Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Configure POP-IMAP scanning

Specify the settings for POP-IMAP scanning and add a firewall rule to allow traffic and implement the scanning.

Introduction

You can specify the following settings for POP-IMAP scanning:

  • POP-IMAP settings: Specify scanning based on the email size and recipient headers.
  • POP-IMAP TLS configuration: Specify the mail server CA, certificates, and TLS protocols.
  • POP-IMAP policy: Specify the policy settings, if required.
  • Firewall rule: Specify POP-IMAP and POPS-IMAPS scanning. If you don't configure the firewall rule, Sophos Firewall doesn't apply the POP-IMAP settings and policies configured above.

Specify the POP/IMAP settings

Configure the POP-IMAP general and security settings.

  1. Go to Certificates > Certificate authorities and add the mail server's CA.
  2. Go to Email > General settings and go down to POP/S and IMAP/S settings and change the default settings, if required.

    1. Enter the email size for scanning.
    2. Add or delete the recipient headers for scanning.

      Here's an example:

      Configure POP-IMAP general settings.

  3. Go down to POP and IMAP TLS configuration and specify the following:

    Name Setting
    TLS certificate Select the mail server CA you uploaded.
    Allow invalid certificate Clear the check box.
    Disable legacy TLS protocols Select the check box to turn off protocols earlier than TLS 1.1.

    Here's an example:

    Configure POP-IMAP security settings.

Add a POP-IMAP scan policy (MTA mode)

With POP-IMAP scan policies, you can specify filter criteria for senders' and recipients' emails. You can warn recipients based on a criteria match in emails.

  1. Go to Email > Policies and exceptions.
  2. Click Add a policy, and then click POP-IMAP scan.
  3. Enter a name.
  4. Specify the senders' and recipients' email address groups or domain groups. Specify an exact match or keyword match.
  5. Specify the filter criteria based on which policy applies the specified action.

    Option Description
    Inbound email is Criteria for spam, probable spam, virus outbreak, or probable virus outbreak.
    Source IP/network address Sender's IP address or network address.
    Message size Upper or lower limit of email size for scanning.
    Message header Header criteria.
    For Other, enter the details.
    Specify an exact match or keyword match.
    Specify the keyword.
    None Sophos Firewall applies the action that you specify to all emails sent between the specified senders and recipients.
  6. Select the action.

    Option Description
    Accept Delivers the email.
    Prefix subject Adds a prefix to the subject and delivers the email.

    Note: You can specify a prefix that indicates the filter criteria. For example, if you specify the prefix Probable spam to the subject Test email, recipients receive an email with the subject Probable spam: Test email.
  7. Click Save.

Update the automatically created firewall rule for MTA with the POP-IMAP scan settings under Scan email content. Alternatively, create a new firewall rule.

Add a firewall rule

Specify the firewall rule settings to scan POP-IMAP and POP3-IMAP3 traffic for all source and destination criteria.

  1. Go to Rules and policies > Firewall rules, and click the automatically created firewall rule for MTA mode.

    Alternatively, you can click Add firewall rule and create a new firewall rule for POP-IMAP scanning.

    Automatically added firewall rule for email MTA mode.

  2. Under Scan email content, select the following and click Add ports:

    • Scan IMAP
    • Scan IMAPS
    • Scan POP3
    • Scan POP3S

    Scan email content in firewall rule.

  3. Check if the protocols are listed under Services.

    Specify the services in firewall rule.

  4. Click Save.

More resources