Operation: Add SMTP Policy / Edit SMTP Policy
Description: To Add/Edit SMTP Policy which defines action to be taken on traffic destined for specific mail domain. 

Sample Configuration
<SMTPPolicy> <Name>Postman.local</Name> <DomainList> <DomainName>Postman.local</DomainName> </DomainList> <RouteBy>Static Host/DNS Host</RouteBy> <DNSHostName>hostname</DNSHostName> <SpamProtection> <SpamProtectionStatus>ON</SpamProtectionStatus> <Checkforinboundspam>Enable</Checkforinboundspam> <Checkforvirusoutbreak>Disable</Checkforvirusoutbreak> <Checkforoutboundspam>Enable</Checkforoutboundspam> <UseGreylisting>Enable</UseGreylisting> <RejectOnBATV>Enable</RejectOnBATV> <CheckForSPF>Disable</CheckForSPF> <CheckforRBL>Enable</CheckforRBL> <SpamAction>Drop</SpamAction> <ProbableSpamAction>Warn</ProbableSpamAction> <RecipientVerification>WithCallout(Recommended)</RecipientVerification> <RBLList> <RBLName>Premium RBL Services</RBLName> <RBLName>Standard RBL Services</RBLName> </RBLList> <SpamMarker>[SPAM]</SpamMarker> </SpamProtection> <MalwareProtection> <MalwareProtectionStatus>ON</MalwareProtectionStatus> <MalwareScanning>Dual Anti-Virus</MalwareScanning> <AntivirusAction>Drop</AntivirusAction> <NotifySender>Disable</NotifySender> <QuarantineUnscannableandEncryptedContent>Enable</QuarantineUnscannableandEncryptedContent> <DetectZero-dayThreatswithSandbox>Enable</DetectZero-dayThreatswithSandbox> <ScannedFileSize>10</ScannedFileSize> </MalwareProtection> <FiletypeFilter> <FiletypeFilterStatus>ON</FiletypeFilterStatus> <BlockFileTypes> <FileType>Video Files</FileType> <FileType>Audio Files</FileType> </BlockFileTypes> <MIMEWhiteList> <WhiteList>video/msvideo</WhiteList> <WhiteList>video/x-msvideo</WhiteList> <WhiteList>video/quicktime</WhiteList> <WhiteList>application/smil</WhiteList> </MIMEWhiteList> <DropMessageGreaterThan>0</DropMessageGreaterThan> </FiletypeFilter> <DataProtection> <DataProtectionStatus>ON</DataProtectionStatus> <ActionOnRuleMatch>Accept with SPX</ActionOnRuleMatch> <NotifyOnMatch>Enable</NotifyOnMatch> <DataProtectionPolicy>Postal addresses</DataProtectionPolicy> <DataProtectionSPXTemplate>Default Template</DataProtectionSPXTemplate> </DataProtection> <Action>Accept</Action> <SPXEncryption>None</SPXEncryption> <RouteList> <HostName> <routingid>10.198</routingid> <routingorder>0</routingorder> </HostName> </RouteList> </SMTPPolicy>



Parameter Mandatory Default Description
NameYes  
Name to identify the SMTP Policy.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 100.
FileTypeYes  
Attachment file types that are removed from Email during Malware Scanning.
FileType confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
BindDNNo  
Bind DN of Active Directory Server.
BindDN confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
SPXEncryptionNo  
SPX Template to be applied to the Email.
SPXEncryption confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
CheckforinboundspamNo  
Emails received by the users are scanned for spam by the Device.
Checkforinboundspam confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_INBOUND_SPAM_DISABLE}', '$EMAILPROTECTION{SMTP_INBOUND_SPAM_ENABLE}' are allowed.
CheckforvirusoutbreakNo  
Emails received by the users are scanned for viruses by the Device.
Checkforvirusoutbreak confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_VIRUS_OUTBREAK_DISABLE}', '$EMAILPROTECTION{SMTP_VIRUS_OUTBREAK_ENABLE}' are allowed.
CheckforoutboundspamNo  
Emails sent by the local users are scanned for spam by the Device before being delivered.
Checkforoutboundspam confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_OUTBOUND_SPAM_DISABLE}', '$EMAILPROTECTION{SMTP_OUTBOUND_SPAM_ENABLE}' are allowed.
CheckforRBLNo  
Emails are scanned to verify the reputation of the sender IP Address.
CheckforRBL confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_CHECK_RBL_DISABLE}', '$EMAILPROTECTION{SMTP_CHECK_RBL_ENABLE}' are allowed.
RBLNameNo  
Selected RBL against which Device verifies IP Reputation of Emails.
RBLName confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
SpamActionYes  
Action to be taken if Email is detected as Spam.
SpamAction confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_SPAM_ACTION_QUARANTINE}', '$EMAILPROTECTION{SMTP_SPAM_ACTION_WARN}', '$EMAILPROTECTION{SMTP_SPAM_ACTION_OFF}', '$EMAILPROTECTION{SMTP_SPAM_ACTION_DROP}' are allowed.
ProbableSpamActionYes  
Action to be taken if Email is detected as suspicious but not confirmed as Spam.
ProbableSpamAction confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_PROBABLE_SPAM_ACTION_QUARANTINE}', '$EMAILPROTECTION{SMTP_PROBABLE_SPAM_ACTION_WARN}', '$EMAILPROTECTION{SMTP_PROBABLE_SPAM_ACTION_OFF}', '$EMAILPROTECTION{SMTP_PROBABLE_SPAM_ACTION_DROP}' are allowed.
SpamMarkerNo  
If Spam Action or Probable Spam Action is specified as Warn, this is the tagged message in the Subject of an Email if it is found to be a Spam or Probable Spam.
SpamMarker confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 256.
MalwareScanningYes  
The type of Anti-virus scanning to be applied: Single or Dual.
MalwareScanning confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_AV_SCANNING_DISABLE}', '$EMAILPROTECTION{SMTP_AV_SCANNING_SINGLE_AV}', '$EMAILPROTECTION{SMTP_AV_SCANNING_DUAL_AV}' are allowed.
AntivirusActionNo  
Action to be taken if a malware is detected in an Email.
AntivirusAction confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_AV_ACTION_QUARANTINE}', '$EMAILPROTECTION{SMTP_AV_ACTION_DROP}', '$EMAILPROTECTION{SMTP_AV_ACTION_OFF}', '$EMAILPROTECTION{SMTP_AV_ACTION_PREFIXSUBJECT}' are allowed.
ActionOnRuleMatchNo  
Action to be taken on an Email if it is found to contain sensitive information as detected in any Data Protection Policy (DPP).
ActionOnRuleMatch confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_DPP_ACTION_ACCEPT}', '$EMAILPROTECTION{SMTP_DPP_ACTION_ACCEPTWITHSPX}', '$EMAILPROTECTION{SMTP_DPP_ACTION_OFF}' are allowed.
QuarantineUnscannableandEncryptedContentNo Enable 
Enable to quarantine emails whose content cannot be scanned.
QuarantineUnscannableandEncryptedContent confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{UNSCANNABLE_QUARANTINE_DISABLE}', '$EMAILPROTECTION{UNSCANNABLE_QUARANTINE_ENABLE}' are allowed.
DetectZero-dayThreatswithSandboxNo Disable 
Enable to send emails for Sandstorm analysis.
DetectZero-dayThreatswithSandbox confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SANDSTORM_ENABLE}', '$EMAILPROTECTION{SANDSTORM_DISABLE}' are allowed.
ScannedFileSizeNo 10 
The size of files that can be analyzed by Sandstorm.
ScannedFileSize confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 1 to 10 is allowed.
RecipientVerificationNo Off(Not Recommended) 
Enable to verify email recipients of outbound emails.
RecipientVerification confines to:
  • Type is 'SCALAR'.
  • Only 'Off(Not Recommended)', 'WithCallout(Recommended)', 'In Active Directory' are allowed.
UseGreylistingNo Disable 
Enable to greylist unknown Sender IP addresses of inbound emails.
UseGreylisting confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
RejectOnBATVNo Disable 
Enable to reject bounce mail.
RejectOnBATV confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'Enable' are allowed.
NotifySenderNo  
If enabled, the original message is withheld by the Device and a notification is sent to the sender informing that the Email was infected.
NotifySender confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_AV_NOTIFY_SENDER_DISABLE}', '$EMAILPROTECTION{SMTP_AV_NOTIFY_SENDER_ENABLE}' are allowed.
DomainNameYes  
Domain(s) to which the profile links.
DomainName confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
DataProtectionPolicyNo  
The policy to be applied for DP scanning.
DataProtectionPolicy confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
BaseDNNo  
Base DN of Active Directory Server.
