This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can I Bypass The Outbound SMTP Proxy For A Given Destination?

Hi All,

We have signed up for a trial of the Sophos hosted Email Gateway. We currently have an SG 135 (v9.703-3) with a 2016 Exchange server behind it. I'm testing with one of the domains we don't use (domainA.com). Right now, it looks like the UTM is capturing all of the outbound traffic and rerouting it based on the domain names MX record rather than letting it through to the Smart Host. I have 2 Send Connectors setup in Exchange - one for Exchangeto route all internet mail using MX records and one that routes all mail destined to domainB.com to the Sophos smart host for testing. According to the Exchange Transport logs, Exchange looks like it wants to route to the Smart Host correctly. But, I see the message in the SMTP proxy log on the SG get routed directly to the domainB.com mail server and not be sent to the Sophos Central Email Gateway. When I look at the logs on the Email Gateway there appears to be no activity.

The only thing I can think of doing is somehow bypassing the SMTP proxy for traffic destined to the Smart host. Does that sound like the way to go?

Thanks!

This thread was automatically locked due to age.

Top Replies

emmosophos over 4 years ago +2 verified

Hello Dave, Thank you for contacting the Sophos Community! Are you using Transparent Mode? If you are using try disabling this. Under Email Protection >> SMTP >> Advanced >> Transparent Mode But…

Parents

+1 emmosophos over 4 years ago

Hello Dave,

Thank you for contacting the Sophos Community!

Are you using Transparent Mode? If you are using try disabling this.
Under Email Protection >> SMTP >> Advanced >> Transparent Mode

But yes you should bypass the SMTP traffic for the Smart Host.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +2 Vote Down

Cancel
0 DaveGilmore over 4 years ago in reply to emmosophos

Hi Emmanuel,

Thanks for your response. Yes, it is checked for Port 25. What will happen to our mail traffic if I turn this off? If I set up a NAT rule, will that come before the proxy?

Thanks!
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 4 years ago in reply to DaveGilmore

Hello Dave,

You would need a Firewall rule to allow the traffic.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 DaveGilmore over 4 years ago in reply to emmosophos

So, if I make sure there is a rule that allows the Exchange server to send mail out the firewall, then turn off the transparent mode, there should be no mail flow interruption? Will I still be able to see email in the Mail manager log?

Thanks!
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 4 years ago in reply to DaveGilmore

Hello Dave,

Thank you for the follow-up!

For Domain A nothing should happen, this will still show in the SMTP log
For Domain B, you would need a Firewall rule to allow the traffic outbound, and this shouldn't show in the SMTP/Mail Manager

You shouldn't have interruption of email flow, but I would recommend you to test during low email pick hours.

Just remember to have the Send Connector to point directly to Sophos Central for Domain B.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 emmosophos over 4 years ago in reply to DaveGilmore

Hello Dave,

Thank you for the follow-up!

For Domain A nothing should happen, this will still show in the SMTP log
For Domain B, you would need a Firewall rule to allow the traffic outbound, and this shouldn't show in the SMTP/Mail Manager

You shouldn't have interruption of email flow, but I would recommend you to test during low email pick hours.

Just remember to have the Send Connector to point directly to Sophos Central for Domain B.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 DaveGilmore over 4 years ago in reply to emmosophos

Thanks, Emmanuel. I'll test it over the weekend and let you know what happens
Cancel
Vote Up 0 Vote Down

Cancel