This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[BUG] MTA - SMTP Policy - Host Selection

Hello, I think this would be a bug unless I'm doing it wrong. I'm working on setting up Email Protection for our Office 365 instance. I went in and created all the Network Objects under "Hosts and Services" and put all the O365 networks in a group. But when I go to create an SMTP Policy and choose Host, those objects and groups are not there.

But then, if I create the Network FROM within the SMTP policy, it is available to choose from.

So it appears to be a bug that if a host or network is created within Hosts and Services, it is not available to chose from within an SMTP policy while using MTA Mode.

Thanks

This thread was automatically locked due to age.

Parents

0 Billybob over 8 years ago

Hi, I tried it on my XG running in a vm (v 16.05 RC1) and added a new host and I am able to see the host when added via hosts and services> IP host (also tried to group it under hosts and services > IP host group). I tried by manually creating a business smtp rule and using the autocreated smtp MTA mode rule. Can you share where exactly the host is not appearing in the GUI. Also, I have had weird gui hiccups with XG and you maybe experiencing one of those[:#]

I can see the hosts when using business rule where hi-lighted

and in autocreated smtp policy
Cancel
Vote Up 0 Vote Down

Cancel
0 Billybob over 8 years ago in reply to Billybob

Aha... I see it now. The group is not seen as you pointed out only the IP hosts, but that maybe by design. Are you trying to forward to multiple smtp internal servers? I can see the group in allowed/blocked clients but not the destination/forwarded to servers.
Cancel
Vote Up 0 Vote Down

Cancel
0 DMR188 over 8 years ago in reply to Billybob

Hi Billybob, yeah you actually found another thing I didn't notice. But I was speaking more of the actual SMTP Rule under "Email".

So in that screenshot, what I did is created Network Objects under Hosts and Services for all of the U.S. O365 networks and also grouped them. However, under my Email SMTP Rule (Screenshot) I cannot select those objects I created in Hosts and Services. However, if I create them from that spot in the screenshot I can select them (As you can see).

One thing more though, it threw an error when I put a network in there from that screen. It would only let me do a single IP is how I have it now, but the problem is, those are what my Office 365 servers are today, I'm not sure if they ever change. So better would be to allow a DNS object or let me put all of the networks in there.

I didn't know if I was doing something wrong as I'm just getting into Email Protection on the XG's and so far I really like the MTA Mode, alot like UTM9 just seems to be missing a few things. We've always used Reflexion, but with Sandstorm now, I think i'd rather use XG's Email Protection (Not sure how much more overhead that causes, but I'll keep an eye on it).

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DMR188 over 8 years ago in reply to Billybob

Hi Billybob, yeah you actually found another thing I didn't notice. But I was speaking more of the actual SMTP Rule under "Email".

So in that screenshot, what I did is created Network Objects under Hosts and Services for all of the U.S. O365 networks and also grouped them. However, under my Email SMTP Rule (Screenshot) I cannot select those objects I created in Hosts and Services. However, if I create them from that spot in the screenshot I can select them (As you can see).

One thing more though, it threw an error when I put a network in there from that screen. It would only let me do a single IP is how I have it now, but the problem is, those are what my Office 365 servers are today, I'm not sure if they ever change. So better would be to allow a DNS object or let me put all of the networks in there.

I didn't know if I was doing something wrong as I'm just getting into Email Protection on the XG's and so far I really like the MTA Mode, alot like UTM9 just seems to be missing a few things. We've always used Reflexion, but with Sandstorm now, I think i'd rather use XG's Email Protection (Not sure how much more overhead that causes, but I'll keep an eye on it).

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Billybob over 8 years ago in reply to DMR188

Sorry about that... your post clearly stated that you were working with SMTP policy, I guess I was still feeling the effects of eggnog[:D] MTA is pretty nice in XG but it is missing a few features. I had opened a feature request during the last beta about missing features https://community.sophos.com/products/xg-firewall/v16beta/f/sfos-v16-beta-feature-requests/78869/additional-mta-features-needed-in-the-gui Make sure you don't have any of those requirements. The smarthost functionality was a deal breaker for me because not everyone has a static IP with correct RDNS entries. Although has pointed out that the functionality is present in XG, https://community.sophos.com/products/xg-firewall/f/email-protection/83790/mta-to-smart-host-has-this-been-implemented-in-xg-yet/313533#313533 I haven't tested it.

No Mail manager is also a deal breaker for me... no the whole logging subsystem is a nightmare when you run servers. I don't want to fly blind and not know what XG is doing specially when publishing servers (WAF/SMTP).

I am glad you are trying SMTP, keep us posted on your progress.
Cancel
Vote Up 0 Vote Down

Cancel