Add SMTP Policy

This feature is applicable only on Sophos XG Firewall devices where MTA Mode is enabled.

  1. Go to Device Configuration > Protect > Email > Policies and click Turn off Legacy Mode.
  2. Click SMTP Route & Scan under Add Policy.
  3. Specify values for Domains and Routing Target.
    Domain
    Select the Domain(s) (Address Group (MTA)) to which the SMTP Policy links. You can also add new Domain(s) using Create New link. Address Group (MTA) can be configured from Device Configuration > Protect > Email > Address Group (MTA).
    Route By

    Select the host to which Emails for the listed domains should be forwarded to, for example, the Microsoft Exchange Server on your local network. You can choose between different server types:

    Available Options:

    Static Host:

    Select Static Host to define the target route as a static IP address(es) of the internal Email Server.

    MX:

    Select MX to route mail to your domain(s) by means of MX record(s). If you select this route type, the Device makes a DNS query requesting the MX record for the recipient's domain name, which is the portion of the email address following the "@" character. Make sure that the gateway is not the primary MX for the domain(s) specified above, since it will not deliver mail to itself.

  4. Enable Spam Protection section to configure Spam scanning of Email traffic.
    Check for Inbound Spam

    All the Emails that are received by the users in their inbox are referred to as Inbound.

    If you select Check for Inbound Spam, all the Emails received by the users are scanned for spam by the Device.

    If Email is detected as a "Spam", selected Spam Action is applied.

    If Email is detected as a " Probable Spam", which means that the Anti-spam engine has detected the Email as suspicious but not as Spam, selected Probable Spam Action is applied.

    Check for Virus Outbreak
    If you select Check for Virus Outbreak, all the Emails received by the users are scanned for viruses by the Device.

    If Email is detected to cause a virus outbreak, selected Spam Action is applied.

    If Email is detected as suspicious but not confirmed as a virus outbreak, selected Probable Spam Action is applied.

    Check for Outbound Spam
    Emails that are sent by the user in the network to a remote user on another Email system, are referred as Outbound.
    If you select Check for Outbound Spam, all the Emails sent by the local users are scanned for spam by the Device before being delivered.

    If Email is detected as a "Spam", selected Spam Action is applied.

    If Email is detected as a " Probable Spam", which means that the Anti-spam engine has detected the Email as suspicious but not as Spam, selected Probable Spam Action is applied.

    Use Greylisting

    Greylisting allows the device to control spam. When greylisting, the device temporarily rejects inbound emails from IP addresses of unknown email servers for a five-minute period. Subsequent to this period, legitimate email servers retry sending rejected emails at regular intervals. The device accepts the re-sent emails and greylists the sender’s IP address for a specific period.

    Check for RBL

    Click to verify the reputation of the sender IP Address. When enabled, the Device dynamically checks the sender’s IP Address of all Emails. If the IP Address is found to be responsible for sending spam email or malicious contents, the Device takes action.

    If Email is detected as a "Spam", selected Spam Action is applied.

    If Email is detected as a " Probable Spam", which means that the Anti-spam engine has detected the Email as suspicious but not as Spam, selected Probable Spam Action is applied.

    Prefix Subject
    Specify prefix that is to be added with the email subject.
    Note Available when action as Warn is selected.
    Recipient Verification

    Available Options:

    Off (Not Recommended)

    Select if no action is to be taken.

    With Callout (Recommended)

    Recipient Verification is the process of checking the recipients of an inbound email to one of your Internal mail server. Recipient email address in the message envelope is checked against the email user account on the destination mail server. Mails to non-existent users are rejected. If the mail server is not reachable within the defined time-out period of 90 seconds, the recipient is accepted. This reduces the load on the firewall as it will only process mail for valid recipients and conserve quarantine space.

    Turning off recipient verification is not recommended as it might lead to higher spam mails and clogging of quarantine space.

    Spam Action
    Select action to be taken if Email is detected as Spam.

