Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 7469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP authentication without backend authentication services

MrSophos1

I host internal mail server with self integrated authentication.  There is no NTLM, RADIUS, LDAP or AD available in the infrastructure.  The mail service is only support SMTP 25 and POP3 110 without encryption.  While  I enable the Mail Protection for SMTP, add the server in Routing Host List and configure the mail server’s smart host to UTM. The mail server is able to send and receive on internet.  I also can observe number of statistics on Email Protection tab.

However, our mail user will connect to send and receive from both internal and external.  The UTM is intercepting the SMTP authentication from mail client with local account(UTM’s users) because we don’t have any backend authentication server available.  Is there anyway to bypass UTM’s smtp authentication and let the mail server to complete it?  

https://community.sophos.com/products/unified-threat-management/f/56/t/48217

Is only way to use ANY in Host-based Relay to use the mail server authentication?



This thread was automatically locked due to age.
Parents
  • 0

    Using ANY inside Host-based relay will make the Sophos UTM an open relay server.

    What you can do is to use different IP addresses for SMTP. I mean, one public ip registered as MX record (used inside Sophos UTM to send and receive email from external SMTP servers) and another IP used by users to send email. In this way, spam is filtered on the IP registered as MX record and external users are able to send email (You need a DNAT for this users that forward 25 port to internal mail server).

    This is a workaround, but the best way is that Users are authenticated on UTM and that SMTP is open and filtered by SMTP Proxy.


    Luk

Reply
  • 0

    Using ANY inside Host-based relay will make the Sophos UTM an open relay server.

    What you can do is to use different IP addresses for SMTP. I mean, one public ip registered as MX record (used inside Sophos UTM to send and receive email from external SMTP servers) and another IP used by users to send email. In this way, spam is filtered on the IP registered as MX record and external users are able to send email (You need a DNAT for this users that forward 25 port to internal mail server).

    This is a workaround, but the best way is that Users are authenticated on UTM and that SMTP is open and filtered by SMTP Proxy.


    Luk

Children
No Data
Unfiltered HTML