This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[UTM 9.4] Authenticated Relay AND Host-based Relay resolving

Hello,

 

I have simple question about using both Authenticated Relay and Host based relay in UTM.

On the example picture you can see two users trying to send email via server, which is specified in host-based relay on UTM. Black user is allowed for Authenticated Relay on UTM, while Red user is not allowed for authenticated relay. 

Question is, how is UTM resolving these two relaying permissions - Host and Authentication - is it via logical OR (user OR host must be allowed) or AND (both HOST and USER must be allowed) or differently?

 

Thanks for answer.

 

Pavel Kolar



This thread was automatically locked due to age.
Parents
  • Hello Pavel,

    it is an logical OR.

    If the IP for the incoming smtp relay connection is in the allowed relay hosts, then relay.

    If the IP for the incoming smtp relay connection is NOT in the allowed relay hosts AND the user is allowed (via SMTP-Auth), then relay.

    Else reject.

     

    Good Luck!

    CS

     

    Sophos Certified Architect (UTM + XG)

  • Hi, Pavel, and welcome to the UTM Community!

    The SMTP Proxy only knows that it is a relay for email from the Mail Server - it doesn't check the sender against 'Allowed Users/Groups'.  If you don't want to allow a user to send outside emails, you might be able to add the email address to the 'Sender Blacklist' on the 'Antispam' tab.  If that works, please let us know.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Pavel, and welcome to the UTM Community!

    The SMTP Proxy only knows that it is a relay for email from the Mail Server - it doesn't check the sender against 'Allowed Users/Groups'.  If you don't want to allow a user to send outside emails, you might be able to add the email address to the 'Sender Blacklist' on the 'Antispam' tab.  If that works, please let us know.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data