This feature requires a subscription. It can be configured but cannot be enforced without a valid Email Protection subscription.
From the email tab, you can configure SMTP/S, POP/S and IMAP/S settings, email security policies, secure PDF eXchange (SPX) and data control.
The device offers comprehensive email security, preventing sophisticated forms of zero-hour threats and blended attacks involving spam, botnets, phishing, spyware and more. The basic email protection configuration includes:
- Creating policies to allow or deny email traffic to and from your email server.
- Apply spam, malware, data and file protection on email traffic.
- SPX
- configuring an email threshold size for scanning
- specifying action to be taken if a virus is detected
- blocking mails based on sender or recipient
- blocking mails with certain file types.
SMTP deployment modes
Two deployment modes are available:
- Legacy mode
- MTA mode
Legacy mode
In legacy mode, Sophos XG Firewall acts as a transparent proxy that scans emails for malware and spam, applies SPX encryption and data protection.
MTA mode
In MTA mode, Sophos XG Firewall acts as a mail transfer agent (MTA). MTA is a service that is responsible for receiving and routing emails to their specified destinations.
Use MTA mode deployment if you need to route emails instead of forwarding email traffic as proxy.
- Performs relaying and routing of emails. You can configure relaying of emails from .
- Protects multiple email servers using SMTP policies. You can define the protection on your email domains from .
- Displays email messages that are either in-wait or failed to be delivered in the .
- Displays logs for all the emails processed by the device from .