Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Subscribers 30 subscribers
  • Views 2712 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Will authenticated relay as everybody in the world uses it (RFC4954) be Implemented on SFOSv18.

Peter Geremia

I was waiting and waiting for v18 and it came out and I see no reference to RFC4945 support for smtp auth relay.

Is this coming in a point release?  Will this ever be there?  It is such a pain to have to pass through users directly to my mail server rather than having Firewall XG protect.

Does anyone have an answer?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Please navigate to Email >> MTA Mode >> Relay Settings

    Authenticated relay settings

    Enable authenticated relay:
     Select to require authentication of users and groups to use XG Firewall as a mail relay.

    Users and groups:
     Specify the users and groups who require authentication.
  • 0 in reply to Keyur

    Hello Keyur,

    could you please confirm that is it possible to use users and user groups authorized externally via Microsoft Active Directory for authenticated users? Because this feature was possible ONLY for users authorized through STAS.

    Regards

    alda

  • 0 in reply to alda

    Hi  

    Sure, I will confirm and update this thread further.

  • 0 in reply to Keyur

    Hi.

    Any info on this? Seems like RFC4954 authentication is not working on SFOSv18.

  • 0 in reply to Alfredo

     

    It is not and i am (personally speaking) not a fan of such setups.

    That will get messy (at best). 

    You are actively bypassing a mail server and only using a MTA for your Mail communication. That is kinda bad practice from my point of view.

    I would rather recommend to send the mail to your mail server and let the mail server decide what to do with this mail. And having only one relay (host based) to the MTA is better than having X different upstreams sending without filter anything through your gateway. 

     

     

    XG will use live users for authenticated Relay, which is as bad as RFC4954 from my point of view. 

    It is like having a printer sending directly through your MTA to the world. The printer has one bad settings and ruining your Mail reputation. A Mail server would actually prevent from such stuff happening. 

     

  • 0 in reply to LuCar Toni

    Hello LuCar,

    I'm afraid you somewhat misunderstood the purpose of authenticated relay.
    So in one sentence - allow external users to send an e-mail via SMTP proxy after authorization, as if they were on the internal network like other (internal) users. I don't think that's too complicated to understand.
    Yes, we can discuss how secure this feature is in terms of dictionary attacks and password strength, but that's a slightly different story, isn't it?
    It is surprising that authorization against STAS is supported, but not an authorization to the local database or to MS Active Directory or LDAP.
    I will probably never understand the thinking of Sophos developers.

    Regards

    alda

  • 0 in reply to alda

    I think the point of this feature is to PROTECT your mail server from the Internet right?  XG can be the 1st line of defense for users that ARE NOT authorized to connect authenticated to send mail via the mail server.

     

    I know I read from Sophos that RFC4954 support was to be included in v18.  But so far I dont think it is there.

     

    We want to know when it will be included in the v18 release.  I am not upgrading until it is there.

     

    Can someone from Sophos please answer this?  

     

    Thank You,

     

    Pete

Reply
  • 0 in reply to alda

    I think the point of this feature is to PROTECT your mail server from the Internet right?  XG can be the 1st line of defense for users that ARE NOT authorized to connect authenticated to send mail via the mail server.

     

    I know I read from Sophos that RFC4954 support was to be included in v18.  But so far I dont think it is there.

     

    We want to know when it will be included in the v18 release.  I am not upgrading until it is there.

     

    Can someone from Sophos please answer this?  

     

    Thank You,

     

    Pete

Children
No Data