Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure Inbound Email Protection In Sophos XG

Here in this article we will discuss how to configure email protection in sophos XG. Sophos XG email protection works in two modes

  1. MTA mode
  2. Legacy Mode

In this article we will mainly focus only on MTA mode

MTA Mode:

In MTA mode sophos XG firewall will act as mail transfer agent. When you configure sophos firewall as MTA agent, it should be responsible for receiving and routing emails to specific destination.

Under this mode you can configure relay settings where you can allow which mail servers can use XG as relay.

You can protect multiple mail domains on multiple email servers under this mode

We can view the email logs in GUI under this mode

Configure Inbound Email Routing:

Login to the sophos firewall GUI and click on Email and then click on policies and exceptions

inbound policy
Add Policy

Click on Add Policy and then click on SMTP route and scan

smtp policy
SMTP policy

Once you click on Add Policy and follow the required fields

Name: Enter any name for this email policy

Protected domain: Enter your internal domain name

Global Action: Under global action, you can select accept or reject the email

Route By: In this option you can select either MX or DNS host or Static host

MX Host: If we select this option, emails will be routed to the mail server based on MX records

Static Host: If we select this option, we can define IP address of email server as shown below and all the emails will be routed to that IP address.

statis host
Static Host

DNS Host: Under DNS host you can enter the domain name of mail server. Using that hostname mails will be routed to the mail server based on the hostname of mail server.

Spam Protection:

Click on enable spam protection to check if specific email is spam or not.

spam protection
Spam Protection

Check for Inbound Spam: If we enable this option, spam protection will be applied to all inbound emails

Use Greylisting: Grey listing basically means to reject emails for certain amount of time. With greylisting a message is rejected temperoary. because spammers cannot resend email

Reject Based On BATV: Sophos Firewall matches the recipient address in bounced emails with the BATV signature, rejecting emails with an invalid return address or expired signature. This protects recipients from bounced emails with forged return addresses. BATV signatures expire in seven days.

Reject Based On SPF: If we enable this option, sophos XG firewall will check for SPF. In case if it fails email will be rejected.

Reject Based on RBL: If we enable this option, firewall will check for black list ip address. In case if sender IP is listed in RBL, email will be rejected.

SPAM action: We can select spam action either to warn or quarantine or drop and you can select the same action to probable spam action.

Recipient Call Out: If this option is enabled, sophos XG firewall will be able to identify whether recipient is non deliverable email address or deliverable email address. In case if it is non deliverable recipient address firewall will block that email

Malware Protection:

malware protection
Malware Protection

In case if we enable this malware protection, we can select either dual virus or single virus. Select Dual Virus for deep scanning.

You can select anti virus action either to drop or quarantine.

File Protection:

file protection
File protection

We need to enable file protection to block specific file types through sophos XG email protection. We can also drop email if it is greater than specific size.

Once you create SMTP policy firewall rule will be automatically created.

Hope this article helps you.