How to set SMTP,IMAP and POP3 to be blocked in sophos UTM 9.5

Question

Hello, 
 As i am nearly new to sophos, i have a query. I really appreciate your help. 
 I m using sophos UTM 9.5 
 Test case 
 Send the following traffic with the virus file attached (HTTP GET/POST, FTP GET/PUT, SMTP, IMAP and POP3) 
 Requirement : 
 1.The virus file should be blocked with the proper error message 2. The virus file should be detected and the threat-found incremented in the statistics 3. Verify the virus detected message in the syslog 
 Thanks, 
 kk

DouglasFoster · Answer

Spend timeinthe Recommended Reading section of this forum. UTM has some complexity which is not well explained in the manual, but we have attempted to correct that in the Recommended Reading section. 
 To your specific questions, consider this diagram of incoming mail flows: 
 External (Hostile mail server) ----> SMTP Protocol ---> Your mail server ----> (MAPI, IMAP, POP3) ---> Outlook or other email client \_____ Webmail interface running in a browser 
 UTM can fliter the traffic in two places: 
 
 On the SMTP flow between the external mail server and your mail server, as long as UTM is between the two. This is where you want to detect and block the malware. 
 On the POP3 flow between your mail server and an email client, if the client uses POP3. POP3 is an obsolete protocol, and I cannot recommend using it. The Outlook configuration wizard implies that POP3 only does SSL3, not TLS 1.2, although I have not attempted to validate that clue. 
 
 What UTM cannot do: 
 
 It cannot filter traffic that it does not see. The traffic flow has to go through UTM, which is why I asked about your configuration. 
 It cannot filter MAPI or IMAP traffic 
 It might be able to limit downloads from the mail server to the desktop if you have web proxy filtering enabled and the webmail traffic flows through UTM. 
 
 Your desktop antivirus is required to intercept malware files that flow through an unfiltered path such as IMAP. 
 Most email malware now uses links instead of attachments, so you need to focus on web filtering as a related defense. The web proxies in UTM are excellent; I recommend using both Standard Mode and Transparent Mode. When used together, Standard Mode filters browser-originated traffic, and Transparent Mode filters non-browser web traffic. 
 The SMTP proxy in UTM is an entry-level utility, so remember that you paid nothing extra for this feature. It is better than no protection, but you will probably notice its limitations. Unfortunately, I have frustrations with mail filtering products at all price points. I am currently exploring one that is free. It appears to be better than those costing thousands of dollars per year, but I do not have it working yet.