SMTP Proxy Configured, but not Processing Mail

First you should upgrade to UTM9:

blogs.sophos.com/.../

Oh, I didn't realise that they had stopped all support!  Thanks for that.

I will upgrade ASAP, but in the meantime, is there anything basic I can check with regards to AntiSpam on my current firewall?

What are the normal configuration steps?

Putting an EOL device on the net, I would never dare this in my company. This is a security device!!  This device has never seen a pattern update since 17 months!

I would stick to the SMTP Antispam chapter in their user manual. This is the way I did it and for me it works really well.

On top of the setting windows you have a button for live logs, these are very handy when trying different settings.

I've looked through the manual and I can't see anything that I've missed.

I can't help but think there's something fundamental that I'm missing

Should I have a DNAT port forwarding rule for port 25 to my mail server or not?

Is there anything else I need to do to 'enable' the mail proxy?

Live logs show only a pattern of repeating 2 lines:
2016:05:19-19:55:00 PhatWall exim-out[2388]: 2016-05-19 19:55:00 Start queue run: pid=2388
2016:05:19-19:55:00 PhatWall exim-out[2388]: 2016-05-19 19:55:00 End queue run: pid=2388

The logs show the following after re-enabling the SMTP proxy:
2016:05:19-20:06:34 PhatWall smtpd[6105]: MASTER[6105]: (Re-)loading configuration from Confd
2016:05:19-20:06:35 PhatWall smtpd[6105]: MASTER[6105]: QR globally disabled, status one set to 'disabled'
2016:05:19-20:06:35 PhatWall smtpd[6105]: MASTER[6105]: QR globally disabled, status two set to 'disabled'
2016:05:19-20:06:35 PhatWall exim-in[6222]: 2016-05-19 20:06:35 pid 6222: SIGHUP received: re-exec daemon
2016:05:19-20:06:36 PhatWall exim-in[6222]: 2016-05-19 20:06:36 exim 4.76 daemon started: pid=6222, no queue runs, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)

I've looked through the manual and I can't see anything that I've missed.

I can't help but think there's something fundamental that I'm missing

Should I have a DNAT port forwarding rule for port 25 to my mail server or not?

Is there anything else I need to do to 'enable' the mail proxy?

Live logs show only a pattern of repeating 2 lines:
2016:05:19-19:55:00 PhatWall exim-out[2388]: 2016-05-19 19:55:00 Start queue run: pid=2388
2016:05:19-19:55:00 PhatWall exim-out[2388]: 2016-05-19 19:55:00 End queue run: pid=2388

The logs show the following after re-enabling the SMTP proxy:
2016:05:19-20:06:34 PhatWall smtpd[6105]: MASTER[6105]: (Re-)loading configuration from Confd
2016:05:19-20:06:35 PhatWall smtpd[6105]: MASTER[6105]: QR globally disabled, status one set to 'disabled'
2016:05:19-20:06:35 PhatWall smtpd[6105]: MASTER[6105]: QR globally disabled, status two set to 'disabled'
2016:05:19-20:06:35 PhatWall exim-in[6222]: 2016-05-19 20:06:35 pid 6222: SIGHUP received: re-exec daemon
2016:05:19-20:06:36 PhatWall exim-in[6222]: 2016-05-19 20:06:36 exim 4.76 daemon started: pid=6222, no queue runs, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)

Why would you need a DNAT rule? this would bypass the antispam function! It seems you lack understanding of some basic routing concepts.

Just stick to the things in the manual, dont do anything else, if you dont really know what its for.

You have upgraded in the meantime? It could be if you are still on the old version, that the gateway is not processing mails because it runs on outdated software.

I had a DNAT rule because I originally had the Antispam proxy disabled and port 25 forwarded to my mail server.

I asked the question because the documentation is not clear about how the internal traffic routing works with the SMTP proxy and when I tried disabling the DNAT rule earlier I got no mail at all.

However, now that you have so graciously educated me regarding the DNAT rule, I have disabled it and I can see in the logs mail coming through.

Further complicating my troubleshooting was the fact that it seems to take up to 8 minutes for emails to be processed by the firewall and the mail processing / filtering stats took ~15min to update.

I appreciate your help Edmund, and I thank you for providing me with the information required to reach a solution, but please don't make assumptions about people's level of understanding.  I happen to have over 20 years of professional IT experience, however I am unfamiliar with the exact details the inner workings of Sophos firewalls.  Your knowledge and assistance is appreciated, but your condescending tone is not.

Please also remember that regardless of experience, none of us knows everything and one day the shoe will be on the other foot and you will be asking someone else for assistance.  I'm sure when that time comes you would rather that person treats you with the respect and courtesy that you deserve.

In any case, I'm glad we got it working in the end! :)

Hi, Sam, and welcome to the UTM Community!

Yes, the DNAT is the cause of this.  #2 in Rulz will help you understand why.

Cheers - Bob

Thanks Bob, rule 2 explains it nicely.