This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authenticated relay

Hello everyone,

I moved from UTM to XG with the newest firmware (17.0.5) - so far I have created the same email settings as I had on my UTM:

Intercepting incoming emails and scan them for spam/virus.

Relay settings are also equal to my UTM:

host based relay: my email server

upstream host: any

user authenticate relay: my email user group.

Unfortunately the user based authentication is not working as expected.

Only emails to my own host name are allowed - if they need to send an email to anyone else they will receive a "relay access denied" error.

Does anyone have an idea how I need to configure XG to allow authenticated relays?

This thread was automatically locked due to age.

Parents

0 lferrara over 7 years ago

Mathias,

Please share screenshot of what you have configured. Make sure you Sto arrivando! Using v17 mr5.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 Mathias Mühlbacher over 7 years ago in reply to lferrara

Ciao Luk,

thanks for your reply - please find the screenshot of my current settings below.

At the end I have tried everything and also allowed any user on my network - then only thing which worked so far would be acting as an open relay...

Kind regards, Mathias
Cancel
Vote Up 0 Vote Down

Cancel
0 Mathias Mühlbacher over 7 years ago in reply to Mathias Mühlbacher

and yes, I am using SFOS 17.0.5 MR-5
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 7 years ago in reply to Mathias Mühlbacher

Mathias,

can you explain the error? When you users send to your domains, it works, while if your internal users send email to external domains, it does not work?

Share also the error screenshot.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lferrara over 7 years ago in reply to Mathias Mühlbacher

Mathias,

can you explain the error? When you users send to your domains, it works, while if your internal users send email to external domains, it does not work?

Share also the error screenshot.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Mathias Mühlbacher over 7 years ago in reply to lferrara

Hi Luk,

everything internal (LAN,DMZ, WLAN,...) works fine - they are getting to my email server which sends the outgoing emails to Sophos XG and then to a Smarthost.

This works perfect!

But I have some remote users who are not permanent logged in via a VPN connection.

Those users should also be allowed to use Sophos as a relay (worked fine with UTM).

Screenshots from Thunderbird:

The debug log says:

(secondDomain = external domain)

DBG   Feb 25 17:51:01 [0xc0000006]: smtp_handle_commands: called
DBG   Feb 25 17:51:01 [T___WORKER]: Calling SSL_read().
DBG   Feb 25 17:51:01 [T___WORKER]: SSL_read(): '48' bytes read
DBG   Feb 25 17:51:01 [0xc0000006]: client read returned 48 bytes
DBG   Feb 25 17:51:01 [0xc0000006]: request: 'RCPT TO:<mathias.muehlbacher@secondDomain.com>' len: 48
INF   Feb 25 17:51:01 [0xc0000006]: Request: 'RCPT TO:<mathias.muehlbacher@secondDomain.com>'
DBG   Feb 25 17:51:01 [0xc0000006]: add_recipient: reallocating to 8
DBG   Feb 25 17:51:01 [0xc0000006]: add_recipient: RCPT COUNT = 0
INF   Feb 25 17:51:01 [T___WORKER]: Profile is not configured for 'mathias.muehlbacher@secondDomain.com'
DBG   Feb 25 17:51:01 [0xc0000006]: Outbound Email
DBG   Feb 25 17:51:01 [T___WORKER]: match_ip: l>r Ret 1
DBG   Feb 25 17:51:01 [T___WORKER]: match_ip: l<r Ret -1
MSG   Feb 25 17:51:01 [0xc0000006]: Checking Auth Relay for ss->userid '0'
MSG   Feb 25 17:51:01 [0xc0000006]: Checking Auth Relay for ss->grpid '0'
ADMIN Feb 25 17:51:01 [0xc0000006]: Response: 550 Relay access denied

If my remote user sends an email to my primary email address with my domain it works without any problems.

kr, Mathias
Cancel
Vote Up 0 Vote Down

Cancel