This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM email anti spam setup

Hello all, 

Could someone please help me please. 

lets assume this is my networks info

ex01 - 192.168.0.15  (external ip  10.10.0.100) 

DNS:

A > mail.test.com > 10.10.0.100

MX mail.test.com

NAT rule on the on the UTM

Any > outside ip (10.10.0.100) smtp > ex01 > smtp 

email works fine on send and receive. (my connectors are using MX record and all networks to be able to to send to my exchange server) 

however when i try to implement email spam i cant get it to work. 

when i go to utm > email protection > smtp and add the domain name "test.com" followed by "ex01" to the host list my emails arent being checked for spam.  

Questions

If i configure the above, do i need to change the mx record to point to the external ip instead of mail.test.com?

What about the connectors, what do i need to change the settings to? 

if there is a guide that  tells me how to configure exchange along with the mail spam on the utm that would be great. 



This thread was automatically locked due to age.
Parents Reply Children
  • Disable that DNAT rule, and don't use MX record on connectors because it can be confusing when troubleshooting, whether it is resolved to public or private IP.

    Ensure that:
    - Public DNS MX record points to external public IP address of UTM WAN interface.
    - Exchange Send Connector points to internal IP address of UTM LAN interface.
  • Okay,
    DNAT rule disabled - Do i need to create any firewall rules elsewhere?


    So i set my public mx record to ip instead of mail.test.com

    mx record = 10.10.0.100 (assume this 10.10 is public ip)
    my send connector is set to smtp > *.192.168.0.254 (internal interface of virtual firewall)
    my receive connector is set to to the public ip address of the firewall (10.10.0.100/32)

    any other settings i need to check on sophos utm?



    log from smpt proxy

    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: 2015-12-21 17:11:52 1aB400-00017v-0Q ctasd reports 'Unknown' RefID:str=0001.0A0B0204.567832D8.02F1,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: 2015-12-21 17:11:52 1aB400-00017v-0Q Greylisting: Greylisted 65.55.90.165
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [1\28] 2015-12-21 17:11:52 1aB400-00017v-0Q H=snt004-omc3s26.hotmail.com [65.55.90.165]:63065 F=<moe@kandi-care.co.uk> temporarily rejected after DATA: Temporary local problem, please try again!
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [2\28] Envelope-from: <moe@kandi-care.co.uk>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [3\28] Envelope-to: <moe@kandi-cloud.com>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [4\28] P Received: from snt004-omc3s26.hotmail.com ([65.55.90.165]:63065)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [5\28] by kandi-vfw with esmtps (TLSv1.2:AES256-SHA256:256)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [6\28] (Exim 4.82_1-5b7a7c0-XX)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [7\28] (envelope-from <moe@kandi-care.co.uk>)
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [8\28] id 1aB400-00017v-0Q
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [9\28] for moe@kandi-cloud.com; Mon, 21 Dec 2015 17:11:52 +0000
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [10\28] P Received: from SNT150-W12 ([65.55.90.136]) by SNT004-OMC3S26.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [11\28] Mon, 21 Dec 2015 09:09:51 -0800
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [12\28] X-CTCH-RefID: str=0001.0A0B0204.567832D8.02F1,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [13\28] X-TMN: [xcO1BFSlVy2nCZUPM0auq8LMBkLShJwp]
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [14\28] X-Originating-Email: [moe@kandi-care.co.uk]
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [15\28] I Message-ID: <SNT150-W126482BFEEA3BB0D732DA1DEE40@phx.gbl>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [16\28] * Return-Path: moe@kandi-care.co.uk
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [17\28] Content-Type: multipart/alternative;
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [18\28] boundary="_b233975d-7aa2-4ed9-8172-fc26f00c3335_"
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [19\28] F From: moe kandi <moe@kandi-care.co.uk>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [20\28] T To: Moe <moe@kandi-cloud.com>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [21\28] Subject: RE: test1637
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [22\28] Date: Mon, 21 Dec 2015 17:09:50 +0000
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [23\28] Importance: Normal
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [24\28] In-Reply-To: <8E1CEEF4A0E3D4409E8669170EC5A605BACCFB@EX01.Kandi-Care.local>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [25\28] References:
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [26\28] <SNT150-W254C4264A93DE2FAD9164ADEE40@phx.gbl>,<8E1CEEF4A0E3D4409E8669170EC5A605BACCFB@EX01.Kandi-Care.local>
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [27\28] MIME-Version: 1.0
    2015:12:21-17:11:52 kandi-vfw exim-in[4335]: [28/28] X-OriginalArrivalTime: 21 Dec 2015 17:09:51.0428 (UTC) FILETIME=[6784A840:01D13C12]
    2015:12:21-17:11:53 kandi-vfw exim-in[4335]: 2015-12-21 17:11:53 SMTP connection from snt004-omc3s26.hotmail.com [65.55.90.165]:63065 closed by QUIT
  • You got me wrong, MX record should point to the DNS name that is resolving to your UTM WAN public IP address, not the IP address itself.

