This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Relay not permitted DROP in ACL

hi altogether, 

I have a problem which I am trying to solve all day long now. I have setup SMTP Protection and outbound it works perfectly - inbound no chance to make it running - I always receive this error message:

2021:06:16-16:45:18 core exim-in[5643]: 2021-06-16 16:45:18 SMTP connection from [178.x.x.x]:55240 (TCP/IP connection count = 1)

2021:06:16-16:45:18 core exim-in[30965]: 2021-06-16 16:45:18 H=mail.x.x [178.x.x.x]:55240 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<a.b@c.d rejected RCPT <administrator@d.f>: Relay not permitted
2021:06:16-16:45:18 core exim-in[30965]: 2021-06-16 16:45:18 SMTP connection from mail.x.x [178.x.x.x]:55240 closed by DROP in ACL
when I implement a NAT rule which sends the traffic directly to Exchange, everything works - so the error has to be on the Sophos UTM. I have tried multiple settings in the relay tab with no result. Right now I only have the internal ip of the Exchange with rdns on the official DNS at the Host Based Relay Tab under Allowed / Hosts Network. 
Does anyone has an idea what the reason for this could be?

Thank you very much in advance, 
best regards, 

Bernhard


This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community!
    What did you configure under Email Protection > SMTP > Domains? If you added *company.com, then remove the * and save the configuration and let us know if that helps.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community!
    What did you configure under Email Protection > SMTP > Domains? If you added *company.com, then remove the * and save the configuration and let us know if that helps.

    Thanks,

Children
  • Hi Harsh, 

    thanks for your response - I have read all threads I was able to find about this topic. And of course I don't use the * in my domains. That is the reason why I wrote here, I tried to find a solution all day with this forum, other sources (like Frankysweb from Germany). 

    And as you can see, inbound outbound traffic works (at least with NAT rule) but I just would like to get that inbound mails also checked. 

    My personal suspicion is the weird setup of ip addresses and nets with Hetzner provider. I have a public ip where my ESXI is reachable - over this ip there is another subnet routed - the one where my sophos lies and behind the sophos there is my Exchange. And I am pretty sure that might be the reason but all of my ideas didn't help with IP Adresses as allowed relay or whatsoever.

    Maybe somebody has a great idea to help me?

    TIA Bernhard