Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 805 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall and NAT Policies for Internal Mail Server

Deva Giri

Hi,

In our network infra we have 2 ISP configured on 2 interfaces of XG-210.

Our Web Server and Mail Server is hosted in LAN Zone and the mail server is natted with WAN 2 IP address.

The websites works fine but we are unable to sned or receive any mail The firewall is configured in legacy mode.

The firmware version is SFOS 18.5.1 MR-1-Build326.

Couldnot trace out where the thngs go wrong.

Can any one  help out !!!!

Thanks and Regards



This thread was automatically locked due to age.
  • 0

    Hi , Thank you for reaching out to the Sophos community team. What is the observation if you remove scanning on a temporary basis on the DNAT rule of mail traffic to confirm the email sending and receiving? Without scanning email communication working fine? 

    If without scanning also email sending and receiving are not working, you may capture the TCPDUMP and Drop packet on the mail server services port number. If needed you may collect PCAP files as well.

    The above observations will help you to narrow down the situation, like 3-way handshake happening or not, which IP has been taken in Out packet, If drop packet there no firewall for mail traffic service then which module is dropping traffic, etc.

  • 0 in reply to Vishal_R

    Hi,

    Thanks for the response.

    No scanning is enabled.

    No Success.

    Sophos Tech support also checked, it was observed that mails from outside reaching the gateway but gateway (SFW) not allowing it to the Internal mail server.

    And when any mail is initiated from lan it reaches the Gateway but Firewall does not deliver it to the destination.

    It was suggested to by pass the Frewall (i.e, directly configuring the Public IP on server itself). Not possible in the production environment.

    Thanks and Regards..

  • 0 in reply to Deva Giri

    Hello Deva,

    Thank you for contacting the Sophos Community.

    Could you please share your Case ID to see what has been done?

    What do you see in the logs now that you changed to MTA mode? (/log/smtpd.log)

    Do you have a valid Email License and did you enable SMTP relay for the LAN and WAN zone?

    Do you have any SDWAN rule?

    Regards,

  • 0 in reply to emmosophos

    Hi

    The SR number is 04519247.

    Thanks and Regards

  • 0 in reply to Deva Giri

    Hello Deva,

    Thank you for the Case ID.

    I see that Support found  the following:

    We checked Pcap file on port 25,465 and 587 and found that communication was happening between local and remote email server and at the end “Encryption alert” was sent from local email server and then communication was getting stopped.
    We checked similar behavior for many inbound mail requests.
    As we discussed, kindly check by connecting PPPoE ISP line of XG’s Port4 directly to upstream router and verify inbound/outbound email communication so it could be verified that from ISP end is there any issue or not.

    I don't see any further update on the ticket after the changed Support recommended, please update the ticket if you have already made the changes.

    Regards,

  • 0 in reply to emmosophos

    Hi,

    I have checked both with MTA mode and legacy mode but nothing worked.

    We had tried with PfSense Firewall, everything runs smoothly.

    We believe there is some bug with Sophos.

    Please suggest..

    Thanks and Regards

  • 0 in reply to Deva Giri

    Hello Deva,

    I would recommend you to update your ticket first with this information and provide a PCAP that shows the same that the mails are delivered with no issue.

    Regards,