Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 26 subscribers
  • Views 9382 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authenticated relay

Mathias Mühlbacher

Hello everyone,

 

I moved from UTM to XG with the newest firmware (17.0.5) - so far I have created the same email settings as I had on my UTM:

Intercepting incoming emails and scan them for spam/virus.

Relay settings are also equal to my UTM:

 

host based relay: my email server

upstream host: any

user authenticate relay: my email user group.

 

Unfortunately the user based authentication is not working as expected.

Only emails to my own host name are allowed - if they need to send an email to anyone else they will receive a "relay access denied" error.

 

Does anyone have an idea how I need to configure XG to allow authenticated relays?

 

 



This thread was automatically locked due to age.
  • 0

    Mathias,

    Please share screenshot of what you have configured. Make sure you Sto arrivando! Using v17 mr5.

    Thanks

  • 0 in reply to lferrara

    Ciao Luk,

     

    thanks for your reply - please find the screenshot of my current settings below.

    At the end I have tried everything and also allowed any user on my network - then only thing which worked so far would be acting as an open relay...

     

    Kind regards, Mathias

     

  • 0 in reply to Mathias Mühlbacher

    Mathias,

    can you explain the error? When you users send to your domains, it works, while if your internal users send email to external domains, it does not work?

    Share also the error screenshot.

    Thanks

  • 0 in reply to lferrara

    Hi Luk,

     

    everything internal (LAN,DMZ, WLAN,...) works fine - they are getting to my email server which sends the outgoing emails to Sophos XG and then to a Smarthost.

    This works perfect!

     

    But I have some remote users who are not permanent logged in via a VPN connection.

    Those users should also be allowed to use Sophos as a relay (worked fine with UTM).

     

    Screenshots from Thunderbird:

     

     

    The debug log says:

    (secondDomain = external domain)

    DBG   Feb 25 17:51:01 [0xc0000006]: smtp_handle_commands: called
    DBG   Feb 25 17:51:01 [T___WORKER]: Calling SSL_read().
    DBG   Feb 25 17:51:01 [T___WORKER]: SSL_read(): '48' bytes read
    DBG   Feb 25 17:51:01 [0xc0000006]: client read returned 48 bytes
    DBG   Feb 25 17:51:01 [0xc0000006]: request: 'RCPT TO:<mathias.muehlbacher@secondDomain.com>' len: 48
    INF   Feb 25 17:51:01 [0xc0000006]: Request: 'RCPT TO:<mathias.muehlbacher@secondDomain.com>'
    DBG   Feb 25 17:51:01 [0xc0000006]: add_recipient: reallocating to 8
    DBG   Feb 25 17:51:01 [0xc0000006]: add_recipient: RCPT COUNT = 0
    INF   Feb 25 17:51:01 [T___WORKER]: Profile is not configured for 'mathias.muehlbacher@secondDomain.com'
    DBG   Feb 25 17:51:01 [0xc0000006]: Outbound Email
    DBG   Feb 25 17:51:01 [T___WORKER]: match_ip: l>r Ret 1
    DBG   Feb 25 17:51:01 [T___WORKER]: match_ip: l<r Ret -1
    MSG   Feb 25 17:51:01 [0xc0000006]: Checking Auth Relay for ss->userid '0'
    MSG   Feb 25 17:51:01 [0xc0000006]: Checking Auth Relay for ss->grpid '0'
    ADMIN Feb 25 17:51:01 [0xc0000006]: Response: 550 Relay access denied

     

     

     

    If my remote user sends an email to my primary email address with my domain it works without any problems.

     

    kr, Mathias

  • 0 in reply to Mathias Mühlbacher

    Strange!

    Can you try to use a local XG user?

    Also please share error log.

    Thanks