Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS107 inbound SMTP from Barracuda problem

PeteH

I have an odd problem with a new XGS107 we have just installed where the customer isn't receiving any inbound email.  Outbound and internal is fine.

The setup is as below. Its an on prem exchange server.   We don't use any email filtering on the Sophos so the email section on the firewall is default.

We setup the DNAT SMTP rule as we have with our other Sophos FWs for other customers and they work no problem but on this one the source address is being changed by the Sophos to its internal IP of 192.168.200.253.   This means the exchange server is rejecting it as it is locked down to accept from the Barracuda address only.

DNAT rule is this

The firewall rule and the DNAT rule are getting hit.   

I am assuming we have missed a config off somewhere?



This thread was automatically locked due to age.
  • 0

    You didn't activate the mail-security within Sophos firewall-rule?
    Otherwise the sophos is the sender, and you have to adjust the exchange server.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    No we dont have an email filter licence for this one so nothing email wise has been turned on in the Sophos.

    We have 3 others the same and they all work exactly as we expect where the source IP is barracuda and not the Sophos.  

    This is why the server team is refusing to change the exchange server which I cant argue. 

  • 0 in reply to PeteH

    "The firewall rule and the DNAT rule are getting hit"

    ... and you see the correct number of this NAT-Rule within log-viewer?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Yes please see below   ( I have removed the public ip)

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?