Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 996 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Are Authenticated SMTP Notifications still broken in Sophos Firewall?

BrucekConvergent

I know this was an issue many years ago -- now I've run across a customer that we want to set this up for (they got bought out, and the parent company migrated all their email to O365, and the folks I deal with have no access to the admin controls in O365) -- and no matter what I do, I cannot send firewall notifications out via a configured O365 relay (they require authentication).  I do have other customers that I do manage, and in those cases we helped them setup relays (by static IP) that did not require authentication, and that works.

I suspect that (somehow, it's been a very long time) that Sophos has not fixed this issue yet (if you use authentication, you have to have TLS/StartTLS enabled with O365) with Sophos Firewall.  IIRC, it had to do with them using MD5 which Microsoft rejects. I will be starting a support case on this, but checking here first to see if any of you have had a different experience recently.



This thread was automatically locked due to age.
Parents
  • 0

    See if this Microsoft KB help:

    aka.ms/smtp_auth_disabled

    1. Open the Microsoft 365 admin center and go to Users > Active users.

    2. Select the user, and in the flyout that appears, click Mail.

    3. In the Email apps section, click Manage email apps.

    4. Verify the Authenticated SMTP setting: unchecked = disabled, checked = enabled.

    5. When you're finished, click Save changes.

    Inspired by authentication errors seen in /log/smtpd_main.log

    Steven.

  • 0 in reply to StevenSultana

    I'll have to try this out.  Crazy that the relay works just fine with Authentication on the UTM, but not XG.  It's not secure to utilize Port 25 to send directly to your MX record.

  • 0 in reply to Breakingcustom

    Why is it not secure? 

    SMTP auth is not anyway more secure compared to the basic MTA approach. 

    Assuming the option above in Microsoft 365 means only to activate SMTP auth, but not SMTP auth Plain, which SFOS needs to send the Email. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to Breakingcustom

    Why is it not secure? 

    SMTP auth is not anyway more secure compared to the basic MTA approach. 

    Assuming the option above in Microsoft 365 means only to activate SMTP auth, but not SMTP auth Plain, which SFOS needs to send the Email. 

    __________________________________________________________________________________________________________________

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?