Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 1614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP - need to bypass relay for 1 server

Shaun Raven

Morning All,

My current UTM setup uses the smtp proxy to forward all incoming mail to an internal server, and all external destined mail to our upstream host.  This is fine, and I want to leave this alone.

However, I have a requirement to open port 25 for one IP address on my UTM, which needs to forward to one internal server.  Can this be done without affecting the SMTP proxy?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Shaun Raven

    I never recommend SMTP Transparent except for debugging purposes, Shaun.  See Basic Exchange setup with SMTP Proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sorry Bob - think I'm losing the plot here... Slight smile

    I'm confused as to your reference in Rulez #2 when you mention the SMTP transparent proxy...

    "then Proxies (except the SMTP Proxy in Transparent mode which captures traffic forwarded by a DNAT)"

    Do you mean that when the UTM SMTP proxy in is global mode, is uses the said DNAT rule?

    Sorry if I'm being a bit of a dunce here :)

  • 0 in reply to Shaun Raven

    DNATs always take precedence.  Unlike all other proxies in UTM, when the SMTP Proxy is in Transparent mode, it captures SMTP trafic after the DNAT has worked.  If it's not in Transparent mode, the DNAT routes traffic past the SMTP Proxy.  I have now clarified that in Rulz #2 - thanks for the hint!

    Cheers  Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob,

    So one last clarification - does "SMTP proxy transparent mode" = "simple mode" in the UTM->SMTP->Global tab?

    In advanced settings, there is a section that says "skip transparent mode hosts/nets" - ifI enter the IP of the interface I want to bypass here, and put the suggested DNAT rule in place, would that work?

  • 0 in reply to Shaun Raven

    Ah, I was confused by your usage of the term "simple" above, Shaun.  In fact, "Simple" means that no SMTP Profiles are to be used, just the "default"one configured in 'Email Protection >> SMTP'.

    Transparent mode is configured on the 'Advanced' tab of 'SMTP' and I don't recommend activating it.  In every case, a DNAT is effective.  If SMTP transparent mode is enabled and there is no "transparent skip" entry for the sending IP, the transparent mode will indeed "hijack" the traffic after it has been DNAT'd.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    have a look at the "Email Protection/SMTP/Global"-Tab, it's really called "Simple Mode" there. :-)

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML