Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 841 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Listen Interface - SMTP custom interfaces timeouts

Aaron Becker

Trying out the "new" feature (maybe it's been in for a while, and I never noticed it?) on the UTM to only listen on 1 select interface for SMTP. As soon as I click "custom" and add the interface the MX records point to (via Public IP/DNS) - SMTP breaks. 

This still spits out in the log, but it doesn't appear to be listening, per external monitoring or testing. 

no queue runs, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    When you select the custom listening interface and add the interface IP address, only inbound emails breaks? 

    Did you notice any drops on the firewall? Is there anything configured under  Email Protection > SMTP > Relaying > Upstream host list? 

    Thanks,

  • 0 in reply to FormerMember

    Hi-

    This is a receive-only node, so I don't have the ability to check outbound flow. When I say that only inbound email breaks, that's all this firewall is currently operating. 

    I watched the firewall logs both WITH and WITHOUT the interface selected (vs all) and both times notice no corresponding traffic. I can check this again, but that's what I observed last night. It's strange it doesn't show on in any of the logs. [SEE EDIT BELOW]

    There are no upstream hosts/network indicated, "allow upstream relay hosts only" is not checked, authenticated relay is not in use, and host-based relay includes several internal Exchange Servers which deliver email to the Sophos. This configuration works when "all interfaces" are selected. 

    EDIT: I was mistaken and must've been a tad tired when I observed the logs. Selecting "custom interfaces" causes the dropped packets to appear in the firewall logs, from the external testing IP to the destination public IP and port 25 which was the test port.

    Thanks!

  • 0 in reply to Aaron Becker

    If this problem isn't resolved, Aaron, show us a few relevant lines from the Firewall log file (not the Live Log).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey guys -

    No logs available as I haven't had a chance to "break" things in the last couple days. I did test this on a soon to be decom'ed site today and the UTM is still running 9.704-2 vs the original problem firewall was on the newest 9.705-3, so I'd say this is likely a bug in the update since the configs are identical. 

    I'm still working on getting you the applicable logs, but I strongly suspect a bug in 9.705-3.

Unfiltered HTML