Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 2273 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound Smarthost Not Working?

dma0

I have Sophos XG configured to use a Smarthost for outbound e-mail. I use zoneedit.com as the external mail provider. Everything worked fine up to and including v. 17.1.4, but since then I've not been able to get it to work at all. All outbound e-mails get stuck in the mail spool They queue up just fine, but then eventually are marked as "Failed" in the mail spool, where they remain. Currently I'm trying out the most recently released 17.5.5 and it remains the same. 

In the GUI, nothing comes up in the e-mail log. I examined the smtpd_main.log and noticed quite a few of entries like this:

9565 == root@fava2.ma-family.ca R=smart_host_route T=smarthost_smtp defer (-53): retry time not reached for any host for 'fava2.ma-family.ca'
2019-04-25 15:29:30.920 [9565] 1hJihJ-0002Lt-JA == root@fava2.ma-family.ca R=smart_host_route T=smarthost_smtp defer (-53): retry time not reached for any host for 'fava2.ma-family.ca'

I also tried accessing the Sophos console and manually sending an e-mail using telnet and that worked (using port 2025, which is what I had configured smarthost to use as well). I was able to manually authenticate and send an e-mail.

I've tried adding the zoneedit smarthost and its corresponding IP address to skip TLS negotiation, but that didn't change anything - e-mails still remain "failed" in the spool.

I also tried changing the port from 2025 to 465. Again, no change.

Each time I revert back to 17.1.4, email works again.

I'm at a loss to figure out what else I can do to diagnose and/or fix this problem. If anyone has any suggestions, they would be most appreciated.



This thread was automatically locked due to age.
Parents
  • +1

    Can you take a look at the "whole" Mail Log? 

    There should be the reference of the mail. 

    1hJihJ-0002Lt-JA for example.

    Using grep, you could take a look at all those mails. 

  • +1 in reply to LuCar Toni

    Thank you for the super-quick reply. Your suggestion enabled me to find another error message I had previously missed (because these logs are huge). I noticed there was an authentication error. This was odd as I had not changed the password (either on the external mail service or on Sophos) from the time it worked. So just to be safe I tried resetting it, both on the mail service and on Sophos, being very, very careful to make sure it was exactly the same. Again, authentication error.

    I gave it some thought, and wondered if it was either the password length or characters that was causing the problem. I usually generate a 35 character password with a mix of numbers, letters and special characters. This had worked just fine previously, but maybe something had changed in newer versions that caused Sophos to choke on them.

    So I tried a shorter and simpler password and voila, problem solved. It was the password that was the problem. I don't know exactly what the problem with the other passwords was - whether it was length or special characters or something else, because when I entered them into the Sophos GUI there were no error messages or anything - I could just input them. Not sure if it's asking too much of the Sophos folks, but if they perhaps could implement validation in the password field to ensure that users like me who don't know any better won't enter passwords Sophos can't handle, that might save some users some headaches. Either that or even just a note below the field indicating proper password parameters (i.e. max length, no backslashes or whatever the rules are).

    Thanks again for pointing me in the right direction - very, very much appreciated.

Reply
  • +1 in reply to LuCar Toni

    Thank you for the super-quick reply. Your suggestion enabled me to find another error message I had previously missed (because these logs are huge). I noticed there was an authentication error. This was odd as I had not changed the password (either on the external mail service or on Sophos) from the time it worked. So just to be safe I tried resetting it, both on the mail service and on Sophos, being very, very careful to make sure it was exactly the same. Again, authentication error.

    I gave it some thought, and wondered if it was either the password length or characters that was causing the problem. I usually generate a 35 character password with a mix of numbers, letters and special characters. This had worked just fine previously, but maybe something had changed in newer versions that caused Sophos to choke on them.

    So I tried a shorter and simpler password and voila, problem solved. It was the password that was the problem. I don't know exactly what the problem with the other passwords was - whether it was length or special characters or something else, because when I entered them into the Sophos GUI there were no error messages or anything - I could just input them. Not sure if it's asking too much of the Sophos folks, but if they perhaps could implement validation in the password field to ensure that users like me who don't know any better won't enter passwords Sophos can't handle, that might save some users some headaches. Either that or even just a note below the field indicating proper password parameters (i.e. max length, no backslashes or whatever the rules are).

    Thanks again for pointing me in the right direction - very, very much appreciated.

Children
No Data