Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 17610 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MTA Smarthost

sindrehal

Hello Everybody.

I have Bern using Sophos UTM for about 6 years now(since the Astaro time)

I have now switches to the new Sophos XG with home license and have to say i am very satisfied with the new interface and that they dont enforce a 50ip limit. Many connected devices at home these days:)

Since my ISP dont allow sending mail om port 25 in their network. They offer all customers to use their smarthost for this. This was no problem with UTM to setup, but i just cant find/figure how to do this with XG and Mail in MTA mode.

Van somebody please help me with this or does somebody knob when this is planned to be implemented?

Any help would be much appreciated.

Regards

Sindre



This thread was automatically locked due to age.
Parents
  • 0

    Sindre,

    MTA is on v16. You have to enable MTA Relay under Administration > Device access and switch to MTA mode under Email > General Settings. Officially there is not a KB on how to configure XG as MTA but with these 2 steps and the online help you should be able to configure it.

    http://docs.sophos.com/nsg/sophos-firewall/v16011/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FEmailRulesManage.html%23

    Regards

  • 0 in reply to lferrara

    Thankyou for you answer.

     

    i dont hink you fulle got my question rigth, maybe i was not clear.

    In order to send email from internal to Outside my ISP require me to use their smarthost.

     

    This is an example on how i did this with my Sophos UTM 9:

     

     

    I cant find the corresponding setup in the Sophos XG.

     

    i am running v16.5 with these settings as you described:

     

     

    Please any advice how to setup the sophos XG to use an SMTP Smarthost for outgoing Email would be great.

     

    Regards

  • 0 in reply to sindrehal

    Sindre,

    inside the online help:

    http://docs.sophos.com/nsg/sophos-firewall/v16011/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FHostBasedRelay.html%23

    you can see the option Email Relaying Settings details:

    "Upstream Host
    Allow Relay from Hosts/Networks
    Specify the upstream hosts/networks from whom you are to allow inbound emails, typically your ISP or external MX. You can use Create New link to create a new host.
    Block Relay from Hosts/Networks
    Specify the hosts/networks whose inbound emails should be blocked by Device. You can use Create New link to create a new host.
     The "Allow" list for both Host Based Relay and Upstream Host is given higher priority than the "Block" list. For example, if a host/network appears both in the Allow list and the Block list, SF will allow relay from that host/network.
    Authenticated Relay Settings
    Enable Authenticated Relay
    Enable to allow the authenticated users or groups selected below to use Device as an Email Relay.
    Users or Groups
    Select the users or groups to be allowed to use Device as an Email Relay. You can use the Create New link to create a new user or group."
     
    You have to configure the Upstream Host inside your XG > Email > Relay Settings
     
     
     
  • 0 in reply to lferrara

    Ok.

    Let me clarify.

    It's no problem when recieving email from Internett to the Sophos XG.

    The problem is sending outgoing email baecause my ISP blocks this so for sending email from the MTA relay to the Internet the MTA relay has to pass all outgoing emails to my ISP SMTP Smarthost. Witch is om another port than the standard 25.

    Actually i van apply these settings for the notification email (Notification Settings -> Send notifications via -> External Mailserver

    But these settings is not availible for the MTA Relay that is responsible for recieving email from all internal clients om my network.

  • 0 in reply to sindrehal

    I was quite sure that configuring the "Upstream Host" you can decide who can send email to your XG from internet and viceversa (XG will send email to that hosts only). Did you try it?

    If it does not work, it is a missing feature! [:(]

    Thanks

  • 0 in reply to lferrara

    YES. Tried to do wath you recommended,

    No problem for incoming from internet, but fails when sending outbound to the internet.

    Sender --> Internet --> Sophos XG MTA --> Internal Mailserver --> Client  OK

    Internal Client --> Sophos XG MTA --> Internet. Get blocked.

    The Smarthost that my ISP allow me to use also requires Authentication.

    Strange that i can set these settings only for Notification Emails and not the MTA relay.

    This was no problem with the former Sophos UTM (Se the pictures i adferd in my frist reply) and is a feature that is very important for many pepole i think. So my opinion is that this should be high priority to implement in a near update.

    Thank you for your answers

Reply
  • 0 in reply to lferrara

    YES. Tried to do wath you recommended,

    No problem for incoming from internet, but fails when sending outbound to the internet.

    Sender --> Internet --> Sophos XG MTA --> Internal Mailserver --> Client  OK

    Internal Client --> Sophos XG MTA --> Internet. Get blocked.

    The Smarthost that my ISP allow me to use also requires Authentication.

    Strange that i can set these settings only for Notification Emails and not the MTA relay.

    This was no problem with the former Sophos UTM (Se the pictures i adferd in my frist reply) and is a feature that is very important for many pepole i think. So my opinion is that this should be high priority to implement in a near update.

    Thank you for your answers

Children
No Data