BaseDN confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
RouteByNo MX 
The server type of the target route.
RouteBy confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_STATICHOST_ROUTE}', '$EMAILPROTECTION{SMTP_DNSHOST_ROUTE}', '$EMAILPROTECTION{SMTP_MX_ROUTE}' are allowed.
RouteListNo  
Specify 'route_details'
RouteList confines to:
  • Type is 'ARRAY'.
  • Datatype is 'OBJECT'.
  • route_details
  • Multiple values are allowed.
DNSHostNameNo  
DNS host name for the target route.
DNSHostName confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
DataProtectionStatusYes OFF 
On Data Protection Policy section to configure confidential data protection in Email Traffic.
DataProtectionStatus confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_DPP_SETTING_DISABLE}', '$EMAILPROTECTION{SMTP_DPP_SETTING_ENABLE}' are allowed.
routingidNo  
IP Address of Static Host.
routingid confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
AD ServerNo  
Select AD Server for Recipient Verification.
AD Server confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
MalwareProtectionStatusYes OFF 
On Anti-virus section to configure malware scanning of Email traffic.
MalwareProtectionStatus confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_ANTIVIRUS_SETTING_DISABLE}', '$EMAILPROTECTION{SMTP_ANTIVIRUS_SETTING_ENABLE}' are allowed.
WhiteListNo  
MIME Header(s) of the selected File Type(s). Only selected headers are to be allowed while the rest in the selected File Type are to be blocked during Malware scanning of Email attachments.
WhiteList confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
ActionNo Accept 
Action to be taken on SMTP traffic on which profile is applied: Accept or Reject.
Action confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_GLOBAL_ACTION_ACCEPT}', '$EMAILPROTECTION{SMTP_GLOBAL_ACTION_ADDHEADER}', '$EMAILPROTECTION{SMTP_GLOBAL_ACTION_DELETEHEADER}', '$EMAILPROTECTION{SMTP_GLOBAL_ACTION_SUBJECTMARKER}', '$EMAILPROTECTION{SMTP_GLOBAL_ACTION_CHANGESUBJECT}', '$EMAILPROTECTION{SMTP_GLOBAL_ACTION_ADDRECIPENT}', '$EMAILPROTECTION{SMTP_GLOBAL_ACTION_REJECT}' are allowed.
DataProtectionSPXTemplateNo  
SPX Template to be applied to the Email if Data Protection section is enabled and Accept with SPX action is selected.
DataProtectionSPXTemplate confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
FiletypeFilterStatusYes OFF 
On Filetype Protection section to configure filtering of specific attachments in Email Traffic.
FiletypeFilterStatus confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_FILETYPE_FILTER_SETTING_DISABLE}', '$EMAILPROTECTION{SMTP_FILETYPE_FILTER_SETTING_ENABLE}' are allowed.
CheckForSPFNo  
Enbale to verify sender's hostname against sender's DNS
CheckForSPF confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_CHECK_SPF_ENABLE}', '$EMAILPROTECTION{SMTP_CHECK_SPF_DISABLE}' are allowed.
SpamProtectionStatusYes OFF 
On Anti-spam section to configure Spam scanning of Email traffic.
SpamProtectionStatus confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_ANTISPAM_SETTING_DISABLE}', '$EMAILPROTECTION{SMTP_ANTISPAM_SETTING_ENABLE}' are allowed.
DropMessageGreaterThanYes  
Specified action will be taken if the Email size matches the specified size.
DropMessageGreaterThan confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
routingorderNo  
Order in which Static Hosts are listed.
routingorder confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
NotifyOnMatchNo  
Enable to notify the sender of an Email if it is found to contain sensitive information as per configured DP policy.
NotifyOnMatch confines to:
  • Type is 'SCALAR'.
  • Only '$EMAILPROTECTION{SMTP_DPP_NOTIFY_SENDER_DISABLE}', '$EMAILPROTECTION{SMTP_DPP_NOTIFY_SENDER_ENABLE}' are allowed.



Operation   Status   Message
Add SMTP Policy200
Add SMTP Policy500
Add SMTP Policy542
Add SMTP Policy541
Add SMTP Policy502
Add SMTP Policy543
Add SMTP Policy545
Edit SMTP Policy200
Edit SMTP Policy500
Edit SMTP Policy542
Edit SMTP Policy541
Edit SMTP Policy543
Edit SMTP Policy545


© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.