Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
I tried to block some well-known spam senders and was surprised, that still spam goes through.
After investigating I noticed, that E-Mail Protection -> SMTP -> Antispam -> "Blacklisted Address Patterns" only blocks the ENVELOPE sender.
Why the heck is there no field to block the domains (or hosts/networks) of sending servers themselves?
The effect now is that I know their domains (in this case it's well known (google for it) kjm2.de) but I didn't find the proper fields for it. Google also didn't help for that.
Is there any other solution than making the firewall rules messy?
Thanks in advance! (German answers are fine, I just guess it's a minority here)
If I understand correctly you are trying to block IPs or network ranges? This is possible in the blocklist, it does allow you to add networks in CIDR notation: ie. x.x.x.x/y this will look at sending server as perceived from Central Emails perspective.
However, as you mentioned this can be cumbersome to maintain and become "messy". For spam samples if it is a repeated occurrence or senders I would recommend submitting spam to our support team and this will help with future detection to avoid manual blacklisting.
I guess you are talking about Sophos UTM?
You should post your Question in https://community.sophos.com/products/unified-threat-management/
This Forum is for Central Email & Email Appliance (Which can do this kind of blocking btw).