Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 17460 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Confused

russell barlow

I am trying to allow the CEO to access his personal email from outside the network. It is being blocked at the sophos UTP.

He has an imap service with a hosted provider.


We have simple smtp enabled.   

and   being forwarded to our exchange server which works great. We have mail spam and quarantine which works perfectly.

 

I have added the domain to the upstream host 

 

 I have added an Snat entry that enables the ceo's pc (in reality all the pcs ) to send and recieve to this domain. 

 

 I am not sure what i have setup wrong. I just need 3 pc's to be able to access this domain on port 143 and 587. What do i have configured wrong ?

 

Pulling my hair out here

 



This thread was automatically locked due to age.
Parents
  • 0

    hi, your post is slightly confusing.

    From what I'm reading, you have:

    1. Internal - an exchange server. I'd imagine that all internal client connect and use this?

    2. your exchange server forwards to the UTM for outgoing mail and the UTM recieves mail and fowards to exchange for email protection etc

    3. Your CEO had another email account (in addition to the exchange account) that uses IMAP/SMTP to access email eg gmail or something similar

    4. You are trying to allow this account through the UTM?

  • 0 in reply to Louis-M

    If Louis-M is correct in his assumptions, I don't think you need the SNAT rules - a simple firewall rule allowing access from your CEO's PC to the required mailserver using the "Email Messaging" protocol definition should suffice.

     

     

  • 0 in reply to Shaun Raven

    Shaun Raven said:

    If Louis-M is correct in his assumptions, I don't think you need the SNAT rules - a simple firewall rule allowing access from your CEO's PC to the required mailserver using the "Email Messaging" protocol definition should suffice.

     

    Shaun's advice looks correct to me:

    • Get rid of the SNAT rules (I bet they are the culprit of things not working now).
    • Your firewall rule 9 is useless since in rule 8 you simply allow any (rule 9 will never be triggered this way), however I would disable rule 8 (with any) and use rule 9 instead. Make sure all required protocols are in the rule (IMAP, SMTP, 

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0 in reply to Shaun Raven

    Shaun Raven said:

    If Louis-M is correct in his assumptions, I don't think you need the SNAT rules - a simple firewall rule allowing access from your CEO's PC to the required mailserver using the "Email Messaging" protocol definition should suffice.

     

    Shaun's advice looks correct to me:

    • Get rid of the SNAT rules (I bet they are the culprit of things not working now).
    • Your firewall rule 9 is useless since in rule 8 you simply allow any (rule 9 will never be triggered this way), however I would disable rule 8 (with any) and use rule 9 instead. Make sure all required protocols are in the rule (IMAP, SMTP, 

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML