Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 5741 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to change the default smt port for the internal mail server

Thomas Christidis

Hello

We are evaluating a sophos utm device on vmware appliance configuration fully updated.

The system works nice filtering the web/emails spamming etc (firewall is off cause we have a cisco device already on the office) except one thing
Our internal mail server listens for smtp connections on a non default port (250) instead of the default 25 for some old security reasons we had on the office. That causes my email server to not receive any emails from the utm cause as i understand and checked that only uses the default 25 port and theirs no way from the web interface to change it to anything else.

The problem is that since we host except our office emails we have another 3 companies email domains and makes our change of the port reallllyyyyy hard work to do it on so many clients/phones/devices with no interruption and no angry customers.

So im asking if theirs any unconventional way like editing some files from the console command line using some vi etc to by pass my problem and i think i have to redo that steps if i update the machine with a new firmware.

Any help is much appreciated

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Thomas, and welcome to the UTM Community!

    I bet this can be solved with NAT rules if the SMTP Proxy can't enable you to easily get rid of your old approach, but we need more information:

    • Is the plan to use the UTM's SMTP Proxy for all of the domains?
    • Does the same mail server handle all of the domains?
    • In the past, was 250 assigned by the Cisco in a port forward of port 25 arriving from the internet?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi, Thomas, and welcome to the UTM Community!

    I bet this can be solved with NAT rules if the SMTP Proxy can't enable you to easily get rid of your old approach, but we need more information:

    • Is the plan to use the UTM's SMTP Proxy for all of the domains?
    • Does the same mail server handle all of the domains?
    • In the past, was 250 assigned by the Cisco in a port forward of port 25 arriving from the internet?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Sorry for the late reply but was out of office

    Yes the idea is to use the UTM for all the domains/ yes the mail server handles all the domains

    The port 250 is used on the mail server only no where else. The current firewall listens to 25 port and on one ip we use for the mail server it directs it to the mail server directly which only open to the smtp/pop3/imap ip's.

    Just for more info we currently use a Cisco ESA for mail spaming/proxy and we wanted to test Sophos UTM without having to alter our topology for the moment thats why i was searching/wondering if it was an easier way to redirect the sophos utm sending emails to a custom port instead of the fixed 25 port cause on the cisco ESA solution we use that easy to do (manual editing the port we want).

  • +1 in reply to Thomas Christidis

    Yes, Thomas, you can just use a NAT rule like:

    SNAT : {interface connected to mail server} (Address) -> SMTP -> {mail server} : {port 250}

    Did that work as you want it to?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yes that work around did the trick on my fast test few minutes ago (il test on live production on monday) but still i would prefer the UTM to let me change the port(s) of the mail server and not lock them to the default standards :)

Unfiltered HTML