0

I have a SonicWall SRA Virtual Appliance running SonicOS SSL-VPN v6.0.0.0. I need to update the SMTP settings (used for one-time passwords) because we're switching ISPs and will no longer have access to our old ISP's SMTP service.

Since we use GSuite for email and a bunch of other stuff, I'm trying to get the Gmail SMTP working with the SonicWall, but not having any luck.

Does anyone know if SonicOS SSL-VPN 6.0.0.0 is incompatible with Gmail SMTP?

All 3 versions of Gmail's SMTP do not work:

  • Restricted Gmail SMTP server aspmx.l.google.com:
    • We can't use this option because we're sending to non-Gmail/GSuite accounts (eg: 1234561234@tmomail.net).
      • SonicWall logs "Error sending one-time password: SMTP server does not allow relaying to external domains". This is expected behavior.
    • Sending to an @gmail.com address works.
    • Sending to a GSuite address works.
  • Gmail SMTP server smtp.gmail.com:
    • The SonicWall gets stuck at "Attempting to send OTP to me@gsuite-domain.com".
    • Tried both SSL/465 and TLS/587.
    • No error codes are returned, no timeout message.
  • G Suite SMTP relay smtp-relay.gmail.com:
    • The SonicWall gets stuck at "Attempting to send OTP to me@gsuite-domain.com".
    • Tried SSL/465, TLS/587, and no encryption (port 25)

For the GSuite SMTP relay, I've gone through and added our public static IPs to the GSuite settings per the docs. I've also verified that the GSuite SMTP relay works with other appliances.

Idea:

Is the SonicOS silently truncating or otherwise modifying the password entered for smtp auth?

  • I notice that the "mail password" display only shows 4 characters after saving, but this could just be a display thing. Our password is long, but not excessively so in my opinion.
  • Our SMTP password has some special characters in it, but nothing out of the ordinary (eg: !@#$%^&*)

Other possibly relevant info

Our perimeter firewall is a SonicWall NSA 2600 running SonicOS Enhanced 6.1.2.3 (this one likes smtp.gmail.com). The SRA is a virtual machine running on VMWare ESXi 5.5 with a static private (192.168) IP address. The NSA 2600 has the following NAT policies:

Source                            | Destination
Original        -> Translated     | Original       -> Translated
---------------    ---------------|---------------    ---------------
Any             -> Original       | SSL-VPN_Public -> SSL-VPN_Private
SSL-VPN_Private -> SSL-VPN_Public | Any            -> Original

With this NAT, the GSuite SMTP relay should accept things that come from the SSL-VPN_Public IP, right?

I'm currently looking into upgrading the SRA to see if that helps, but it looks like it'll be a bit of work because the SRA was replaced by the SMA 500V.

Our support with SonicWall (for the SRA) expired in 2014... :-(

dthor
  • 293
  • 1
  • 3
  • 10
  • You might consider using a service like SendGrid instead. SendGrid allows you to send up to 100 emails a day for free. – joeqwerty May 10 '18 at 19:22
  • Yeah, someone on Reddit suggested [DNSExit](www.dnsexit.com). I'm looking into that now, but appear to be running into similar issues. – dthor May 10 '18 at 21:27

0 Answers0