Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 15815 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MTA - mail relay does not need authentication

RenéMewes

Hello, 

I set up Sophox XG 210 (SFOS 16.05.2 MR-2) in MTA Mode. My goal is to use sophos xg as mail relay for external computers.

Added smtp policy (relay allowed for my own Exchange online domain). 

In settings for relay I added "any" to hosts permitted for relay, activated "authenticated relay" and added a local created user.

 

Unfortunately Sophos does not need the credentials of this user for relaying. I can send mails without any authentication (which results in an open relay obviously). When I enter credentials, I get the message "authentication failed".

 

Does anyone have an idea, what I did wrong?



This thread was automatically locked due to age.
  • 0

    René,

    Are you using AD users ? Did you try to use a local user and see if Email Relay works?

    Anything useful from the logs?

    Thanks

  • 0 in reply to lferrara

    Hi Luk, 

    thank you for your reply!

    We use AD-Integration for SSL VPN Remote Access. 

    For eMail Relay I would like to use a local user. For testing I added both to the authenticated users - but still no luck with their credentials. Mail relay works still only without credentials.

    I do not see any helpful entry in the log viewer (took a look in every subsystem that is available in log viewer).

     

    What seems also weird to me: even if the field "allow relay from hosts/networks" is completely empty (even "any" is not selected) I am able to relay mail. 

    This seems not to be ok to me. 

     

    Any ideas on this?

  • 0 in reply to lferrara

    Hello, 

    one more thing, that I noticed.

    When I log into Sophos XG via "telnet WAN-IP 25" and type "ehlo test.example.com" it should look like the following:

    EHLO test.example.com

    250-mail.example.com

    250-PIPELINING

    250-SIZE 30720000

    250-VRFY

    250-ETRN

    250-STARTTLS

    250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5

    250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5

    250-ENHANCEDSTATUSCODES

    250-8BITMIME

    250 DSN

     

    But when I do so, the result actually looks like this: 

    220 test.example.com ESMTP ready
    ehlo test.example.com
    250-test.example.com Hello test.example.com [My IP]
    250 STARTTLS

     

    Can anyone tell me how to enable the AUTH LOGIN ?

  • 0 in reply to RenéMewes

    Hello,

    last weekend I installed Sophos XG for trial. I have not configured AD-Integration, but I still have the same error.

    Only the Servers "EX2" and "adminsrv" can sent Mails via SMTP - thats okay. But there is no authentification required.

    Normaly only the users who are in the "SMTP-Relay" Group should be able to send Mails. But it seems like the checkbox for authentication is ignored by shophos XG.

    Does somebody has any Idea?