Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 27 replies
  • Subscribers 2 subscribers
  • Views 41375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange Mail stuck in Spool, using smarthost

Wedgewood
Hello,

I hope someone can help me with my outgoing email.
A few days ago I started using a Sophos UTM 9.2 as new Firewall.
Reveicing emails works fine, but sending won't work.

Before using the Firewall Exchange sends email through an Smarthost (Domainfactory) - this worked always very good.

Now I configured the UTM as a smarthost for sending emails in Exchange.
So what I want to do is to send Emails from Exchange to the UTM as smarthost. From here they should be sended to the domainfactory smarthost. Bit they stay forever in spool. This is the log-entry I got:

2014-09-16 10:06:00 Remote host smtprelaypool.ispgateway.de [80.67.29.4] closed connection in response to initial connection
2014-09-16 10:06:00 ***@*** R=smarthost_route T=smarthost_smtp defer (-18): Remote host smtprelaypool.ispgateway.de [80.67.29.4] closed connection in response to initial connection

Maybe the following information is helpful:

Mails beeing in SMTP-Spool seem to get Virus-checked twice. They show the both the footer for incoming and for outgoing scan.

I've checked the settings for the external smarthost a lot of times. It is correct.

As a Workaround I tried to use the old smarthost in Exchange, sending mail direct from exchange to the external smarthost. This doesn't seem to work as well. The UTM blocks traffic on port 465 regardless of my Firewall Settings.

Any help is appreciated, I'm getting crazy because I can't send any mail...

My configuration for SMTP:
Global: simple
Domains: all accepted
Hostlist: Mailserver (Exchange)
Verify recipients: with callout
Antivirus: Default
Advanced anti-spam Features: Disabled for testing
Data Protection: Default
Exceptions: None
Upstream Hosts/Network: External MX
Authenticated relay: allow
Host-based relay: Mailserver (Exchange)
Advanced: Use a smarthost (with authentication)


This thread was automatically locked due to age.
  • 0 in reply to BAlfson
    So not to defend Verizon, but my 50M/50M service costs almost what my 20M/5M service cost at Cox.  I can't complain about verizon, although I have heard many.  I guess I've been lucky.

    I have not found any info on enabling SSL on sophos, but I did find this post that suggests you can't do it.  This post is a bit dated, so maybe it is doable now and I just haven't found it.

    I'd be curious to see if changing to the other smarthost using SSL would fix the fragmentation problem.  I'm still a little curious as to why the UTM is not properly fragmenting SMTP packets if the interface is coded to 1500 bytes.
  • 0 in reply to Tango2
    So not to defend Verizon, but my 50M/50M service costs almost what my 20M/5M service cost at Cox.  I can't complain about verizon, although I have heard many.  I guess I've been lucky.

    I have not found any info on enabling SSL on sophos, but I did find this post that suggests you can't do it.  This post is a bit dated, so maybe it is doable now and I just haven't found it.

    I'd be curious to see if changing to the other smarthost using SSL would fix the fragmentation problem.  I'm still a little curious as to why the UTM is not properly fragmenting SMTP packets if the interface is coded to 1500 bytes.


    I reconfigured my Exchange 2010 server to use smtp.verizon.net 465 as the smart host with TLS. I had no better luck connecting to verizons mail servers directly from exchange than I did from Sophos. My email clients work ok connecting to smtp.verizon.net 465 with SSL enable. Curiously there is no SSL option in Exchange 2010 only TLS not certain but it could be a protocol compatibility issue with the various TLS/SSL versions. Verizon could also now be checking for server connections and closing the port if detected.
  • 0 in reply to darrelld
    I now have my Sophos smart host working by using google apps smtp relay on port 587. Googles smart host does support port 485 with TLS but I could not get the Sophos proxy to connect, same error as Verizon. I now believe there is a problem with how Sophos is using TLS to connect to outbound smtp relays on port 485.
  • 0

    I know this is a somewhat old thread, but I am new to Sophos UTM 9.  I'm in the process of setting up my e-mail protection settings, specifically under the SMTP > Advanced then down to Smart-host Settings.  Unlike the SMTP profile in the notification settings, TLS/SSL is not an option you can choose for the SMTP smarthost here in this section.  My ISP restricts outbound ports and requires TLS/SSL in order to authenticate and relay outbound mail.  Simply changing the host and the port with my credentials is not enough to get the SMTP smart-host working.  Does anyone have a workaround for this?  Or is there somewhere I can submit a feature request for this functionality?  I'm sure I'm not the only one who has a use for this feature.  

  • 0 in reply to JoeChurch

    Hi, Joe, and welcome to the UTM Community!

    The SMTP Proxy should try to negotiate that with the ISP's smart host.  What are you seeing when you say it doesn't work?

    Cheers - Bob

  • 0 in reply to BAlfson

    The smarthost option only allows you to customize the port, it does not allow authentication or explicit TLS/SSL settings.  My smarthost requires authentication so I'm basically unable to use the smarthost.  

  • 0 in reply to JoeChurch

    What explicit TLS/SSL settings do you need?

    Authentication is configured in the box directly below the other smart host settings at the bottom of the 'Advanced' tab.

    Cheers - Bob