Hello there,
first of all, let me short introduce myself:
i am a sophos XG Home User since the weekend. I believe the Sophos XG is a fine solution for every home user. i even would pay for it, even for support.
i am using a simple micro-system with intel cpu and realtec nics, 8GB Ram 4 Cores. Proxmox is installed as base and a vm for sophos xg home 4 Cores, 6GB Ram.
Works like a charm. This Sophos XG is the first expirience in Sophos products, so i am not "familar" with sophos products.
My Goal is to enable mails from mailbox.org send via smtps, received via imaps
scanned by sophos at the end.
Until now, i am using the default Network and Web Policies.
I would like to use my mailbox.org Emails and let them scanned by sophos (imaps, pop3s, smtps). I have no Email-Server in my Home, just mails with fairmail app on my android which works fine.
At this point, no email sending and receiving is possible, which is an expected result.
So i created a Firewall-Rule for smtp(s) outgoing:
and another rule for imaps / pop3s :
With this two rules, i should be able to connect to my mailbox.org mailbox.
After that i have the following sophos E-Mail General Settings:
Work-Mode: MTA: i believe this should be Legacy, right? I tested with legacy mode and MTA Mode, both not successfull.
Settings:
and the rest of the settings:
until now, no success for imaps / smtps actions. Always certificate warning which says:
Trust anchor for certificateion path not found.
research on the net brings up this nice support-page for imaps smtps scanning:
i inserted the certificates. I am not sure, if the certificates i installed are the right ones, so i list them here:
|
|
DigiCert Global Root G2
|
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 |
which is this one:
-----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI 2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx 1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV 5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY 1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl MrY= -----END CERTIFICATE-----
I am not sure if this is the right one. anyway, assume, it is the right one, then, according to the docs:
Go down to POP and IMAP TLS configuration and specify the following:
| TLS certificate |
Select the mail server CA you uploaded. |
which is not possible, i only have these certs
the default one / ApplianceCert are shipped with the xg. MySecureFirewall is the one i created in my lab.
So my questions:
mta mode is wrong, right? i dont have an own mailserver.
do i need anything more to do on my android client, installing a certificate for example? i mean, i should be able to receive and send mails, even if they are not checked by the sophos.
was someone able to use mailbox.org together with the xg?
thanks for your help
This thread was automatically locked due to age.
