SMTP quarantine

SMTP quarantine is available only in Sophos Firewall XG105, Cyberoam CR25iNG, Sophos UTM SG105, and higher models.

This feature requires a subscription. It can be configured but cannot be enforced without a valid Email Protection subscription.

The SMTP quarantine allows you to filter the quarantined emails. The page displays all the emails quarantined by the device if they are found to be:

  • From a blocked source IP address
  • Destined to a blocked destination IP address
  • Virus-infected
  • Oversized
  • Containing a blocked header
  • Containing unscannable content or a protected attachment
  • blocked by an RBL
  • blocked by data protection (DP)
  • Spam
  • Found malicious by Sandstorm
  • quarantined due to any other reason

Use the filter to search for mails from the list of quarantined emails.

The filter result displays a list of all the quarantined emails based on the filter criteria.

Total utilization displays the percentage of the quarantine area used by the quarantined emails. When the quarantine repository is full, older emails are purged.

Quarantine digest

The quarantine digest is an email containing a list of quarantined emails filtered by the device and held in the user’s quarantine area. If configured, the user receives a quarantine digest as per the frequency set in Email > Quarantine digest. The digest also provides a link to the user portal from where the user can access quarantined emails and take the required action.

Releasing quarantined email

The administrator or a user can release the quarantined emails. Administrator can release the quarantined emails from the quarantine area while the user can release them from user portal. Released quarantined emails are delivered to the intended recipient’s inbox. The administrator can access the quarantine area from Email > SMTP quarantine, while a user can logon to user portal and access the quarantine area from SMTP quarantine. If quarantine digest is configured, user will receive digest of the quarantined mails as per the configured frequency.

  • Virus-infected emails and the emails found malicious by Sandstorm cannot be released.
  • To delete Sandstorm related emails, you need read/write permission for Sandstorm activity.