or DNAT rule (you can create 100 Firewall/DNAT rules for port 25, but no one will work) And if you want to manipulate some rules about port 25 for particular host, you have to exclude that host from transparent first

    Only Country Blocking it is more powerful than Transparent Mode

  • 0 in reply to Ol Deda

    There are two issues here:

    • Blocking unauthorized traffic.   This includes outbound SMTP traffic from unexpected sources, as this probably indicates a malware infection.   It also includes incoming connections to non-MX addresses, a concern that occurs because of UTM's unique approach of opening the SMTP proxy on every UTM address.
    • Processing normal mail traffic.

    I have UTM behind another firewall, so blocking unauthorized traffic is handled another way.  But even in a UTM-only environment, I don't see how Transparent Mode eliminates the need to configure specific settings to ensure that unauthorized traffic is blocked.

    My real interest is the normal mail traffic.   Do Transparent Mode and Standard Mode have functional differences, reliability differences, or logging differences that justify having two different ways of solving the same problem?   What is the appropriate basis for choosing between the two?

  • 0 in reply to DouglasFoster

    For sure they have differences.

    If you are familiar with Webfiler Standart/Transparent  

  • 0 in reply to DouglasFoster

    In fact, no explicit block rules are needed unless there's some firewall rule like 'Internal (Network) -> Any -> Internet IPv4 : Allow'.  Otherwise, the traffic is dropped by default.

    If I'm wrong about Transparent mode overriding the 'Host-based Relay' list, then it would seem that the only use of it is to not be required to set the UTM as a smart host in the mail server.  In which case, my suggestion to use Transparent as a debugging tool only would also be justified.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to DouglasFoster

    In fact, no explicit block rules are needed unless there's some firewall rule like 'Internal (Network) -> Any -> Internet IPv4 : Allow'.  Otherwise, the traffic is dropped by default.

    If I'm wrong about Transparent mode overriding the 'Host-based Relay' list, then it would seem that the only use of it is to not be required to set the UTM as a smart host in the mail server.  In which case, my suggestion to use Transparent as a debugging tool only would also be justified.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML