Relay email for clients

If I understood, you want to put UTM like a bridge for the external Exchange

Normaly you have to put the exchange ip, in relay hosts

But you have to configure the exchange send/receive connectors.

I am sorry if i didn't explain it correctly.

ATM i am using MCAfee SaaS as a SPAM/VIRUS filter for all my clients. So MX records towards Mcafee and in the control panel i tell mcafee which IP goes with which domain.

MCafee pulled the plug out of this product, so i have to use something new.

 So i want to use my Sophos UTM as a SPAM/VIRUS filter for a couple domains, which are being hosted at different locations.

For the moment let's focus on receiving the mail through Sophos. Sending is being done by the on premise exchange servers.

I am really sorry....

I had a big OEPS moment....

In front of the SMTP profiles i just saw an ON/OFF button. With a default setting OFF.

I didn't see this switch before. Again i am really sorry to have wasted everyones time.

No Prob ☺

O no the Exchange Connectivity website is working, by normal emails are not accepted:

EMAILADRES
Remote Server returned '554 5.4.108 SMTPSEND.DNS.MxLoopback; DNS records for the next hop domain are configured in a loop -> DnsDomainIsInvalid: InfoMxLoopback'

I cannot EDIT my post. I wanted to add that this error comes from Exchange. Not Sopohos

Maybe you have to clear the dns on the exchange site. I never see this kind of the problem but seems logical

You have to configure the connectors now

I have changed my send connector, de exchange server send connector points at Sophos now. The error is gone. So problem seems solved now :)

Yes, since MX is handled by sophos now the emails should pass throug it. Configure the connector with IP to eliminate DNS problems

And maybe with password to secure it

This days the main problem is not to get blaclisted

Well atm that is only a problem with the Microsoft filter.

When i send an email to a Outlook/Hotmail/Live address it get flagged as SPAM.

Even with the use of SPF/DKIM.

So i imagine Sophos will not make it worse for me right?

In SFP records should be the sophos IP now

As authorized sender for the client  domain.

In SFP records should be the sophos IP now

As authorized sender for the client  domain.

Yes all my static IP's are in the SPF record.

Be patient. Wait 2 hours for dns to be updated

IP's have been in SPF for weeks

What i meant was, Sophos cannot make it worse. The problem was already there before i start using Sophos. I have tried everything, sending through MX, smarthost ISP, Sendgrid Smarthost, SpamExperts Smarthost. I even bought different IP addresses and then use a GRE tunnel.

After a few emails Microsoft SmartScreen Filter flags the emails as SPAM.

Always with:

X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2

I have emailed MS at https://support.microsoft...&ccsid=636338228758026326

Then i get a standard answer that the SmartScreen Filter is blocking my emails and they don't know why.

I am not blacklisted, it is the darn SmartScreen Filter and no one seems to be able to tell me how to fix this (except using Office365, i like having my one server). I have also tried SPF/DMARC/DKIM/rDNS/TTL 3600, i have followed all the "rules" for AFAIK.

I agree, Nick, the UTM's SMTP Proxy can't make it any worse.  It would be interesting to see if having it spam-check outbound emails turns up any false positives.

Cheers - Bob