This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange Server 2013 & XG Firewall (Home Edition)

I am using XG Firewall 17.5.8 MR-8.

I've installed it on a dedicated PC with 2 NIC and everything working fine.

Here is a basic logic on of the flow:

Internet => ISP Modem (bridge mode) => Sophos XG Firewall => LAN

I've built a lab with AD, FS and Exchange Server 2013 (mailbox and CAS role). The new AD forest and Exchange works fine. Emails between users internally on Exchange is fine. Email from external (gmail, yahoo, hotmail) comes in to the server no problem.

The problem that I have is that, outbound from Exchange server to Internet is not working. The send connector on the Exchange is correct. Not using smarthost cause I do not want to rely on 3rd party relay hosts, and I want to send email out directly to the Internet. External DNS and MX records are correct as I am getting external emails to the exchange server, just not the other way round. Sophos in MTA is not sending out.

I've tweaked the Sophos XG Firewall setting based on the following links here and they do not work.

https://community.sophos.com/products/xg-firewall/f/initial-setup/100963/smtp-email-outbound-not-working

https://community.sophos.com/kb/en-us/125596

I've tried Legacy and MTA mode and outbound email from Exchange Server (sitting on the LAN) will not work.

Any advice and tips?

This thread was automatically locked due to age.

Parents

0 Jaydeep over 5 years ago

Hi Kingsley Mok

What port your outbound connector is configured on? If you want XG to forward all your Emails, then you can configure MTA mode. But looking at your description, it looks like you want your exchange server to directly send out emails. Further, please share any SMTP logs from XG which would indicate failure to deliver Emails, this might help identify the issue.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Jaydeep over 5 years ago

Hi Kingsley Mok

What port your outbound connector is configured on? If you want XG to forward all your Emails, then you can configure MTA mode. But looking at your description, it looks like you want your exchange server to directly send out emails. Further, please share any SMTP logs from XG which would indicate failure to deliver Emails, this might help identify the issue.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Kingsley Mok over 5 years ago in reply to Jaydeep

Hi Jay,

Which "outbound connector" are you referring to? Exchange Server's Send connector? By default, it uses port 25. I've followed the Sophos KB relating to my problem, and none fixed the issue. The problem appears to be at the Sophos level.

In Sophos XG Firewall, I've gone into the Log Viewer > Email > Mail spool. All the emails processed from the Exchange Server are showing as QUEUE. When the mail item does fail in Mail Spool, clicking on it does not do anything. Clicking on the Subject brings up the original email. I look in the header email and see some Sophos headers appended to the message headers. But NOTHING tells why it failed. NOTHING.

In Sophos XG Firewall > Protect > EMAIL (Legacy) Mode > SMTP Quarantine, and nothing. FW Rules are made to allow exchange server to flow out to Internet for SMTP services.

Under MTA Mode, the emails from the exchange server are stuck in Sophos > Protect > EMAIL (MTA Mode) > Mail Spool. Sits there as QUEUED and never sends it out. Relay settings were already defined with the Exchange servers.

I've even tried changing the send connector on the Exchange to use Sophos as the smarthost. same problem.

In summary, spent a week troubleshooting this problem with a number of resources. Incoming email from external is fine. Just outbound email does not work and sophos is the bottleneck. Tried FW rule. Tried Legacy mode. Tried Exchange Server Send Connector to use Sophos as the smarthost. NOTHING. Mail spool data was absolutely useless. does not tell you WHY it failed.
Cancel
Vote Up 0 Vote Down

Cancel