MTA to Smart Host, has this been implemented in XG yet?

MTA is back on Sophos XG v16. I advise you to test in a small environment before deploying it. MTA is from UTM but some features are still missing (DKIM, SPF for example).

Thanks

Yeah i know about MTA, I wanted to know if I can use an SMTP SmartHost yet?

Thanks

JK

Yes John.

Here the documentation link:

http://docs.sophos.com/nsg/sophos-firewall/v16011/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FHostBasedRelay.html%23

"Host based relay" should be changed by Sophos to "Smart Host"

Regards

lol thanks mate, cant believe been staring at that all this time. I searched forums a while ago and wasnt the only one with smart host issues. def needs to be renamed. JK

Hmm. I seem to be having quite a bit of trouble getting this working. I have MTA mode enabled. From what I understand, I should set the external e-mail server under Relay Settings, Upstream Host - would that be correct? My ISP provides SMTP functionality through "smtp.<isp>.com", port 25 (without authentication), so I looked up the IP address and added that under Upstream Host, but it doesn't seem to work. It did work just fine with UTM 9, and also works when I select Administration - Notification - External Email Server (using the FQDN), but I can't seem to get it working to function as a relay for other devices to send outbound e-mail notifications through Sophos. 

I will apologize in advance as I'm pretty sure I'm missing something rather obvious, but for the life of me I can't quite figure it out. Any thoughts or suggestions would be most appreciated.

I tried to get this working during the beta but it never worked for me. My ISP requires TLS authentication on port 587. From the whats coming thread, I think they will add this to v17 after the beta in May/June this year. From the thread https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/86384/xg-v17-what-s-coming-next one of the features is

• Email - UX Improvements, Spam improvements, Outbound relay

I tried to get this working during the beta but it never worked for me. My ISP requires TLS authentication on port 587. From the whats coming thread, I think they will add this to v17 after the beta in May/June this year. From the thread https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/86384/xg-v17-what-s-coming-next one of the features is

• Email - UX Improvements, Spam improvements, Outbound relay

Thanks for the information Billybob. That being said, I got the impression from the earlier comments on this thread, as well as a couple of others, that the functionality was already in v16. So I just assumed I was doing something wrong in attempting to implement it. Do you mean to say the functionality is not yet included and those other comments are in fact incorrect? Do let me know - while it would be rather disappointing news, it would also come as a bit of relief, insofar as it would mean that I'm not missing something obvious.

Billybob said:

I tried to get this working during the beta but it never worked for me. My ISP requires TLS authentication on port 587. From the whats coming thread, I think they will add this to v17 after the beta in May/June this year. From the thread https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/86384/xg-v17-what-s-coming-next one of the features is

• Email - UX Improvements, Spam improvements, Outbound relay

 

I did notice the success or atleast the correct answer indication in a few threads, however lets break down what the manual and decide

• Host Based Relay
  Allow Relay from Hosts/Networks

XG will only accept connections from the hosts defined here. You will usually put your exchange server etc here.

• Blocked Relay from Hosts/Networks

Block certain hosts from relaying. For example you can put your whole LAN here and then allow relay from only a few computers on the allow relay from hosts.

• Upstream Host
  Allow Relay from Hosts/Networks

Allow incoming mail from these hosts/networks only. Useful in situations where you have an upstream spam filter or another MTA, you want to accept everything that they send and deny all other connections.

• Block Relay from Hosts/Networks

That will block incoming connections from certain hosts... eg. spamming host but usually spam can be controlled a lot more effectively by other means.

• Authenticated Relay Settings
  Enable Authenticated Relay

Allow certain authenticated users to use XG as a relay.

Smarthost is nothing special in most MTAs and from what I can see from the manual, XG doesn't have smarthost functionality. I will be the first to admit that the circular logic in the GUI gives me vertigo. I have stopped using XG and have reverted back to UTM9. I will give it another shot during v17 beta. For now, I cannot work without logging which severely restricts any kind of troubleshooting.