SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

SMTP: Multiple Hostnames/Interfaces Support

With the SMTP proxy able to handle mail for many domains, allow the proxy to be configured so that an admin can assign a hostname per profile, or have the proxy report different hostnames per outgoing interface. (and the ability to specify which domains/profiles go out which interface). Allows for easier management and adoption of many smtp domains on a single asg appliance.

339 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Gert HansenGert Hansen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    30 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Tim SchönwaldTim Schönwald commented  ·   ·  Flag as inappropriate

        This idea is 8 (!) years old and has 337 votes by now. It's obvious that Sophos has no plans on implementing it.
        Listening to customers was definitely much more important back in the "good ol' Astaro times"...

      • Justin McDJustin McD commented  ·   ·  Flag as inappropriate

        Was just about to create this request myself. With multiple uplinks for email redundancy, only one hostname per domain causes failed rDNS/DNS consistency checks for the redundant uplinks.

      • Rob DRob D commented  ·   ·  Flag as inappropriate

        In the end I've created a DNAT assigned to the external IPs I dont want listening to SMTP so they goto an non-existent internal IP address. Pen-test reran and fine now.

      • Rob DRob D commented  ·   ·  Flag as inappropriate

        Just had a pen test and highlighted SMTP being listened too on all external IPs, please fix this

      • Steffen HornungSteffen Hornung commented  ·   ·  Flag as inappropriate

        Even with a simple helo lookup check you could get denied because UTM currently has only one static mailserver name it sends out, if you have natting setup to distribute different domains through different IPs, so it is rather useless to set it up when this is not possible.

      • Jason CarterJason Carter commented  ·   ·  Flag as inappropriate

        I cant believe this is even a feature request. This is ridiculous that the STMP Proxy listens on all addresses the firewall arp's for. This is making my pen test scans look awful.

      • MarcoMarco commented  ·   ·  Flag as inappropriate

        Yes, this is an essential functionality which is muched needed by us. Please implement it. Thanks.

      • BenBen commented  ·   ·  Flag as inappropriate

        I just want to echo everyone else below, this really is a much needed feature. I am new to Sophos and have only been using it for about 3 months now, but I can't believe such a basic function is missing and I'm surprised that nothing has been done since this has been a topic for 6 years.

      • Rolf MüllerRolf Müller commented  ·   ·  Flag as inappropriate

        Hey Sophos People, the request for better smtp implementation has been around for years now. It would be nice if you could improve this, please!

      • Mike HorwathMike Horwath commented  ·   ·  Flag as inappropriate

        I'll agree with the DKIM issues, and policies per domain.

        I don't agree with the binding to a different address per domain as there is no need - you can handle hundreds of thousands (millions!) of domains for email over any individual IP address.

        Same with outbound, and if you keep a clean house then any worries about later RBL issues are zero.

      • Robert ŠustaRobert Šusta commented  ·   ·  Flag as inappropriate

        I was disappointed, when I realized, than angry as this is really needed, and finally furious because it can be set-up on any handmade linux box... Really, come on... For that money? Such elementar feature missing?

      • Maximilian PfisterMaximilian Pfister commented  ·   ·  Flag as inappropriate

        Yes...different smarthosts would help a lot - also needed for failover of outgoing SMTP traffic maybe through different ISPs

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.