Here in this article we will discuss how to configure email protection in sophos XG. Sophos XG email protection works in two modes
- MTA mode
- Legacy Mode
In this article we will mainly focus only on MTA mode
In MTA mode sophos XG firewall will act as mail transfer agent. When you configure sophos firewall as MTA agent, it should be responsible for receiving and routing emails to specific destination.
Under this mode you can configure relay settings where you can allow which mail servers can use XG as relay.
You can protect multiple mail domains on multiple email servers under this mode
We can view the email logs in GUI under this mode
Configure Inbound Email Routing:
Login to the sophos firewall GUI and click on Email and then click on policies and exceptions
Click on Add Policy and then click on SMTP route and scan
Once you click on Add Policy and follow the required fields
Name: Enter any name for this email policy
Protected domain: Enter your internal domain name
Global Action: Under global action, you can select accept or reject the email
Route By: In this option you can select either MX or DNS host or Static host
MX Host: If we select this option, emails will be routed to the mail server based on MX records
Static Host: If we select this option, we can define IP address of email server as shown below and all the emails will be routed to that IP address.
DNS Host: Under DNS host you can enter the domain name of mail server. Using that hostname mails will be routed to the mail server based on the hostname of mail server.
Click on enable spam protection to check if specific email is spam or not.
Check for Inbound Spam: If we enable this option, spam protection will be applied to all inbound emails
Use Greylisting: Grey listing basically means to reject emails for certain amount of time. With greylisting a message is rejected temperoary. because spammers cannot resend email
Reject Based On BATV: Sophos Firewall matches the recipient address in bounced emails with the BATV signature, rejecting emails with an invalid return address or expired signature. This protects recipients from bounced emails with forged return addresses. BATV signatures expire in seven days.
Reject Based On SPF: If we enable this option, sophos XG firewall will check for SPF. In case if it fails email will be rejected.
Reject Based on RBL: If we enable this option, firewall will check for black list ip address. In case if sender IP is listed in RBL, email will be rejected.
SPAM action: We can select spam action either to warn or quarantine or drop and you can select the same action to probable spam action.
Recipient Call Out: If this option is enabled, sophos XG firewall will be able to identify whether recipient is non deliverable email address or deliverable email address. In case if it is non deliverable recipient address firewall will block that email
In case if we enable this malware protection, we can select either dual virus or single virus. Select Dual Virus for deep scanning.
You can select anti virus action either to drop or quarantine.
We need to enable file protection to block specific file types through sophos XG email protection. We can also drop email if it is greater than specific size.
Once you create SMTP policy firewall rule will be automatically created.
Hope this article helps you.