This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Proxy and external (mobile) mail clients

I am trying to get the SMTP proxy up and running, but am having issues with mobile clients externally being able to send emails; am I using the proxy the wrong way?

Obviously it proxies inbound/outbound SMTP (my email server, in the LAN behind the UTM, sending emails to other addresses, and those addresses replying).  And that seems to be working fine (clients in the LAN get email, and I see the added footer about being virus scanned).

My challenge is supporting mobile clients (iphones).  I NAT'd IMAP over SSL through the UTM to the email server, and those mobile clients can grab email sent to them fine.  But they can't send:  they get a message about the SMTP server not supporting password authentication.

Have I mucked up thinking that the SMTP proxy would also proxy emails which are on their way to my email server from clients, then to be sent back out? 

Should I instead be setting up NAT to my email server on a non-standard port, so that when an email client outside the LAN sends emails, they send over SMTP/TLS direct to my email server in the LAN (via NAT, not through UTM SMTP proxy), and THEN the email server would send outbound through the proxy?

Really appreciate the help.



This thread was automatically locked due to age.
Parents
  • Yes, you should not have the SMTP handle traffic from clients. You don't say what email server you're using, but the basic config should be similar to one with Exchange -

    Rather than a non-standard port, I prefer to use an IP different from the one that the MX record resolves to.  Either way, depending on the client, you can use WAF or a DNAT.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks much Bob.

    One more question your response posted:  I can use the WAF to proxy, and check, any traffic, including SMTP as well as HTTP?  IMAP?

    When you said I could use the WAF or DNAT, do I understand correctly that I could use the WAF to protect the IMAP and SMTP (from mobile clients sending messages ultimately to be sent outbound) ports I set up into the mail server (which is in the LAN)?

    I have the WAF set up to protect a web server, but didn't think to set up stuff to protect a non-standard web GUI for a NAS, or IMAP/SMTP for the email server.

    Really appreciate the help!

  • WAF doesn't handle anything other than HTTP/S.  What client are you using?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Sorry for the delay.  Trying to use a mail server on a Synology box, and the clients are native mail app on iOS.

    So...the I should be using the WAF to protect the webgui fo the Syno box, as its obviously HTTPS based...  but the mail client on iOS is not, right?  Only something like OWA would use the WAF, no?

  • That all sounds correct to me. I think you were on the right track!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data