Configure POP-IMAP scanning
Specify the settings for POP-IMAP scanning and add a firewall rule to allow traffic and implement the scanning.
Introduction
You can specify the following settings for POP-IMAP scanning:
- POP-IMAP settings: Specify scanning based on the email size and recipient headers.
- POP-IMAP TLS configuration: Specify the mail server CA, certificates, and TLS protocols.
- POP-IMAP policy: Specify the policy settings, if required.
- Firewall rule: Specify POP-IMAP and POPS-IMAPS scanning. If you don't configure the firewall rule, Sophos Firewall doesn't apply the POP-IMAP settings and policies configured above.
Specify the POP/IMAP settings
Configure the POP-IMAP general and security settings.
- Go to Certificates > Certificate authorities and add the mail server's CA.
-
Go to Email > General settings and go down to POP/S and IMAP/S settings and change the default settings, if required.
-
Go down to POP and IMAP TLS configuration and specify the following:
Name Setting TLS certificate Select the mail server CA you uploaded. Allow invalid certificate Clear the check box. Disable legacy TLS protocols Select the check box to turn off protocols earlier than TLS 1.1. Here's an example:
Add a POP-IMAP scan policy (MTA mode)
With POP-IMAP scan policies, you can specify filter criteria for senders' and recipients' emails. You can warn recipients based on a criteria match in emails.
- Go to Email > Policies and exceptions.
- Click Add a policy, and then click POP-IMAP scan.
- Enter a name.
- Specify the senders' and recipients' email address groups or domain groups. Specify an exact match or keyword match.
-
Specify the filter criteria based on which policy applies the specified action.
Option Description Inbound email is Criteria for spam, probable spam, virus outbreak, or probable virus outbreak. Source IP/network address Sender's IP address or network address. Message size Upper or lower limit of email size for scanning. Message header Header criteria.
For Other, enter the details.
Specify an exact match or keyword match.
Specify the keyword.None Sophos Firewall applies the action that you specify to all emails sent between the specified senders and recipients. -
Select the action.
Option Description Accept Delivers the email. Prefix subject Adds a prefix to the subject and delivers the email.
Note: You can specify a prefix that indicates the filter criteria. For example, if you specify the prefixProbable spam
to the subjectTest email
, recipients receive an email with the subjectProbable spam: Test email
. -
Click Save.
Update the automatically created firewall rule for MTA with the POP-IMAP scan settings under Scan email content. Alternatively, create a new firewall rule.
Add a firewall rule
Specify the firewall rule settings to scan POP-IMAP and POP3-IMAP3 traffic for all source and destination criteria.
-
Go to Rules and policies > Firewall rules, and click the automatically created firewall rule for MTA mode.
Alternatively, you can click Add firewall rule and create a new firewall rule for POP-IMAP scanning.
-
Under Scan email content, select the following and click Add ports:
- Scan IMAP
- Scan IMAPS
- Scan POP3
- Scan POP3S
-
Check if the protocols are listed under Services.
-
Click Save.
More resources