Why Sophos UTM not sending emails out

I would assume that your ISP told you wrong.

1. Test DNS.   Can you do an MX Lookup on example.com using UTM as your recursive dns server?   Can you do a lookup on those mail server names and obtain an IP address.
2. Test with PING and TRACERT to see if you can get through the network to those devices.   No guarantee that they respond to ping, but I expect most of them will.
3. Test SMTP Connectivity.   Use the Microsoft Telnet client and try to "telnet mail.example.com 25".   If you do not get any response, you are getting blocked.   If you use Wireshark to monitor your test traffic, you may even see a reply packet that says "administratively blocked"

Of course, once you get connectivity solved, you have to get past the spam filters at the receiving end.   Have you updated your MX record in DNS?  Have you checked your domain and IP reputation using MXToolbox.com ?

Hey Douglas. Thanks for your response.

For 1, 2, 3 I've no issues. Already tested but have not tried wireshark yet.

For my external DNS has been updated. My mx record points to mail.mydomain.com.

If my ISP blocking port 25 I wouldn't be able to email out anything but some emails go through.

Any ideas what else could it be?

If th UTM is accepting the mail and spooling it, that suggests an issue with the outgoing. If some of it is going and some isn't, that elimates connectivity to the internet.

Are your SPF records ok?

SPF is correct including new IP and syntax is correct.

I've flush DNS from UTM.

Checked that I'm not blacklisted.

Nothing has changed other than updated my UTM which I don't think it's the issue and internet connection reset. Ran out of ideas :(

So, from the start:

1. Your internal mail server sends to the UTM

2. Some of that mail gets spooled on the UTM as the UTM is unable to send on the new external IP address?

That's correct. My UTM accepts email from my mail server no issues. I can send to gmail and my work domain as an example where I can't send to hotmail or office365 and other domains. Really strange one.

Just the same, "Connection timeout" means that the reply packet is not coming in.  You either have a routing problem or a packet drop problem.   Both are related to the mistakes made by your ISP.

Did you update your default gateway in UTM when you changed IP?   If you have an internal router that transmits through UTM transparently, it's default gateway needs to be updated as well.

I'm getting an IP dynamically from my ISP as well as GW.

My UTM is facing the internet behind a bridged modem.

If you think it's a routing or ISP issue why don't emails go out when I use a public or my ISP smtp?

I've just tried something. Used my mail server to send directly without relying to UTM and email sent out fine. What do you think should I check in UTM?

I've not changed anything in the UTM for awhile no idea why it would break and even if something would break I would assume incoming not outgoing.

You mnetioned you could send to gmail, but not hotmail, 365 etc

When you did your test (without the UTM) did mail get to hotmail, 365 as opposed to when it's going via the UTM, it can't get to them?

When you IP changed did you delete and recreate the WAN interface or just edit it?

Yes email goes out directly from my mailenable mail server if using UTM it doesn't

Yes email goes out directly from my mailenable mail server if using UTM it doesn't