Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 229 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 210 9.7: SMPT-Relaying: Combine authenticated and hostbased relay

Geoofa

Hello,

we use our Sophos UTM as a SMTP Relay in front of our Exchange Servers.

We have several Web applications that are hosted elsewhere an that use our Sophos as SMTP Relay - all of them figure in the list of "Allowed Hosts/Networks" under Host-based Relaying. That is working as expected.

Now I am about to configure a new Webapplication that needs to relay by user authentication. I add the user in the list of "Allowed users/groups" under "User based relay". That is working as expected.

The only problem is that by opening the "authenticated relaying", there are lots of Denied connections that potentially slow down the system, or even block user accounts after several denied connections.

I am looking for a way to limit the "Authenticated relaying" to a limited Network group (the IPs of my Web Application).

Can anybody help me?

Thanks,

George



This thread was automatically locked due to age.
Parents
  • 0

    Salut, George and welcome to the UTM Community!

    It's not clear to me why you'd need to configure authenticated relaying in the UTM if it's the application doing the authentication, so I don't "see" the problem.  If Authenticated Relay in the UTM is needed, please insert a few relevant text lines from the SMTP log so that we can see the error reported there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Salut, George and welcome to the UTM Community!

    It's not clear to me why you'd need to configure authenticated relaying in the UTM if it's the application doing the authentication, so I don't "see" the problem.  If Authenticated Relay in the UTM is needed, please insert a few relevant text lines from the SMTP log so that we can see the error reported there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob,

    thanks for your welcome and your reply.

    I try to explain it better:

    Most of my web applications use the SMTP Relay without identification by Account/password - The UTM allows relaying simply based on their IP Adress. So far so good.

    The new Webapplication I try to configure asks me for SMTP settings: Host/Port/Encryption/Account/Password . It does not allow to leave Account/Password empty.

    If I leave 'Authenticate Relaying' on the UTM unchecked, the Webapplication cannont send mail using my relay. When I check 'Authenticate Relaying' and add an Account to the list it works, but at the same time I see numerous attempts to login the SMTP Server.

    So my Idea is to add a rule to allow the Authentification only for the Network of my my new Webapplication.

    Does it make sense?

    Thanks in advance for your help.

    George

    .

  • 0 in reply to Geoofa

    Merci pour les précisions, George, mais...

    Without seeing lines copied from the logs, it's difficult to analyze.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML