SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

SMTP: Multiple Hostnames/Interfaces Support

With the SMTP proxy able to handle mail for many domains, allow the proxy to be configured so that an admin can assign a hostname per profile, or have the proxy report different hostnames per outgoing interface. (and the ability to specify which domains/profiles go out which interface). Allows for easier management and adoption of many smtp domains on a single asg appliance.

328 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Gert HansenGert Hansen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    26 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Steffen HornungSteffen Hornung commented  ·   ·  Flag as inappropriate

        Even with a simple helo lookup check you could get denied because UTM currently has only one static mailserver name it sends out, if you have natting setup to distribute different domains through different IPs, so it is rather useless to set it up when this is not possible.

      • Jason CarterJason Carter commented  ·   ·  Flag as inappropriate

        I cant believe this is even a feature request. This is ridiculous that the STMP Proxy listens on all addresses the firewall arp's for. This is making my pen test scans look awful.

      • MarcoMarco commented  ·   ·  Flag as inappropriate

        Yes, this is an essential functionality which is muched needed by us. Please implement it. Thanks.

      • BenBen commented  ·   ·  Flag as inappropriate

        I just want to echo everyone else below, this really is a much needed feature. I am new to Sophos and have only been using it for about 3 months now, but I can't believe such a basic function is missing and I'm surprised that nothing has been done since this has been a topic for 6 years.

      • Rolf MüllerRolf Müller commented  ·   ·  Flag as inappropriate

        Hey Sophos People, the request for better smtp implementation has been around for years now. It would be nice if you could improve this, please!

      • Mike HorwathMike Horwath commented  ·   ·  Flag as inappropriate

        I'll agree with the DKIM issues, and policies per domain.

        I don't agree with the binding to a different address per domain as there is no need - you can handle hundreds of thousands (millions!) of domains for email over any individual IP address.

        Same with outbound, and if you keep a clean house then any worries about later RBL issues are zero.

      • Robert ŠustaRobert Šusta commented  ·   ·  Flag as inappropriate

        I was disappointed, when I realized, than angry as this is really needed, and finally furious because it can be set-up on any handmade linux box... Really, come on... For that money? Such elementar feature missing?

      • Maximilian PfisterMaximilian Pfister commented  ·   ·  Flag as inappropriate

        Yes...different smarthosts would help a lot - also needed for failover of outgoing SMTP traffic maybe through different ISPs

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        In addition, it should be possible to indicate a different smart host if different than Global.

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is vital for proper tenant mail domains. A single TLS cert and DKIM key are both currently bound to all outbound mail. Until we can segregate outgoing mail traffic by sender domain, so each gets it's own DKIM profile and TLS cert, footer, postmaster address and upstream smarthost, we have to stick to NAT'd connections.

      • Luke HLuke H commented  ·   ·  Flag as inappropriate

        I vote for this feature too- it would be great to allow each SMTP profile to have a unique banner/HELO !

      • Peter MottPeter Mott commented  ·   ·  Flag as inappropriate

        The UTM should not listen for SMTP on every interface. Please provide at least a global setting to bind SMTP service to a single interface.

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.