Requirements to implement anti spam


I am a newbie even in this topic, I currently have my email hosted in a hosting and my sophos in my data center. What configuration do I have to do in my DNS records?


  • gerardo josic rodriguez paredes


    I am a newbie even in this topic, I currently have my email hosted in a hosting and my sophos in my data center. What configuration do I have to do in my DNS records?



    Generally speaking, it is more efficient and cost effective to deploy an email appliance on-premises to protect internal email servers.  Cloud email appliances are best used for protecting hosted email servers.  Depending on your hosted email service, you may be able to deploy your email scanner in a virtual instance nearby or at the same location as your hosted email servers.  This is a lot cheaper than purchasing a physical appliance.

    Now, you can do the opposite. Cloud email appliances can be used to protect internal email servers, and they are often used to protect hybrid situations with both internal and external servers.  The problem comes in using on-premesis email appliances to protect external hosted email servers.  Your email comes to your network first.  Your email is scanned. Then, your email is sent off-site to your hosted email service; where it is sorted into the appropriate user account.   When a user checks their email, the email comes to your internal network again; where the email is possibly scanned again.  You have now transferred your email through your internet gateway 3 times just to read your email.  This causes congestion and may affect the price of your internet service.

    Depending on your setup, you may have also passed your email through your web/email scanning appliances twice.  This may cause you to need to purchase a bigger email/web appliance because of the double throughput.  This setup also makes it more difficult to troubleshoot if one or more users aren't able to read their email because you have more places to diagnose to determine if the email was not received by your email server or if the email is blocked between server and the user trying to read it.


    Regardless, If your DNS is already pointing to your internal network, don't change it.  You need the email to come to your appliance first, so it can be scanned.  After scanning, the email is sent to your email servers by your email appliance.  In order for this to happen, you will need to know the domain names and MX records of your hosted email servers (for example, these are the setting for G Suite ).  These settings go into your email appliance in 5.8 and 5.9 of the Sophos Email Appliance Configuration Guide.  If your MX records currently point to your hosted email service, copy those setting to sections 5.8 and 5.9 above.  Then change your DNS MX records to point to your email appliance.

    Section 5.10 of the configuration guide is how the email will flow out of your network.  All your email needs to go back to your hosted email servers, but you need to decide if you want to scan is again as it goes out.  If you want to scan your email again to ensure that malware or a a malicious user is not sending out your data, you need to send your email back through your email appliance and possibly your web appliance too before it leaves your network.  This is one way to catch zero-day exploits, ransomware, and other unknown issues.

    If you have problems with this setup, contact the sales person who sold you the appliance and their technician who said this would work for your situation.

  • In reply to David Birdsall:

    I appreciate your answer, however I still have many questions regarding configuration. My scenario is the following:

    Anti Spam:
    UTM ASG 9

    DNS records:


    It is important to clarify that:

    1-I have a public DNS configured so that my UTM can resolve me through a name.

    The settings I made so far was to create an MX record in my DNS records (GoDaddy) in the following way:

    Type: MX
    Name: @
    TTL: 1/2 hour

    With this I redirected the emails to my UTM, then proceeded to configure the Email protection module:
    Configuration mode: Simple Mode.

    Domains: mydomain
    Host List:
    (I have not added anything yet)

    I feel a little confused, do I have to configure something on the Zoho platform?

    I hope you can help me.

    Thank you !!

  • In reply to gerardo josic rodriguez paredes:

    Good news, sophos utm is already receiving incoming emails, the problem is that it does not reach my inbox. I imagine that the problem is in the "Routing" tab in "Host Lis", here before I added the private ip of my mail server, now I use the mail of the Zoho Mail platform and I do not have to add in "Host List" "

    I hope you can help me.

    Thank you

  • In reply to gerardo josic rodriguez paredes:

    Hii !!!


    My mail provider told me that I have to add some MX records in Sophos:

    Address / Mail Server / MX Entries / Value - Priority - 10 - 20 - 50

    In the "Host List" add the following:

    This is correct?

    The message I receive in the LOGS is:

    2018: 01: 12-12: 15: 15 utm exim-out [53901]: 2018-01-12 12:15:15 1eZJUR-0009CE-Er == R = dnslookup T = remote_smtp defer (-53): retry time not reached for any host
    2018: 01: 12-12: 15: 22 utm exim-out [52983]: 2018-01-12 12:15:22 1eZk1q-000DIp-0Z []: 25 Connection timed out

    Help me please !!!