Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 7065 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPX Encryption not working for "local" addresses?

lprikockis

ok brilliant Sophos forum people... maybe someone can help me faster than Sophos Support (they're working on it) ...

I have a weird situation-- We have a hosted postfix/cyrus-based mail system hosted at AWS and utilizing UTM 9.3 for spam/AV filtering.   All incoming and outgoing traffic passes through the UTM (outgoing needs to in part to utilize DLP functionality as well).

If I send an email with the header set to request SPX encryption (as per https://community.sophos.com/kb/en-US/120629) to an email address outside of my domain, it works perfectly.   If however I send an email to someone in the same domain (i.e., from me@company.com to someoneelse@company.com) and set the same header, the email arrives unencrypted.   I can see from watching the logs on the UTM that it does indeed get examined by the UTM, but for some reason, the SPX encryption process is just entirely skipped.

This isn't as big a problem as it would be say if external emails weren't getting encrypted when they were supposed to, but at the very least it's confusing and inconsistent behavior...

has anyone else run into this?

thanks



This thread was automatically locked due to age.
  • 0
    Is your configuration setup to forward mail for your "local" domain? Are you sending e-mail through the UTM, ie: is your outgoing server on the mail client set to the IP address or host name of the UTM?
  • 0

    Agreed with Berkleigh.  Please show the lines from the SMTP log file for an email that you thought should be encrypted, but it was not.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Is Postfix really configured to send mail through an outside ip address and back again for addresses in the same domain? Not sure what traffic you are seeing on the UTM but it seems really odd that Postfix would do such a thing. Where is the UTM located in this scenario, is it at your location or a VM on the same server as the one hosting Postfix ? If the UTM is at your location and you are sending e-mail through it then your outgoing mail server settings on your e-mail client would need to point to the UTM not the Postfix server.
Unfiltered HTML