This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Relay not permitted DROP in ACL

hi altogether, 

I have a problem which I am trying to solve all day long now. I have setup SMTP Protection and outbound it works perfectly - inbound no chance to make it running - I always receive this error message:

2021:06:16-16:45:18 core exim-in[5643]: 2021-06-16 16:45:18 SMTP connection from [178.x.x.x]:55240 (TCP/IP connection count = 1)

2021:06:16-16:45:18 core exim-in[30965]: 2021-06-16 16:45:18 H=mail.x.x [178.x.x.x]:55240 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<a.b@c.d rejected RCPT <administrator@d.f>: Relay not permitted
2021:06:16-16:45:18 core exim-in[30965]: 2021-06-16 16:45:18 SMTP connection from mail.x.x [178.x.x.x]:55240 closed by DROP in ACL
when I implement a NAT rule which sends the traffic directly to Exchange, everything works - so the error has to be on the Sophos UTM. I have tried multiple settings in the relay tab with no result. Right now I only have the internal ip of the Exchange with rdns on the official DNS at the Host Based Relay Tab under Allowed / Hosts Network. 
Does anyone has an idea what the reason for this could be?

Thank you very much in advance, 
best regards, 

Bernhard


This thread was automatically locked due to age.
Parents
  • Hallo Bernhard,

    At the bottom of the 'Antispam' tab, unselect 'Perform SPF check' and try again.  If this now works, my guess is that you have a DNS configuration problem.  If so, show us a picture of the 'DNS Forwarders' section.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • hi Bob, thanks for this advice - I just disabled the SPF check, unfortunately this did not solve the problem. Do you have any other ideas? :-(

    THanks in advance, best regards, Bernhard

  • There are lines like the following in the log when I see valid "Relay not permitted" rejections:

    2021:06:20-17:00:35 secure exim-in[5186]: 2021-06-20 17:00:35 SMTP connection from [77.247.110.69]:49589 (TCP/IP connection count = 1)
    2021:06:20-17:00:38 secure exim-in[27153]: 2021-06-20 17:00:38 H=(admin-pc.domain) [77.247.110.69]:49589 F=<test@amazonaws.com> rejected RCPT <test@gmail.com>: Relay not permitted
    2021:06:20-17:00:38 secure exim-in[27153]: 2021-06-20 17:00:38 SMTP connection from (admin-pc.domain) [77.247.110.69]:49589 closed by DROP in ACL

    From my archived notes: The following is my understanding based on experience.  First, the SMTP Proxy starts threads to check SPF, RBLs and RDNS.  Next the MAIL FROM command announces the sender.  Next, the RCPT TO commands announce the recipients.  The Proxy now examines the exceptions to see if the message qualifies for any Exceptions.  If the sender is not blacklisted and a valid recipient is present and SPF, RBL and RDNS checks are passed or a fail is in an Exception, the DATA command allows the headers and content of the email to be received, otherwise, the message is rejected.  Depending on your Exceptions, anti-spam and anti-virus settings, received mails are either delivered, quarantined or rejected.

    Since there are only three lines and no mention of SPF or RBL rejection in the log extract above, I assume that the connection failed RDNS, so the other thing to try would be to NOT select 'Do strict RDNS checks'.

    If you're still having an issue, I would get a case open with Sophos Support as someone needs to put eyes on logs that aren't obfuscated.  Please let us know what they find.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bernhard PM'd me that he's a home user, so cannot open a ticket with Sophos.  He sent me the unobfuscated lines from his first post.  My best guess now is that the domain in the recipient address, administrator@d.f, is not a domain that the SMTP Proxy is configured to handle.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Bernhard PM'd me that he's a home user, so cannot open a ticket with Sophos.  He sent me the unobfuscated lines from his first post.  My best guess now is that the domain in the recipient address, administrator@d.f, is not a domain that the SMTP Proxy is configured to handle.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob, 

    again thanks for your replay - I have just checked this and obviously both domains (the ones you know) are in the domain list - without asterisk at the beginning. 

    If that would be the reason my logic would be wrong because when I put another email server ip address in the allowed hosts tab then the reception of emails from this mail server works as I wrote you in the pm today. 

    Does anybody have another idea to solve that problem?

    Thanks in advance to all, best regards

    Bernhard