Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 9513 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MTA mode Configuration in XG135

Edtrick Lam

As we followed Sophos document to config MTA mode,

- Same domain transfer is ok.

- Email send from LAN to WAN  is ok

- can't receive any inbound email from other domain (sender received email: 550 Relay access denied)

Our Email server is under in LAN. I have confused in MTA/policy/relay/firewall config. 

For the configuration :-

1. In Sophos MTA Documents, if we didn't upload mail server cert to configure SMTP TLS Cert. 

- will it affect for inbound email from other domain   ??

2. In Protect > Email > Policies, Domain and routing target ,Route by static host , and then [Host list] , 

- that host list should put internal IP ?? Correct??

3. In Protect > Firewall , it auto added rule [Auto added firewall policy for MTA]

4. Please advise whether I need to put on top of firewall list (heading all other email services in/out rule)??

5. In [Auto added firewall policy for MTA], Advanced > Routing ,

- Selected Rewrite source address (Masquerading), Use outbound address (our mail server WAN IP) <---correct??

6. In this rule, it allow source (any) --> Dest (any) , smtp / smtps.

- That means I don't need to created other SMTP in/out from LAN-WAN, WAN-LAN??

7. In this rule, it allow any to any, is it too wide range?? for security , any suggestion??

 

Await yours,

 

  

 

   



This thread was automatically locked due to age.
Parents
  • 0

    Edtrick,

    too many questions per thread. So let's try to answer all of them:

    1. XG will both operates using SMTP and SMTPS (first). If you do not upload an internal CA, XG will use its default CA
    2. Correct. Here put the hosts to which XG will deliver your emails to (internally)
    3. The rule is used by XG to permit SMTP traffic
    4. Put the rule on top
    5. Here the WAN ip registered as MX public records
    6. Correct!
    7. The XG will use its upstream and allow relay from as described here: https://community.sophos.com/kb/en-us/125596

    Regards

  • 0 in reply to lferrara

    Finally I fixed inbound email relay denied. I need to add XG135 LAN IP to relay host too.

    But Another issue, I cannot get any incoming log from Protection>Email>Mail logs.

    In Mail logs, it only show email which is sent from local to outside. How about email from outside to inside??

    Do XG135 scan incoming email?? Herewith our setting. Anything I do it wrong??

     

Reply
  • 0 in reply to lferrara

    Finally I fixed inbound email relay denied. I need to add XG135 LAN IP to relay host too.

    But Another issue, I cannot get any incoming log from Protection>Email>Mail logs.

    In Mail logs, it only show email which is sent from local to outside. How about email from outside to inside??

    Do XG135 scan incoming email?? Herewith our setting. Anything I do it wrong??

     

Children
No Data