Device Configuration : Protect : Email : Email Policies : Add SMTP Policy
Add SMTP Policy
This feature is applicable only on Sophos XG Firewall devices where MTA Mode is enabled.
1. Go to Device Configuration > Protect > Email > Email Scanning Policy and click on Switch to MTA Mode.
2. Click Add SMTP Policy under Email Scanning Policy section.
3. Specify values for Domains and Routing Target.
Domain
Select the Domain(s) (Address Group (MTA)) to which the SMTP Policy links. You can also add new Domain(s) using Create New link. Address Group (MTA) can be configured from Device Configuration > Protect > Email > Address Group (MTA) .
Route By
Select the host to which Emails for the listed domains should be forwarded to, for example, the Microsoft Exchange Server on your local network. You can choose between different server types:
Available Options:
* Static Host:
Select Static Host to define the target route as a static IP address(es) of the internal Email Server.
* MX:
Select MX to route mail to your domain(s) by means of MX record(s). If you select this route type, the Device makes a DNS query requesting the MX record for the recipient's domain name, which is the portion of the email address following the "@" character. Make sure that the gateway is not the primary MX for the domain(s) specified above, since it will not deliver mail to itself.
4. Enable Spam Protection section to configure Spam scanning of Email traffic.
Check for Inbound Spam
All the Emails that are received by the users in their inbox are referred to as Inbound.
If you select Check for Inbound Spam, all the Emails received by the users are scanned for spam by the Device.
If Email is detected as a "Spam", selected Spam Action is applied.
If Email is detected as a " Probable Spam", which means that the Anti-spam engine has detected the Email as suspicious but not as Spam, selected Probable Spam Action is applied.
Check for Virus Outbreak
If you select Check for Virus Outbreak, all the Emails received by the users are scanned for viruses by the Device.
If Email is detected to cause a virus outbreak, selected Spam Action is applied.
If Email is detected as suspicious but not confirmed as a virus outbreak, selected Probable Spam Action is applied.
Check for Outbound Spam
Emails that are sent by the user in the network to a remote user on another Email system, are referred as Outbound.
If you select Check for Outbound Spam, all the Emails sent by the local users are scanned for spam by the Device before being delivered.
If Email is detected as a "Spam", selected Spam Action is applied.
If Email is detected as a " Probable Spam", which means that the Anti-spam engine has detected the Email as suspicious but not as Spam, selected Probable Spam Action is applied.
Check for RBL
Click to verify the reputation of the sender IP Address. When enabled, the Device dynamically checks the sender’s IP Address of all Emails. If the IP Address is found to be responsible for sending spam email or malicious contents, the Device takes action.
If Email is detected as a "Spam", selected Spam Action is applied.
If Email is detected as a " Probable Spam", which means that the Anti-spam engine has detected the Email as suspicious but not as Spam, selected Probable Spam Action is applied.
Prefix Subject
Specify prefix that is to be added with the email subject.
* Available when action as Warn is selected.
Spam Action
Select action to be taken if Email is detected as Spam.
Available Options:
None:
Select if no action is to be taken.
Warn:
Email is accepted and delivered to the intended recipient but after tagging the subject line.
* Quarantine:
Device does not deliver Email but copies it to the Quarantine. You can view the Email details and release the Email, if required, from the Quarantine.
* Drop:
Email is dropped.
Default: Drop.
Probable Spam Action
Select action to be taken if Email is detected as suspicious but not confirmed as Spam.
Available Options:
None:
Select if no action is to be taken.
* Warn:
Email is accepted and delivered to the intended recipient but after tagging the subject line.
* Quarantine:
Device does not deliver Email but copies it to the Quarantine. You can view the Email details and release the Email, if required, from the Quarantine.
* Drop:
Email is dropped.
Default: Warn.
5. Enable Malware Protection section to configure malware scanning of Email traffic.
Scanning
Specify the type of scanning to be applied.
Available Options:
* Single Anti-Virus: Traffic will be scanned ONLY by the Primary Anti-Virus Engine. Select the Primary Anti-Virus Engine from Device Configuration > System > System Services > Malware Protection .
* Dual Anti-Virus: Traffic will be scanned by both Anti-Virus Engines, first by Primary and then by the Secondary Engine. Select the Primary Anti-Virus Engine from Device Configuration > System > System Services > Malware Protection .
Anti-virus Action
Select action to be taken if a malware is detected in an Email.
Available Options:
* None:
No action to be taken.
* Quarantine:
Device does not deliver Email but copies it to the Quarantine. You can view the Email details and release the Email, if required, from the Quarantine.
* Drop:
Email is rejected and a rejection notification is NOT sent to the Email sender.
Default: Drop
Notify Sender
If enabled, the original message is withheld by the Device and a notification is sent to the sender informing that the Email was infected.
Quarantine Unscannable and Encrypted Content
Enable to quarantine emails whose content cannot be scanned.
Unscannable content may include encrypted or corrupt archives, oversized email, or emails not scanned due to internal error.
6. Enable File Protection section to configure filtering of specific attachments in Email Traffic.
Block File Types
Select file types to be blocked as an attachment to remove all the files that are a potential threat and to prevent virus attacks.
More than one file type can be selected using Ctrl/Shift keys.
Device contains a default list of File Types, with each Type containing relevant file extensions. Refer to Device Configuration > Objects > Content > File Type to view the list of file extensions which can be blocked.
Select All to block Emails with any type of attachments.
Select None to allow Emails with any type of attachments.
MIME Whitelist
If one or more File Type is selected in Block File Type, this field is populated with the corresponding MIME Headers that belong to selected File Type(s).
Select the MIME Header(s) of the selected File Type(s). Only selected headers are to be allowed while the rest in the selected File Type are to be blocked during Anti-virus scanning of Email attachments.
Drop message greater than
Specify maximum file size in KB of Emails. Emails greater than specified size will be dropped by Device.
7. Enable Data Protection section to configure confidential data protection in Email Traffic.
Data Control List
Select Data Control List to be applied for scanning and corresponding action, Data Protection Policies can be configured from Protection > Email Protection > Data Protection (MTA) .
Available Options for actions:
* Accept: Email is accepted and delivered to the intended recipient.
* Accept with SPX: Email is accepted and delivered to the intended recipient after being SPX encrypted. Select the SPX Template (MTA) to be applied to the Email. You can configure SPX Templates from Protection > Email Protection > SPX Templates (MTA) .
* Drop: Email is rejected and a rejection notification is NOT sent to the Email sender.
Notify Sender
* Enable to notify the sender of an Email if it is found to contain sensitive information as per configured Data Protection policy.
8. Select the action for all traffic applicable to Policy.
Action
Select action for all the traffic applicable to the Policy. Available options are Accept and Reject. Select SPX Template in case you select Accept.
Default: Accept.