    Your Exchange send connector looks ok, it points to 192.168.0.254 UTM LAN interface.

    SMTP log is also ok, you enabled Graylisting spam check so the message delivery will be delayed up to max. 15 minutes.

    "my receive connector is set to to the public ip address of the firewall (10.10.0.100/32)"
    Where did you set this, on Exchange ?
  • so i changed the mx record back to

    A > mai 10.10.0.100
    MX > 0 > mail.test.com

    hub transport > receive connectors > default ex01 connector >
    under network tab receive mail from remote servers that have these ip address: public ip of utm (10.10.0.100 255.255.255.255)

    now when i try to send an email i get this error.

    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: 2015-12-21 17:44:03 1aB4V9-0001fE-15 ctasd reports 'Unknown' RefID:str=0001.0A0B0205.56783A63.01C7,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: 2015-12-21 17:44:03 1aB4V9-0001fE-15 Greylisting: Greylisted 65.55.90.174
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [1\28] 2015-12-21 17:44:03 1aB4V9-0001fE-15 H=snt004-omc3s35.hotmail.com [65.55.90.174]:56620 F=<moe@kandi-care.co.uk> temporarily rejected after DATA: Temporary local problem, please try again!
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [2\28] Envelope-from: <moe@kandi-care.co.uk>
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [3\28] Envelope-to: <moe@kandi-cloud.com>
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [4\28] P Received: from snt004-omc3s35.hotmail.com ([65.55.90.174]:56620)
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [5\28] by kandi-vfw with esmtps (TLSv1.2:AES256-SHA256:256)
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [6\28] (Exim 4.82_1-5b7a7c0-XX)
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [7\28] (envelope-from <moe@kandi-care.co.uk>)
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [8\28] id 1aB4V9-0001fE-15
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [9\28] for moe@kandi-cloud.com; Mon, 21 Dec 2015 17:44:03 +0000
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [10\28] P Received: from SNT150-W85 ([65.55.90.137]) by SNT004-OMC3S35.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [11\28] Mon, 21 Dec 2015 09:24:04 -0800
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [12\28] X-CTCH-RefID: str=0001.0A0B0205.56783A63.01C7,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [13\28] X-TMN: [fD98RnQhdTFiRERDe7m9P5sMWUQGAsFk]
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [14\28] X-Originating-Email: [moe@kandi-care.co.uk]
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [15\28] I Message-ID: <SNT150-W850A095419ADED708DEB80DEE40@phx.gbl>
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [16\28] * Return-Path: moe@kandi-care.co.uk
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [17\28] Content-Type: multipart/alternative;
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [18\28] boundary="_06c31bc0-c37d-4c2a-b5f0-40e8d51630c6_"
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [19\28] F From: moe kandi <moe@kandi-care.co.uk>
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [20\28] T To: Moe <moe@kandi-cloud.com>
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [21\28] Subject: RE: test24
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [22\28] Date: Mon, 21 Dec 2015 17:24:03 +0000
