Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 1280 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos NAT-rules cause SMTP-problems

ToBu
Hi,

on a version 9 Sophos UTM120 physical appliance, I have configured NAT rules for inward POP3 and SMTP traffic.

While receiving emails works flawlessly, and sending emails by POP3-clients as well, as long as they access the mail-server by its internal IP-address, the problems start when clients try to send emails from external addresses, thus connecting through the firewall.
POP3-clients receive an error message, that states that the SMTP-authenticiation is malconfigured (SMTP error-code: 501)

For POP3- and SMTP-protocol as well as any traffic from and to the mail servber, exceptiond have been configured in IPS and web protection.
Network protection livelog shows a successful POP3 SYN, when clients try to access the server.

Could anybody give me ahint, where to start lokking for answer concerning this issue.
I am convinced, that it is a problem caused by the Sophos UTM, since it never occured when the old LanCOM-firewall, that the Sophos UTM replaceed, was in use.

Best regards
Tobias


This thread was automatically locked due to age.
  • 0
    Hi Tobias,

    I don't like to open POP3 and SMTP to the world.  Instead of using firewall and NAT rules, I prefer to have external users authenticate and access via VPN.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Tobias,

    I don't like to open POP3 and SMTP to the world.  Instead of using firewall and NAT rules, I prefer to have external users authenticate and access via VPN.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,

    You're right about that, but unfortunately, it does not solve my problem, since I just cannot contact any of my customer's sales persons, many of them free lancers, to install a VPN-client on their machines.

    Regards

    Tobias

    Hi Tobias,

    I don't like to open POP3 and SMTP to the world.  Instead of using firewall and NAT rules, I prefer to have external users authenticate and access via VPN.

    Cheers - Bob
  • 0
    What about #1 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065 - any hints from those logs?  What about #2, 3 & 4?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner