On the Routing tab you can configure domain and routing targets for the SMTP Simple Mail Transfer Protocol proxy and define how recipients are to be verified.
To configure the SMTP proxy routing, proceed as follows:
Enter your internal domain(s).
In the appearing text box, enter the domain in the form example.com and click Apply. Repeat this step until all domains are listed. You can also use wildcards in different ways. For example *.me.mycompany.de, *.mycompany.de, *.me*.mycompany.*e, **.mycompany.*. It is not allowed to use only '*'.
In Profile Mode: Enter only domains that use global settings. All other domains should be listed in their respective profiles.
From the drop-down list Route by, select the host to which emails for the domains listed above should be forwarded to. A typical target host would be the Microsoft Exchange Server on your local network. You can choose between different server types:
- Static host list: Select a host definition of the target route in the Host list box. Note that you can select several host definitions for basic failover purposes. If delivery to the first host fails, mail will be routed to the next one. However, the (static) order of hosts cannot be determined with the current version of Sophos UTM and is somewhat accidental. To randomize delivery to a group of hosts so as to additionally achieve basic load balancing capability, use the DNS hostname route type and specify a hostname that has multiple A records (an A record or address record maps a hostname to an IP address).
- DNS hostname: Specify the fully qualified domain name (FQDN) of your target route (e.g., exchange.example.com). Note that when you select a DNS name having multiple A records, mail to each server will be delivered randomly. In addition, if one server fails, all mail destined for it will automatically be routed to the remaining servers.
- MX records: You can also route mail to your domain(s) by means of MX record(s). If you select this route type, the mail transfer agent of Sophos UTM makes a DNS query requesting the MX record for the recipient's domain name, which is the portion of the email address following the "@" character. Make sure that the gateway is not the primary MX for the domain(s) specified above, since it will not deliver mail to itself.
Your settings will be saved.
Verify Recipients: Here you can specify whether and how email recipients are to be verified.
- With callout: A request is sent to the server to verify the recipient.
In Active Directory: A request is sent to the Active Directory server to verify the recipient. To be able to use Active Directory you must have an Active Directory server specified in Definitions & Users > Authentication Services > Servers. Enter a base DN into the Alternative Base DN field and select the Active Directory server.
Note – The use of Active Directory recipient verification may lead to bounced messages in case the server does not respond.
- Off: You can turn off recipient verification completely but this is not recommended for it will lead to higher spam traffic volume and dictionary attacks. Thus your quarantine is likely to be flooded with unsolicited messages.
Click Apply to save your settings.