Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 38 subscribers
  • Views 1501 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS XG V18 incoming SMTP on a different ports

ffaucher

Hello,

 

I really need help. I spend around 10 hours without success on making incoming email works under Sophos XG V18 mr-4.

I’m using Sophos UTM for many years now at home, and I’m trying to move over XG V18 mr-4.

My ISP is blocking incoming port 25, so since many years I’m using an external SMTP service that reroute my email to another TCP Port 10025.

In UTM, I do DNAT port 10025 to 25 on my wan interface and it’s working properly.

Unfortunately, I’m not able to make it works in XG V18 mr-4. I try many things without success.

My goal is to make my XG V18 received incomming email on port 10025 , then translate over the Email " proxy " who will at the end relay over my internal Exchange 2013 server.

Can someone give me all the details that I need to accomplish to make it work. It will be very appreciated.

Thanks

Francois Faucher



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    We've moved this thread to the XG Firewall group from the UTM Firewall Community group as it’s better suited here. 

    Are you trying to use email protection on your XG firewall or want DNAT SMTP traffic from custom port to port 25 onto your internal mail server? 

    If you configured XG as an email proxy, you would have to change the default SMTP port from the console by following the below command: 

    set service-param SMTP add port 10025

    You would also need to change the default SMTP/SMTPS rule depending on your SMTP deployment type and configure PAT.

    Thanks,

  • 0 in reply to FormerMember

    Thanks for you reply.

    I moved back over UTM 9.7. But I will retry later on.

    I'm trying to configure XG as an email proxy ( like I'm doing in UTM 9.7 on a different port ) 

    ( Basically, incoming on port 10025, then translate into port 25 , email proxy, then send the email into my internal mail server on port 25 )

    Here is my config on UTM

    Last time , I found that information ( set service-param SMTP add port 10025 ) on the forum , but it did not worked. ( I also restarted the service, and still not working ). I guess I did not configure the Firewall , the NAT rules and the email server correctly. I really try many different config without success.

    If you could give me more information the Firewall Rules and on the Nat rules ( Base on my UTM 9.7 config ) that I need to create on the XG it will  be appreciated.

    Thanks for your support. Great product. 

  • 0 in reply to ffaucher

    So you loop back via DNAT to XG back? Assuming this will not work, because of the work flow of XG. 

    You basically changing the Traffic flow of Email from Port 10025 to 25 and give this to the Proxy. 

    Never done this on XG, but assuming how the traffic flow works, i guess this is not possible to redirect on a loop back. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So, If I understand correctly, I should delete any DNAT rules related to email service, and just do this : set service-param SMTP add port 10025 

    I do not mind changing the way to do it ( in comparation to UTM 9.7 ).

    My goal is just to make incoming email working ( on a different ports because my ISP is blocking port 25  ).

    If XG V18 support incoming email on a different ports ( by using the email proxy ) , then I would appreciate the instruction on how to do it.

    Thanks again.

  • FormerMember
    0 FormerMember in reply to ffaucher

    Hi ,

    Once you change the custom port for the service-param, this custom port will be used all the way through. This means your mail server needs to be configured to use the custom port for inbound emails. 

    If you configure DNAT/PAT rule, it’ll bypass the email proxy; there's no other way to have an email proxy accepts email on custom ports and change the port back to 25 before making a connection with your internal mail server. 

    Thanks,

  • +1 in reply to FormerMember

    Thanks for that information !! I will try it within the next couples days and I will update with my results !

    Thanks again for your support

    Have a nice day

Unfiltered HTML