relay SMTP traffic to smarthost

Hi Tom,

Apart from the Smarthost settings under SMTP>Advanced, you shouldn't be needing to configure anything. 

Most common issues around Smarthost revolve around SMTP Authentication and outbound ports and I'm sure you'll be able to figure that out. 

Also, if you could send a test email with the correct settings and share a packet capture with me, I could take a look for you. 

Thanks,

Vikas

Proudly SOPHOS

Hi Vicas.

Thanks for your reply, much appreciated.

I would have not expected that I have to enable the SMTP Proxy to relay/forward smtp traffic to my smart host.

I would have thought that the Network Protection (Firewall/NAT) would take care of this.

So, I enable Email Protection and the only details I have to add is under Advanced > Smarthost Settings?

My smarthost needs to be the first node on the receiving part and the last node on the sending part.

Many Thanks.

Tom

Dear Tom,

My apologies, I wasn't clear enough. 

Internet > Router > Switch > Sophos > Internal Network.

Where is your Smarthost located? Is it inside your internal network? Then I assume you only have to create a plain firewall rule to let the E-mail traffic pass outbound. It's safe to turn off the SMTP module if you don't want to scan emails. 

If your smarthost is located outside your network on the internet, who is sending the e-mail outbound? 

Eg. If someone has an Exchange server in their domain, they have two options

1. Let Exchange directly contact the recipient's email server. 

2. Configure Smarthost settings in Exchange so that irrespective of the recipient, it sends all outbound emails to the smarthost. In most scenarios, we put the internal IP of the UTM as a smarthost. 

Let me know your comments. 

Thank you,

Vikas

SOPHOS

Hello Vikas.

indeed not a problem and thanks for your reply.

The smarthost is located inside my network. 

I had created a plain Firewall rule for the smarthost, in fact I had the following and it did not work.

Smarthost > Any > Any

When I send a message the EHLO is not issued from the smarthost, something prevents sending the EHLO.

With Sophos in place

sm-inbound[27633]: NOQUEUE: connect from mail-wm0-f47.google.com [74.125.82.47]
sm-inbound[27633]: AUTH: available mech=ANONYMOUS PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI, allowed mech=(null)
sm-inbound[27633]: u92LFA7l027633: --- 220 SMTP ESMTP Relay

Without Sophos

sm-inbound[17445]: NOQUEUE: connect from mail-wm0-f47.google.com [74.125.82.47]
sm-inbound[17445]: AUTH: available mech=ANONYMOUS PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI, allowed mech=(null)
sm-inbound[17445]: u938392F017445: --- 220 SMTP ESMTP Relay
sm-inbound[17445]: u938392F017445: <-- EHLO mail-wm0-f47.google.com

.

.

.

. and so forth

I will dig a bit and check if the IPS is causing this. Or what do you think?

Many thanks.

Dear Tom,

Apologies for the delay.

"The smarthost is located inside my network. "

Then I see no reason why a plain firewall rule might not work. Can you completely disable the Email Protection module?

Have you configured anything extra in regards to the Smarthost to send out e-mails? You shouldn't need to. 

Clients > Smarthost > UTM[Using the firewall rule - SMTP PROXY NOT IN PICTURE] > To the internet

Thanks,

Vikas

Hi, Tom, and welcome to the UTM Community!

The first thing to try is #1 in Rulz - any luck with that?

Cheers - Bob

Thanks guys, I'll give this a shot. 

Your input is much appreciated.

Cheers

Tom

Finally got it to work.

First I had to change the port 25 forwarder in my router and then setting up a DNAT.

Previously I pointed the port 25 forwarder to my smpt smart host, now I point it to the external (WAN) NIC of my UTM + a DNAT as follows, 

For traffic from: Any
Using service: SMTP
Going to: WAN (Address)
Change the destination to: SMTP smart host

Thanks guys for all your input.

Just received a message saying that I've earned the help me achievement.

Apologies guys, I have clicked by mistake on "This helped me" on my own post, oops.