    Available Options:

    None:

    Select if no action is to be taken.

    Warn:

    Email is accepted and delivered to the intended recipient but after tagging the subject line.

    Quarantine:

    Device does not deliver Email but copies it to the Quarantine. You can view the Email details and release the Email, if required, from the Quarantine.

    Drop:

    Email is dropped.

    Default: Drop.

    Probable Spam Action
    Select action to be taken if Email is detected as suspicious but not confirmed as Spam.

    Available Options:

    None:

    Select if no action is to be taken.

    Warn:

    Email is accepted and delivered to the intended recipient but after tagging the subject line.

    Quarantine:

    Device does not deliver Email but copies it to the Quarantine. You can view the Email details and release the Email, if required, from the Quarantine.

    Drop:

    Email is dropped.

    Default: Warn.

  5. Enable Malware Protection section to configure malware scanning of Email traffic.
    Scanning

    Specify the type of scanning to be applied.

    Available Options:

    Single Anti-Virus:Traffic will be scanned ONLY by the Primary Anti-Virus Engine. Select the Primary Anti-Virus Engine from Device Configuration > System > System Services > Malware Protection. Dual Anti-Virus:Traffic will be scanned by both Anti-Virus Engines, first by Primary and then by the Secondary Engine. Select the Primary Anti-Virus Engine from Device Configuration > System > System Services > Malware Protection.
    Anti-virus Action
    Select action to be taken if a malware is detected in an Email.

    Available Options:

    None:

    No action to be taken.

    Quarantine:

    Device does not deliver Email but copies it to the Quarantine. You can view the Email details and release the Email, if required, from the Quarantine.

    Drop:

    Email is rejected and a rejection notification is NOT sent to the Email sender.

    Default: Drop

    Notify Sender
    If enabled, the original message is withheld by the Device and a notification is sent to the sender informing that the Email was infected.
    Quarantine Unscannable and Encrypted Content

    Enable to quarantine emails whose content cannot be scanned.

    Unscannable content may include encrypted or corrupt archives, oversized email, or emails not scanned due to internal error.

  6. Enable File Protection section to configure filtering of specific attachments in Email Traffic.
    Block File Types

    Select file types to be blocked as an attachment to remove all the files that are a potential threat and to prevent virus attacks.

    More than one file type can be selected using Ctrl/Shift keys.

    Device contains a default list of File Types, with each Type containing relevant file extensions. Refer to Device Configuration > Objects > Content > File Type to view the list of file extensions which can be blocked.

    Select All to block Emails with any type of attachments.

    Select None to allow Emails with any type of attachments.

    MIME Whitelist

    If one or more File Type is selected in Block File Type, this field is populated with the corresponding MIME Headers that belong to selected File Type(s).

    Select the MIME Header(s) of the selected File Type(s). Only selected headers are to be allowed while the rest in the selected File Type are to be blocked during Anti-virus scanning of Email attachments.

    Drop message greater than
    Specify maximum file size in KB of Emails. Emails greater than specified size will be dropped by Device.
  7. Enable Data Protection section to configure confidential data protection in Email Traffic.
    Data Control List

    Select Data Control List to be applied for scanning and corresponding action, Data Protection Policies can be configured from Protection > Email Protection > Data Protection (MTA).

    Available Options for actions:

    Accept: Email is accepted and delivered to the intended recipient. Accept with SPX: Email is accepted and delivered to the intended recipient after being SPX encrypted. Select the SPX Template (MTA) to be applied to the Email. You can configure SPX Templates from Protection > Email Protection > SPX Templates (MTA). Drop: Email is rejected and a rejection notification is NOT sent to the Email sender.
    Notify Sender
    Enable to notify the sender of an Email if it is found to contain sensitive information as per configured Data Protection policy.
  8. Select the action for all traffic applicable to Policy.
    Action
    Select action for all the traffic applicable to the Policy. Available options are Accept and Reject. Select SPX Template in case you select Accept.

    Default: Accept.