I use a Smart host for Email, Does Sophos XG support this yet?? if not is there an ETA? This is whats holding up some of my upgrades from UTM.
Thanks
This thread was automatically locked due to age.
Yes John.
Here the documentation link:
"Host based relay" should be changed by Sophos to "Smart Host"
Regards
Hmm. I seem to be having quite a bit of trouble getting this working. I have MTA mode enabled. From what I understand, I should set the external e-mail server under Relay Settings, Upstream Host - would that be correct? My ISP provides SMTP functionality through "smtp.<isp>.com", port 25 (without authentication), so I looked up the IP address and added that under Upstream Host, but it doesn't seem to work. It did work just fine with UTM 9, and also works when I select Administration - Notification - External Email Server (using the FQDN), but I can't seem to get it working to function as a relay for other devices to send outbound e-mail notifications through Sophos.
I will apologize in advance as I'm pretty sure I'm missing something rather obvious, but for the life of me I can't quite figure it out. Any thoughts or suggestions would be most appreciated.
I tried to get this working during the beta but it never worked for me. My ISP requires TLS authentication on port 587. From the whats coming thread, I think they will add this to v17 after the beta in May/June this year. From the thread https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/86384/xg-v17-what-s-coming-next one of the features is
Thanks for the information Billybob. That being said, I got the impression from the earlier comments on this thread, as well as a couple of others, that the functionality was already in v16. So I just assumed I was doing something wrong in attempting to implement it. Do you mean to say the functionality is not yet included and those other comments are in fact incorrect? Do let me know - while it would be rather disappointing news, it would also come as a bit of relief, insofar as it would mean that I'm not missing something obvious.
Billybob said:I tried to get this working during the beta but it never worked for me. My ISP requires TLS authentication on port 587. From the whats coming thread, I think they will add this to v17 after the beta in May/June this year. From the thread https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/86384/xg-v17-what-s-coming-next one of the features is
- Email - UX Improvements, Spam improvements, Outbound relay
I did notice the success or atleast the correct answer indication in a few threads, however lets break down what the manual and decide
XG will only accept connections from the hosts defined here. You will usually put your exchange server etc here.
Block certain hosts from relaying. For example you can put your whole LAN here and then allow relay from only a few computers on the allow relay from hosts.
Allow incoming mail from these hosts/networks only. Useful in situations where you have an upstream spam filter or another MTA, you want to accept everything that they send and deny all other connections.
That will block incoming connections from certain hosts... eg. spamming host but usually spam can be controlled a lot more effectively by other means.
Allow certain authenticated users to use XG as a relay.
Smarthost is nothing special in most MTAs and from what I can see from the manual, XG doesn't have smarthost functionality. I will be the first to admit that the circular logic in the GUI gives me vertigo. I have stopped using XG and have reverted back to UTM9. I will give it another shot during v17 beta. For now, I cannot work without logging which severely restricts any kind of troubleshooting.
For what it may be worth for others who had a bit of trouble setting this up, I managed to figure our how to get the relay function working. It turns out that it was rather straightforward.
In UTM9, I had set devices to send e-mail to the UTM IP address. UTM then forwarded the e-mail on to my ISP's SMTP server. When I did that in XG, as far as I can tell what ended up happening is that XG would then attempt to forward to itself, resulting of course in non-delivery. Setting the ISP SMTP server on the device sending the e-mail fixed things. As far as I can tell, XG would intercept the e-mail, scan it, then send it on its merry way to the ISP's SMTP server.
The upstream server can be left as <Any> and XG will just send to the server designated on the device.
Just mentioning in case anyone else was experiencing the same issue.
dma0 said:Setting the ISP SMTP server on the device sending the e-mail fixed things. As far as I can tell, XG would intercept the e-mail, scan it, then send it on its merry way to the ISP's SMTP server.
Any updates on this? I'm running SFOS 16.05.7 MR-7 and I cannot find any smarthost setup there. If you're statement is working, please share more details, I cannot see why the XG should scan it, if its not setup as a proxy, but a MTA. Outbound security scanning of emails will not work than.
Sorry not sure I fully understand your question. I have no updates as I've been able to get e-mail transmitted through XG from devices on my LAN. If it's of assistance following are the settings I used:
Bizcocho said:Any updates on this? I'm running SFOS 16.05.7 MR-7 and I cannot find any smarthost setup there. If you're statement is working, please share more details, I cannot see why the XG should scan it, if its not setup as a proxy, but a MTA. Outbound security scanning of emails will not work than.
