Relay not permitted DROP in ACL

Question

hi altogether, 
 I have a problem which I am trying to solve all day long now. I have setup SMTP Protection and outbound it works perfectly - inbound no chance to make it running - I always receive this error message: 
 2021:06:16-16:45:18 core exim-in[5643]: 2021-06-16 16:45:18 SMTP connection from [178.x.x.x]:55240 (TCP/IP connection count = 1) 
 2021:06:16-16:45:18 core exim-in[30965]: 2021-06-16 16:45:18 H=mail.x.x [178.x.x.x]:55240 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<a.b@c.d rejected RCPT <administrator@d.f>: Relay not permitted 
 2021:06:16-16:45:18 core exim-in[30965]: 2021-06-16 16:45:18 SMTP connection from mail.x.x [178.x.x.x]:55240 closed by DROP in ACL 
 
 when I implement a NAT rule which sends the traffic directly to Exchange, everything works - so the error has to be on the Sophos UTM. I have tried multiple settings in the relay tab with no result. Right now I only have the internal ip of the Exchange with rdns on the official DNS at the Host Based Relay Tab under Allowed / Hosts Network. 
 
 Does anyone has an idea what the reason for this could be? Thank you very much in advance, 
 best regards, 
 Bernhard

FormerMember · Answer

Hi Bernhard Held , 
 Thank you for reaching out to the Community! What did you configure under Email Protection > SMTP > Domains? If you added *company.com, then remove the * and save the configuration and let us know if that helps. 
 Thanks,

BAlfson · Answer

There are lines like the following in the log when I see valid "Relay not permitted" rejections: 2021:06:20-17:00:35 secure exim-in[5186]: 2021-06-20 17:00:35 SMTP connection from [77.247.110.69]:49589 (TCP/IP connection count = 1) 2021:06:20-17:00:38 s ecure exim-in[27153]: 2021-06-20 17:00:38 H=(admin-pc.domain) [77.247.110.69]:49589 F= rejected RCPT : Relay not permitted 2021:06:20-17:00:38 s ecure exim-in[27153]: 2021-06-20 17:00:38 SMTP connection from (admin-pc.domain) [77.247.110.69]:49589 closed by DROP in ACL From my archived notes: The following is my understanding based on experience. First, the SMTP Proxy starts threads to check SPF, RBLs and RDNS. Next the MAIL FROM command announces the sender. Next, the RCPT TO commands announce the recipients. The Proxy now examines the exceptions to see if the message qualifies for any Exceptions. If the sender is not blacklisted and a valid recipient is present and SPF, RBL and RDNS checks are passed or a fail is in an Exception, the DATA command allows the headers and content of the email to be received, otherwise, the message is rejected. Depending on your Exceptions, anti-spam and anti-virus settings, received mails are either delivered, quarantined or rejected. Since there are only three lines and no mention of SPF or RBL rejection in the log extract above, I assume that the connection failed RDNS, so the other thing to try would be to NOT select ' Do strict RDNS checks'. If you're still having an issue, I would get a case open with Sophos Support as someone needs to put eyes on logs that aren't obfuscated. Please let us know what they find. Cheers - Bob

Relay not permitted DROP in ACL

Top Replies