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [23\28] Importance: Normal
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [24\28] In-Reply-To: <8E1CEEF4A0E3D4409E8669170EC5A605BACCFB@EX01.Kandi-Care.local>
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [25\28] References:
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [26\28] <SNT150-W254C4264A93DE2FAD9164ADEE40@phx.gbl>,<8E1CEEF4A0E3D4409E8669170EC5A605BACCFB@EX01.Kandi-Care.local>
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [27\28] MIME-Version: 1.0
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: [28/28] X-OriginalArrivalTime: 21 Dec 2015 17:24:04.0191 (UTC) FILETIME=[63CDF6F0:01D13C14]
    2015:12:21-17:44:03 kandi-vfw exim-in[6400]: 2015-12-21 17:44:03 SMTP connection from snt004-omc3s35.hotmail.com [65.55.90.174]:56620 closed by QUIT
    2015:12:21-17:44:12 kandi-vfw exim-in[4958]: 2015-12-21 17:44:12 SMTP connection from [192.168.0.15]:42494 (TCP/IP connection count = 1)
    2015:12:21-17:44:12 kandi-vfw exim-in[6405]: 2015-12-21 17:44:12 H=(EX01.Kandi-Care.local) [192.168.0.15]:42494 F=<moe@kandi-cloud.com> rejected RCPT <moe@kandi-care.co.uk>: Relay not permitted
    2015:12:21-17:44:12 kandi-vfw exim-in[6405]: 2015-12-21 17:44:12 SMTP connection from (EX01.Kandi-Care.local) [192.168.0.15]:42494 closed by DROP in ACL
    2015:12:21-17:44:28 kandi-vfw smtpd[4782]: MASTER[4782]: (Re-)loading configuration from Confd
    2015:12:21-17:44:28 kandi-vfw smtpd[4782]: MASTER[4782]: QR globally disabled, status one set to 'disabled'
    2015:12:21-17:44:28 kandi-vfw smtpd[4782]: MASTER[4782]: QR globally disabled, status two set to 'disabled'
    2015:12:21-17:44:28 kandi-vfw exim-in[4958]: 2015-12-21 17:44:28 pid 4958: SIGHUP received: re-exec daemon
    2015:12:21-17:44:28 kandi-vfw exim-in[4958]: 2015-12-21 17:44:28 exim 4.82_1-5b7a7c0-XX daemon started: pid=4958, no queue runs, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
    2015:12:21-17:45:00 kandi-vfw exim-out[6764]: 2015-12-21 17:45:00 Start queue run: pid=6764
    2015:12:21-17:45:00 kandi-vfw exim-out[6767]: 2015-12-21 17:45:00 1aB4TZ-0001e6-DW SMTP error from remote mail server after initial connection: host 192.168.0.15 [192.168.0.15]: 421 4.3.2 Service not available
    2015:12:21-17:45:00 kandi-vfw exim-out[6766]: 2015-12-21 17:45:00 1aB4TZ-0001e6-DW == moe@kandi-cloud.com R=static_route_hostlist T=static_smtp defer (0): SMTP error from remote mail server after initial connection: host 192.168.0.15 [192.168.0.15]: 421 4.3.2 Service not available
    2015:12:21-17:45:00 kandi-vfw exim-out[6768]: 2015-12-21 17:45:00 1aB4TA-0001e6-HQ == moe@kandi-cloud.com R=static_route_hostlist T=static_smtp defer (-53): retry time not reached for any host
    2015:12:21-17:45:00 kandi-vfw exim-out[6770]: 2015-12-21 17:45:00 1aB4Uc-0001eq-4K == moe@kandi-cloud.com R=static_route_hostlist T=static_smtp defer (-53): retry time not reached for any host
    2015:12:21-17:45:00 kandi-vfw exim-out[6764]: 2015-12-21 17:45:00 End queue run: pid=6764
    2015:12:21-17:46:00 kandi-vfw exim-out[6857]: 2015-12-21 17:46:00 Start queue run: pid=6857
    2015:12:21-17:46:00 kandi-vfw exim-out[6859]: 2015-12-21 17:46:00 1aB4TZ-0001e6-DW == moe@kandi-cloud.com R=static_route_hostlist T=static_smtp defer (-53): retry time not reached for any host
