Email Policies and Exceptions

This page allows configuration of POP-IMAP Malware Scanning and Email Scanning Policy.

This feature requires a subscription in Sophos XG Firewall. It can be configured but cannot be enforced without a valid Email Protection subscription.

This page contains the following sections:

POP-IMAP Malware Scanning

The device applies a single policy to all POP and IMAP/S traffic so that whenever a virus gets detected in an Email, the virus-affected attachment is stripped from the Email and the Email body is replaced with a notification message.
Scanning
Specify the type of scanning to be applied.

Available Options:

  • Disable: No scanning applied.
  • Single Anti-Virus (Maximum Performance): Traffic will be scanned only by the Primary Anti Virus Engine. Select the Primary Anti Virus Engine from System > System Services > Malware Protection.
  • Dual Anti-Virus (Maximum Security): Traffic will be scanned by both Anti Virus Engines, first by the Primary and then by the Secondary Engine. Select the Primary Anti Virus Engine from System > System Services > Malware Protection.

Email Policies

Use this section to add, edit, delete and synchronize POP-IMAP Policy, SMTP Malware Policy, SMTP Scanning Policy and SMTP Profiles. You can filter the list of Policy based on the email sender or recipient.

Mode Switch option
Select the mode from the following for which you want to create Policy:
  • MTA
  • Legacy
Add Email Policy
Select to create a new Policy from the following:
  • POP-IMAP Policy:

    POP-IMAP Scanning Policy can be configured for particular senders and recipients. A Policy defines the action to be taken if an Email is detected as Spam, Probable Spam, part of Virus Outbreak or Probable Virus Outbreak. To reduce the risk of losing legitimate messages, the Spam Quarantine repository - a storage location- provides administrators with a way to automatically quarantine Emails that are identified as spam. This helps in managing spam and probable spam quarantined mails so that the user can take appropriate actions on such emails.

    Note A default editable POP-IMAP Policy default-pop-av is pre-configured in all SF device(s) and applied to all Email traffic as soon as you subscribe to the Email Protection Module.
  • SMTP Profile (available only when MTA mode is enabled):

    SFM allows you to create SMTP Profiles for multiple Sophos XG Firewall devices which can be used to protect multiple Domains on your internal Email Server or multiple Email Servers. Using these Profiles, Sophos XG Firewall protects the internal server(s) from remote attacks and additionally provide powerful virus scanning, Email encryption and Email filtering services.

  • SMTP Malware Policy (available only when MTA mode is disabled):

    SMTP Malware Scanning Policy allows you to define action to be taken on Emails if they are virus-infected, suspicious or contain a protected attachment. Based on the action defined in Policy, such Emails can be delivered as it is, dropped, or cured and then delivered or quarantined. A SMTP Malware Scanning Policy defines: whether to quarantine the Emailwhether sender, receiver or Administrator are to be notifiedwhether to block the Email containing a specified file typewhat action is to be taken if Email is infected/suspicious/ contains a protected attachment: deliver as it is, drop, cure and then deliver A default SMTP Malware Scanning Policy is pre-configured in the Device and applied to all Email traffic as soon as you subscribe to the Email Protection Module. It is recommended to create separate Policy fine tuned to your specific network requirements to minimize the possibility of threats.

    Note A default editable SMTP Malware Policy default-smtp-av is pre-configured in all SF device(s) and applied to all Email traffic as soon as you subscribe to the Email Protection Module.
  • SMTP Scanning Policy (available only when MTA mode is disabled):

    SMTP Scanning Policy can be configured for particular senders and recipients. Policy defines action to be taken if an Email is detected as Spam, Probable Spam, part of Virus Outbreak or Probable Virus Outbreak, and lets you specify the action to be performed on the Email. To reduce the risk of losing the legitimate messages, Spam Quarantine repository - a storage location, provides administrators a way to automatically quarantine Emails that are identified as Spam. This helps in managing Spam and probable Spam quarantined mails so that user can take appropriate actions on such mails.