On my XG18 (with default config) I can send emails from LAN to Sophos MTA only on port 25.
How can I setup XG18 to receiver emails over TLS/SSL on port 465 or 587?
The Sophos MTA seems only listening on port 25.
Thanks a lot.
Hi FelixSteinbeis You may add below command for port 587.console> set service-param SMTP add port 587MTA support on port 465 has been identified as a feature request. You may raise a feature request or thread on our idea portal (https://ideas.sophos.com/)
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.
Thanks for your quick reply.
Unfortunately, It doesn't work. I can not connect to MTA on port 587, regardless with SMTP or SMTP-SSL.
Any further ideas?
console> show service-param Service Ports ------- ----- SMTPS 587 ------------------------------------ Other Configurations: HTTPS invalid-certificate: block HTTPS deny_unknown_protocol: off SMTPS invalid-certificate: allow MTA mta mode: on MTA auth relay: on SMTP notification-port: 25 SMTP strict-protocol-check: off SMTP Failure notification: on ------------------------------------
Hi FelixSteinbeis In the command there is minor correction or update. Please revert the previous applied command with this one: console> set service-param SMTPS del port 587Please use this one : console> set service-param SMTP add port 587Also ensure auto MTA rule has SMTPS service with port 587 added in the rule.
I have deleted SMTPS port 587 and added SMTP port 587. The rules are like in your screenshot.
Now I can connect to port 587, BUT only with SMTP or SMTP STARTTLS.
What I want is connect SMTP directly with TLS/SSL.
Any other possibility/settings?
Thanks a lot.Felix
Hi FelixSteinbeis By default MTA listens on Port 25 (for plain & STARTTLS ) .As you add port 587 via CLI command it started listening on 587 as well for STARTTLS.Port 465 (direct TLS ) not supported in MTA mode.
Thanks for your answer.
Then it's seems as works as designed.
Is Port 465 with direct TLS coming soon?
In this KB article from 20 Feb 2020 community.sophos.com/.../123118 I find the following information:
"Sophos XG Firewall inspects all SMTPS traffic over these standard ports by default:
Port 25/587 for STARTTLS ESMTP extensionPort 465 for SSL/TLS on SMTP"
So I thought, thats currently working.
Hi FelixSteinbeis The KBA which you referring is related XG deployment in "Transparent Proxy". So will submit the request KB team to add details in that KBA with XG mail proxy or service deployment mode to avoid confusion.In MTA currently supported/listening port details is as per my last comment.