Outgoing mail (SMTP) blocked by UTM

Question

Hi all, 
 
 I just restarted using Sophos UTM again. Version 9.408-4 
 Since then some applications will not run. Where secure services are used with the exception of HTTPs the they run ok. I guess that will be because then traffic is handled by Webprotection. 
 Sticking with one off these applications being Outlook 2016 Office 365 locally installed. 
 It doesn't matter using the unsecure or unsecure port of pop3 or smtp. 
 Incoming traffic works fine, outgoing > no way. 
 Receiving the following message in live log SMTP proxy: 
 2016:11:30-21:23:07 sophos-utm exim-out[12998]: 2016-11-30 21:23:07 1cBnUa-0001im-GB mail.x.nl [194.60.207.168]:25 Connection timed out 
 2016:11:30-21:23:07 sophos-utm exim-out[12997]: 2016-11-30 21:23:07 1cBnUa-0001im-GB == info@x.nl R=dnslookup T=remote_smtp defer (110): Connection timed out 
 
 I have two mailboxes. I only see these logs from one mailbox. 
 
 From Support/Tools Ping to the DNS server is OK and DNSlookup is also OK. 
 
 Live Log IPS: 
 2016:11:30-20:08:34 sophos-utm snort[5115]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="INDICATOR-COMPROMISE Suspicious .tk dns query" group="241" srcip="MYPC" dstip="DNS-server" proto="17" srcport="51833" dstport="53" sid="39867" class="Misc activity" priority="3" generator="1" msgid="0" 
 
 I don't think IPS is the problem. Nevertheless I 've made an exception for IPS checking on service 25 just to see what happens. No solution. 
 
 Anyone has ideas to solve this? 
 
 Thanx Jaap

jaapl · Accepted Answer

Hi mister Pijnappels, 
 I should have given your question more thought. 
 After configuring source-NAT (SNAT) with every internal networks IP-address translated to the external (public) IP-address of the UTM .. 
 it works! 
 Thanx Jaap

BAlfson · Answer

Hi Jaap, 
 Just disable the SMTP Proxy as it is not meant to work in this way. You just need a firewall rule like: 
 Internal (Network) -> Email Messaging -> Internet : Allow 
 Are things working now? If not, try #1 in Rulz . 
 Cheers - Bob

BAlfson · Answer

"What is weird that with Wireshark on my PC traffic towards the external mail servers was not trapped, nor were the tcp-ports configured/used by Outlook." 
 You're saying that the traffic doesn't even reach the UTM's LAN interface? If you put the same IP on that interface as on the corresponding one on the ASA, then, after you reconnect the UTM, you will want to reboot any switches in your LAN to force them to clear their ARP tables. 
 Was that all it was? 
 Cheers - Bob

apijnappels · Answer

Hi Jaap, 
 Ziggo does indeed block outgoing mail other than going to their own mailserver (smtp.ziggo.nl). Outgoing mail to smtp.ziggo.nl should normally work. Also incoming mail (pop3, imap) should work. I use Ziggo myself at my home (consumer Ziggo connection). 
 If you really need outgoing port 25 (so your UTM sends out mails not using smtp.ziggo.nl as a smart host), then you need to upgrade to a business Ziggo account.

LifeIsGood · Answer

Had similar problem. Outlook incoming through UTM was fine, but outgoing was blocked. Found that default service definitions for SMTP in UTM used ports 25 and 465, but my Outlook account required port 587 for outgoing (SMTP) 
 Resolved this by creating a new Firewall rule. A new Service Definition was created in the process, as follows: 
 
 WebAdmin > Network Protection > Firewall > New Rule
 
 Sources: Internal (Network) 
 Services: click green + to add new Service Definition
 
 Add Service Definition 
 Name: SMTP_Port 587 
 Type of Definition: TCP 
 Destination Port: 587 
 Source Port: 1:65535 
 Save

Destinations: Internet IPv4 
 Save

Then enable this new firewall rule. 
 Hope this helps.