We have signed up for a trial of the Sophos hosted Email Gateway. We currently have an SG 135 (v9.703-3) with a 2016 Exchange server behind it. I'm testing with one of the domains we don't use (domainA.com). Right now, it looks like the UTM is capturing all of the outbound traffic and rerouting it based on the domain names MX record rather than letting it through to the Smart Host. I have 2 Send Connectors setup in Exchange - one for Exchangeto route all internet mail using MX records and one that routes all mail destined to domainB.com to the Sophos smart host for testing. According to the Exchange Transport logs, Exchange looks like it wants to route to the Smart Host correctly. But, I see the message in the SMTP proxy log on the SG get routed directly to the domainB.com mail server and not be sent to the Sophos Central Email Gateway. When I look at the logs on the Email Gateway there appears to be no activity.
The only thing I can think of doing is somehow bypassing the SMTP proxy for traffic destined to the Smart host. Does that sound like the way to go?
Thank you for contacting the Sophos Community!
Are you using Transparent Mode? If you are using try disabling this.Under Email Protection >> SMTP >> Advanced >> Transparent Mode…
Are you using Transparent Mode? If you are using try disabling this.Under Email Protection >> SMTP >> Advanced >> Transparent Mode
But yes you should bypass the SMTP traffic for the Smart Host.
Thanks for your response. Yes, it is checked for Port 25. What will happen to our mail traffic if I turn this off? If I set up a NAT rule, will that come before the proxy?
You would need a Firewall rule to allow the traffic.
So, if I make sure there is a rule that allows the Exchange server to send mail out the firewall, then turn off the transparent mode, there should be no mail flow interruption? Will I still be able to see email in the Mail manager log?
Thank you for the follow-up!
For Domain A nothing should happen, this will still show in the SMTP logFor Domain B, you would need a Firewall rule to allow the traffic outbound, and this shouldn't show in the SMTP/Mail ManagerYou shouldn't have interruption of email flow, but I would recommend you to test during low email pick hours.
Just remember to have the Send Connector to point directly to Sophos Central for Domain B.
Thanks, Emmanuel. I'll test it over the weekend and let you know what happens