Relay settings
Relay settings appears only when MTA (Mail Transfer Agent) mode is enabled. MTA mode is available only in Sophos Firewall XG105, Cyberoam CR25iNG, Sophos UTM SG105, and higher models.
This feature requires a subscription. It can be configured but cannot be enforced without a valid Email Protection subscription.
Sophos XG Firewall can be configured to act as an email relay which allows specific hosts to relay (i.e. send) emails through it to specified domains.
Host based relay
- Allow relay from hosts/networks
- Select the hosts/networks which can use Sophos
XG Firewall
as an email relay. You can use the Create new link to create a
new host. Click Apply to save the configuration.Note It is extremely important not to select Any in allowed hosts/networks, because this would result in an open relay, allowing anyone on the internet to send messages through Sophos XG Firewall. Spammers will quickly recognize this, leading to massive email traffic. In the worst case, you will be listed on third-party spammer blacklists. In most configurations, the only hosts that should be allowed to relay emails are the mail servers in your network.Note The firewall will scan and reject IP addresses that you've allowed for host-based relay if they fail the scan.
- Blocked relay from hosts/networks
- Specify the hosts/networks that should be blocked by device. You can use the Create new link to create a new host. Click Apply to save the configuration.
Upstream host
- Allow relay from hosts/networks
- Specify the upstream hosts/networks from whom you are to allow inbound emails, typically your ISP or external MX. You can use Create new link to create a new host.
- Block relay from hosts/networks
- Specify the hosts/networks whose inbound emails should be blocked by device. You can use the Create new link to create a new host.
Note The “Allow” list for both host-based relay and upstream host is given higher
priority than the “Block” list. For example, if a host/network appears both in the
allow list and the block list, Sophos
XG Firewall will allow
relay from that host/network.
Authenticated relay settings
- Enable authenticated relay
- Enable to allow the authenticated users or groups selected below to use device as an email relay.
- Users or groups
- Select the users or groups to be allowed to use device as an email relay. You can use the Create new link to create a new user or group.