"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The Sender Genotype Service is enabled on the Sophos Email Appliance by default. This service uses data from SophosLabs to determine whether the sending IP address has a bad reputation. Messages sent from IP addresses with a bad reputation will be rejected.
This feature can help block a large percentage of spam at the connection level based on the reputation of the sender IP address. Not only does this significantly reduce the amount of spam you receive, but also reduces the load on the appliance and your internal mail servers.
This article describes how to configure the Sender Genotype Service.
Known to apply to the following Sophos products and versions Sophos Email Appliance
Configure Sender Genotype Options
Log in to the Sophos Email Appliance, and select Configuration | Policy | Filtering Options.
Choose one of three options for this setting:
It is strongly recommended that you do not disable the blocking of mail from known bad senders.
Note: If your network has trusted local SMTP relays that pass inbound messages to the Email Appliance, use policy-level blocking instead of connection-level blocking, and add the local inbound SMTP relays to the Trusted Relays list. Connection-level blocking will only work correctly if the Email Appliance receives messages directly from the internet.
Note: When configured in connection-level mode, the appliance will perform both a connection-level check and a policy-level check.
Configure your network for Sender Genotype Service
It is important to remember that the Sender Genotype Service MUST be scanning the Sender's IP address in order to be effective and prevent false positives.
The following configuration must be made to ensure we are scanning the Senders' IP address:
You can check the reputation of an IP address and request that the IP be re-classified by using our online tool here:
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.