Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 9 subscribers
  • Views 2362 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Email with Exchange

Luigi Simonetti

Until a few days ago I had the "Sophos Email Appliance" with spam rule as a spam protection that directed SMTP traffic to this "Sophos Email Appliance".

I use Microsoft Exchange as a mail server.
Now I switched to "Sophos Central" and configured it like this:

EMAIL DOMAIN: mydomain.it
DIRECTION: Inbound and Outbound
INBOUND DESTINATION: Mail Host (posta.miodominio.it) port 25
OUTBOUND DESTINATION: Custom Gateway (2.119.x.y/28)

I added among my DNS:
TXT SOPHOS record for domain verification
A Record: posta.miodominio.it 2.119.x.y
the two MX records: mx-01-eu-central-1.prod.hydra.sophos.com and mx-02-eu-central-1.prod.hydra.sophos.com

I added the Send connector on my Microsoft Exchange:
relay-eu-central-1.prod.hydra.sophos.com

I added the SOPHOS Firewall rule to redirect SMTP traffic from 2.119.x.y to my Microsoft EXCHANGE (192.168.1.42) while previously the rule directed SMTP traffic from 2.119.x.y to "Sophos Email Appliance" (192.168.1.25).

IT WORKS.

But I ask: when I had the "Sophos Email Appliance" by running a telnet on posta.miodominio.it 25 the "Sophos Email Appliance" replied directly to me while now having had to set the firewall rule for my Microsoft Exchange, Exchange answers me! Is this right? Am I wrong if I would like to set the rule to respond to SOPHOS CENTRAL instead of Exchange? And how could I do it?

Furthermore SOPHOS recommends to restrict the connection to my mail host to the following addresses: 52.58.166.242, 52.29.100.147; how?

Further comments are welcome.

Thanks for the attention.
Greetings.

 

Luigi



This thread was automatically locked due to age.
Parents
  • 0

    You should use external services to verify your setup.

    A telnet based on DNS could actually be redirected by your firewall to your Exchange.

     

    Is it a UTM or XG Firewall? Because on both products you should build a DNAT from both IPs (52.) to your Exchange. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you for reply.

     

    >>You should use external services to verify your setup.
    >>A telnet based on DNS could actually be redirected by your firewall to your Exchange.

    I use MXTOOLBOX:

    Connecting to 2.119.x.y
    220 Exchange.miodominio.local Microsoft ESMTP MAIL Service ready at Sun, 12 Jul 2020 21:51:34 +0200 [675 ms]
    EHLO keeper-us-east-1c.mxtoolbox.com
    250-Exchange.miodominio.local Hello [18.205.72.90]
    250-SIZE
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-AUTH NTLM LOGIN
    250-8BITMIME
    250 XXXXXXXX [730 ms]
    MAIL FROM:<supertool@mxtoolbox.com>
    250 2.1.0 Sender OK [727 ms]
    RCPT TO:<test@mxtoolboxsmtpdiag.com>
    550 5.7.1 Unable to relay [5732 ms]

    LookupServer 9162ms

     


    >>Is it a UTM or XG Firewall? Because on both products you should build a DNAT from both IPs (52.) to your Exchange.

    SOPHOS SG310 (SFOS 17.5.12 MR-12...)
    Sure, there is DNAT, and I tried to configure with the two 52... addresses but mxtoolbox obviously cannot connect anymore as nobody will succeed because only the 52... will be able to do it. If SOPHOS has written this, it means that it expects me to configure that "Sophos Central" will respond and not my Exchange. I interpret it like this.
    The current configuration I made works but is not optimal.

  • 0 in reply to Luigi Simonetti

    Looks like your Email Mailflow is not correct.

    As MXToolbox connects to your XG, it indicates, your MX record does not point to Central Email. 

    It should point to Central Email Only. 

    Then all emails should be forwarded to XG and XG should only forward the 52. to your Exchange.

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    MX records, they would seem correct:

    at this point the problem may be the DNS record "posta.miodominio.it 2.11.9.x.y"?

    thank you for your interest.


Reply Children
No Data
Unfiltered HTML