Add SMTP Scanning Policy
This feature requires a subscription in Sophos XG Firewall. It can be configured but cannot be enforced without a valid Email Protection subscription.
The SMTP Scanning Policy page allows you to configure scanning policy to detect incoming and outgoing Spam in Email traffic and take appropriate action.
- Go to Device Configuration > Protect > Email > Policies and click on Switch to Legacy Mode.
- Click Add Policy and select SMTP Spam Scan.
- Specify Name for SMTP Scanning Policy.
-
Enter Email Address/Domain Group details.
- Sender
-
Specify Email Address(es) of the Sender(s). You can select from the variants:
-
Contains:Specify keywords to be matched with Sender Email Addresses. Policy applies to Address(es) containing those keywords. For example, if keyword "mail" is specified, Policy will apply to Sender Email Addresses john@hotmail.com, sophosmail@sophos.com, etc.
-
Equals:Specify the exact Email Address(es) of the Sender(s).
You can also add RBLs, list of Email Addresses or keywords using Create New link.
-
- Recipient
-
Specify Email Address(es) of the Recipient(s). You can select from the variants:
- Contains:Specify keywords to be matched with Recipient Email Addresses. Policy applies to Address(es) containing those keywords. For example, if keyword "mail" is specified, Policy will apply to Recipient Email Addresses john@hotmail.com, sophosmail@sophos.com, etc.
- Equals: Specify the exact Email Address(es) of the Recipient(s).
You can also add RBLs, list of Email Addresses or keywords using Create New link.
-
Select the Filter Criteria.
- Inbound Email is
-
All the Emails that are received by the users in their inbox are referred as Inbound.
On configuring Inbound Spam, all the Emails received by the users are scanned for spam and viruses by the Device.
Specified action will be taken if the Device has identified the Inbound Email to be one of the following:
- Spam
- Probable Spam
- Virus Outbreak
- Probable Virus Outbreak
- Outbound Email is
-
Emails that are sent by the user in the network to a remote user on another Email system, are referred as Outbound.
On configuring Outbound Spam, all the Emails sent by the local users are scanned before being delivered to other users on the Internet for spam and viruses by the Device.
Specified action will be taken if the Device has identified the Outbound Email to be one of the following:
- Spam
- Probable Spam
- Virus Outbreak
- Probable Virus Outbreak
- Source IP/Network Address
-
Specify IP/Network Address, action will be taken when the Email sender IP Address matches the specified IP/Network Address.
- Destination IP/Network Address
-
Specify IP/Network Address, action will be taken when the Email recipient IP Address matches the specified IP/Network Address.
- Sender Remote Blacklist
-
Select Remote Blacklist (RBL), action will be taken when the sender is listed in the specified RBL Group.
- Message Size
-
Specify Message Size, action will be taken when the Email size matches the specified size.
- Message Header
-
Specified action will be taken if the message header equals or contains the specified text.
-
Contains:Specify keywords to be matched with Message Header. Policy applies to Header(s) containing those keywords.
-
Equals: Specify the exact Header(s) to be scanned.
You can scan message header for Spam in:
- Subject: Specified action will be taken if the header contains the matching subject.
- From: Specified action will be taken if the header contains the matching text in the From address.
- To:Specified action will be taken if the header contains the matching text in the To address.
- Other: Specified action will be taken if the matching text is found in the headers.
-
- Data Control List
-
Specified action will be taken if message contains data matching with the configured Data Protection Policy. You can create Data Protection Policies from Device Configuration > Protect > Email > Data Protection Policies.
- None
-
Select to create a Policy between specific sender and recipient without any conditions. You can set actions for SMTP mails only on the basis of sender and recipient.
-
Select the action.
- Action:
- Select action to be taken for the SMTP traffic. Available
Options:
- Reject:Email is rejected and rejection notification is sent to the Email sender.
- Accept(Not available for Outbound Spam): Email is accepted and delivered to the intended recipient. Administrator can bind an SPX Template to this action so that the Email is delivered to the intended recipient after being SPX-encypted.
- Change Recipient:Email is accepted but is not delivered to the intended recipient for whom the message was originally sent. Email is sent to the recipient specified in the spam policy.
- Prefix Subject(Not available for Outbound Spam): Email is accepted and delivered to the intended recipient but after tagging the subject line. Administrator can bind an SPX Template to this action so that the Email is delivered to the intended recipient after being SPX-encypted.
- Drop:Email is rejected but rejection notification is not sent to the Email sender.
- You can customize subject tagging in such a way that the recipient knows that the Email is a spam Email.
- For Example
Contents to be prefixed to the original subject: ‘Spam notification from the Device –' Original subject: ‘This is a test’.
Recipient will receive Email with subject line as: ‘Spam notification from the Device - This is a test’.
- Quarantine:If enabled, does not deliver Email but copies the Email to the quarantine file list. You can view the Email details like sender and recipient of the Email in the quarantined file list.
- Select action to be taken for the POP-IMAP traffic.
- Available Options:
-
- Accept:Email is accepted and delivered to the intended recipient.
- Prefix Subject:Email is accepted and delivered to the intended recipient but after tagging the subject line.Tagging content is specified in spam policy.You can customize subject tagging in such a way that the recipient knows that the Email is a spam Email. For Example Contents to be prefixed to the original subject: ‘Spam notification from the Device – ‘Original subject: ‘This is a test’ Recipient will receive Email with subject line as: ‘Spam notification from the Device - This is a test’.
Figure: Add Content Scanning Policy - Click Save.