Example 2: Internal Trusted Relays

You have configured your Sophos Email Appliance (7) to scan outbound messages for spam, and you have an internal mail server (5) that is used to send, receive and store email for most users in your company. Your appliance processes all inbound and outbound email to and from this server. You have configured the appliance to recognize this mail host as a trusted relay. This enables the appliance to:

  • identify that compromised hosts are present within your organization.
  • provide reports that may help you to identify the IP address of any compromised hosts.

Any email sent through your internal mail server (5) by internal hosts (3 and 4) will be received by the appliance (7) , and will be identified as having come from a trusted relay. This ensures that:

  • First untrusted relays (3 and 4) will be correctly identified in reports and notifications, and for troubleshooting purposes.
  • The appliance will more effectively block messages from any internal hosts sending spam (3) through your internal mail server (5).
  • Messages from internal hosts that send valid emails (4) will be delivered to the appropriate recipients (8).

Mail from other internal hosts (1 and 2) will be received and then correctly processed by the appliance. Messages from internal hosts sending spam (2) will be blocked, while messages from internal hosts sending valid messages (1) will continue to be delivered to the appropriate recipients (8).

The scenario described above only applies to internal hosts that relay mail through your internal mail servers. Frequently, users send and receive mail from their internal mail server using a local transport protocol (rather than SMTP). In such a case, it would not be possible to identify the IP address of a workstation that sent a message through the appliance.