Sophos XG: secure emails

Introduction

In this tutorial, we will see how to secure emails with a Sophos XG firewall.

The firewall offers two modes of operation for filtering emails:

  • MTA : the firewall will act as an SMTP relay
  • Legacy : it will be placed in transparent mode, which we will see in this tutorial.

In both modes the security options are the same:

  • Antivirus filtering
  • Antispam filtering with possible quarantine
  • Filtering rules.

In the tutorial, we will take a tour of the various protection options available, the Sophos site offers a complete documentation of each available element.

Prerequisites

  • Your sophos license must include email protection.
  • Mail servers must have been added to the hosts.

Add a rule for incoming emails

1. On the Web interface go to the list of rules (Firewall) 1 then click Add firewall rule 2 and choose Business application rule 3 .
New rule

2. In Application Template choose Email Servers (SMTP) 1 .
SMTP rule

3. Configure the rule:

  • 1 Name the rule.
  • 2 Source Wan.
  • 3 Public IP address for receiving emails.
  • 4 SMTP Services (S) port 25 and 587.
  • 5 Internal server that will receive emails.
  • 6 Zone where the server is located
  • 7 Check, check both boxes to enable security
  • 8 Check Log firewall traffic to have logs
  • 9 Click on Save.
SMTP rule

4. The rule is added 1 .
Rule added

Configure email protection

The protection of emails is accessible through the menu by clicking on Email.

General Settings

In this part is the general configuration of the SMTP security behavior.

I’m only going to introduce the modules that are used in the LEGACY mode

SMTP deployment mode

Change the function mode of SMTP MTA or LEGACY protection.
SMTP mode

SMTP settings

Adjusts the behavior for scanning attachments and enables reputation control and behavior.
Param SMTP

Messaging journal

This option allows you to configure sending incoming copy of email to another mailbox.
email log

I personally use this option to transfer messages from person leaving the company to the replacement. This will remove the box on the mail server.

Spam verification exceptions

Allows you to configure domains that will not be scanned by the antispam engine.
Spam verification exceptions

Anti-malware protection

Allows you to choose the antivirus engine (sophos or avira).
anti-virus

Strategies

This section contains the control rules that incoming emails will undergo to know if they are sent to the mail server, quarantined or blocked.

They work like firewall rules, they are read from top to bottom. If an email is not filtered by any of the rules, then it is forwarded to the server.

Strategies rules

When adding a strategy, there are two choices

SMTP antimalware control

This control adjusts the antivirus behavior (single / double) depending on the type of attachment.

SMTP antispam control

This control makes it possible to configure the behavior of the antispam according to several criteria and to choose an action.

SOPHOS XG - EMAIL - ANTISPAM

Quarantine report

This option allows you to set the email alerts sent to users if emails are quarantined on the firewall.

quarantine report configuration

Access to quarantine is not the user portal.

Portail user


How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

We are sorry that this post was not useful for you!

Let us improve this post!



Related Posts


Stormshield: url filtering https without decryption
Presentation In this tutorial, we'll see how to set up https url filtering (SSL) without needing to decrypt and therefore deploy the stormshield certificate. This solution does not display a blocking page, users will have a blank page. Implementing h

Exchange: Creating a Receive connector
Presentation In this tutorial, we will see how to set up a Receive connector on Exchange to allow devices (copiers / firewall ...) and applications to send email addresses to mailboxes that are hosted on Exchange. Creating the connector 1. Open the E

ADFS: Installation and Configuration
In this article, I propose to discover the AD FS and Proxy (WAF) roles. As part of the preparation for the 70-742 certification, I embarked on the mock-up of an infra. What's this ? ADFS and the proxy that accompanies it can put several things in pla

Leave a Comment