    2015:12:21-17:46:00 kandi-vfw exim-out[6861]: 2015-12-21 17:46:00 1aB4TA-0001e6-HQ == moe@kandi-cloud.com R=static_route_hostlist T=static_smtp defer (-53): retry time not reached for any host
    2015:12:21-17:46:00 kandi-vfw exim-out[6863]: 2015-12-21 17:46:00 1aB4Uc-0001eq-4K == moe@kandi-cloud.com R=static_route_hostlist T=static_smtp defer (-53): retry time not reached for any host
    2015:12:21-17:46:00 kandi-vfw exim-out[6857]: 2015-12-21 17:46:00 End queue run: pid=6857
    2015:12:21-17:46:05 kandi-vfw exim-in[4958]: 2015-12-21 17:46:05 SMTP connection from [127.0.0.1]:47613 (TCP/IP connection count = 1)
    2015:12:21-17:46:05 kandi-vfw exim-in[6874]: 2015-12-21 17:46:05 [127.0.0.1] F=<do-not-reply@fw-notify.net> R=<moe@kandi-care.co.uk> Accepted: from relay
    2015:12:21-17:46:05 kandi-vfw exim-in[6874]: 2015-12-21 17:46:05 1aB4X7-0001ms-31 <= do-not-reply@fw-notify.net H=localhost [127.0.0.1]:47613 P=esmtp S=1022 id=4138-06868-1450719965@kandi-vfw
    2015:12:21-17:46:05 kandi-vfw exim-in[6874]: 2015-12-21 17:46:05 SMTP connection from localhost [127.0.0.1]:47613 closed by QUIT
    2015:12:21-17:46:07 kandi-vfw smtpd[4833]: QMGR[4833]: 1aB4X7-0001ms-31 moved to work queue
    2015:12:21-17:46:10 kandi-vfw smtpd[6876]: SCANNER[6876]: 1aB4XC-0001mu-0s <= do-not-reply@fw-notify.net R=1aB4X7-0001ms-31 P=INPUT S=275
    2015:12:21-17:46:10 kandi-vfw smtpd[6876]: SCANNER[6876]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="127.0.0.1" from="do-not-reply@fw-notify.net" to="moe@kandi-care.co.uk" subject="[kandi-vfw][WARN-005] Failed WebAdmin login" queueid="1aB4XC-0001mu-0s" size="275"
    2015:12:21-17:46:10 kandi-vfw smtpd[6876]: SCANNER[6876]: 1aB4X7-0001ms-31 => work R=SCANNER T=SCANNER
    2015:12:21-17:46:10 kandi-vfw smtpd[6876]: SCANNER[6876]: 1aB4X7-0001ms-31 Completed
    2015:12:21-17:46:12 kandi-vfw exim-out[6878]: 2015-12-21 17:46:12 1aB4XC-0001mu-0s => moe@kandi-care.co.uk P=<do-not-reply@fw-notify.net> R=dnslookup T=remote_smtp H=11aeb74f77474d805f1bd355f3d89a.pamx1.hotmail.com [65.54.188.109]:25 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 C="250 <4138-06868-1450719965@kandi-vfw> Queued mail for delivery"
    2015:12:21-17:46:12 kandi-vfw exim-out[6878]: 2015-12-21 17:46:12 1aB4XC-0001mu-0s Completed
  • Set your Default Exchange receive connector opened for 0.0.0.0 as default.

  • I got the inbound email working, thanks, however having problems with outbound email scanning.

    do i need to create a second connector?
  • i set it as follow

    with this setting in place i am able to receive emails from the outside. 

    if i was to open it to 0.0.0.0 that would mean anyone can email my server direct? i wouldnt want that as i want sophos to scan my incoming and outgoing emails? 

  • If you disabled that DNAT rule, Sophos UTM will scan all of the incoming emails before forwarding it to your internal Exchange server.

    Regarding outgoing emails, you have to configure Exchange send connector with SMTP address space * pointing to internal IP address of UTM:

  • what authentication did you use for send connector?

    i am getting this when i configure it like your " #550 Relay not permitted ##"
  • On UTM in Email Protection -> SMTP -> Relaying tab add your Exchange server host network definition object into Allowed Hosts/Networks section: