Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 12232 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Relaying authentication Qs

jtv
My last post was pretty incomprehensible, so I regrouped my thoughts!

We've got a 2nd email domain that's been added behind our Astaro.  Our original environment is all local-subnets only for sending out mail, the new email domain is all external, users are all over the country with a combination of residential and business connections.

Further complicating the issue is that there is no central authentication method for these users - no AD or anything else.  So, as of right now I've had to bypass the SMTP proxy (using DNAT) for this email domain, which is not ideal.  

What I'm trying to figure out is what the simplest way to enable these users to relay.  I'd prefer to avoid having them authenticate through the Astaro, as the SMTP server already has a comprehensive relay policy in place.  I don't see any way to let only specific domains have lax relaying policies.

Any suggestions on what to pursue?  I know it's a big no-no, but I was considering setting the allowed relay to "all" - BUT only if the individual servers relaying restrictions remained in place.   Obviously that's not something I want to test in a production environment.


This thread was automatically locked due to age.
  • 0 in reply to jtv

    i have same problem..

    my scenario:

    linux mail server with virtula users/domains

    before i enabled smtp proxy in sophos i ised nat rules from wan to lan all email ports i need,the problem smapassain an clama on mail server..

    so i enabed smtp protection:

    simple mode

    routing settings:

    domains: my.com

    host list: lan ip of my mail server

    verify recipients: with callout

    relaying settings:

    checked authenticated users

    creat a local user in sophos for relaying

    allow hosts: mail server lan ip 

    advanced settings:

    not use transparent

    createca in stratcom ssl and configured it for tls

    in my mail server configure relay configuration that use sophos smtp(authentication for sophos smtp with local user that i created)

    testing:)

    when i send mail from gmail to xxx@my.com>working good,sophos check the recipient in internal mail,scanning the mail and deliver it to internal mail to the recipient

    when i sending mail from my webmail(my webmail on the mail server,same server!!!),work good ,it use sophos relay,all scans working

    BUT i can use anymore mail client like oulook,when i configure smtp in otlook,it dot authenticate mail server,it try authenticate sohhos smtp...

  • 0 in reply to IlyaYakov

    I don't agree with the approach that atv insisted on taking six years ago.  Try what i suggested...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML