Disable Email protection/Scanning on Sophos XG

Hello

I have seen a couple of posts with similar question but no straight forward answer was given.

Please advise how can I disable/remove email protection or scanning.

When connected on Sophos and try to send email via outlook on windows PC I get a pop up saying

"""

Internet Secuirty Warning:

The server you are connected  to is using a security certificate that can not be verified

The target principal name is incorrect

Do you want to continue using this server?

"""

When I click yes emails still don't get sent. When connecting to my DSL modem directly I can send mails without any problems or windows pop up.

Please advise a simple way to disable any mail activities on sophos and make it just send the mail traffic without any manipulation as any consumer router will do without the fancy features.

 

Thank you very much

  • Hi  

    Did you configure the email protection in the XG firewall? Is it in MTA mode?

    Is there any scanning applied such as SMTP or SMTPS on the firewall rule from where the email traffic is passing?

  • In reply to Keyur:

    Hello


    I have rule for internet access that allows any LAN to any WAN service.

    In the rule configuration Nothing is checked on the section "Web Malware and Content Scanning"

    also on the section "Advanced" only NAT is checked and the NAT policy MASQ is selected.


    On Protect > Email > Policies: there are bunch of policies specified. Cant see an option to disable them. Can I disable these?

    On Protect > Email > General Settings: SMTP Deployment Mode Device acts as MTA with an option to change it to proxy

     

    Please advise how do I disable these settings

  • In reply to basondole:

    Hi  

    Are you using the web site to access email or any app/email client to access email?

    Which protocol are you using SMTP or POP/IMAP to access email through email client?

    Could you please share the screenshot of the error?

  • In reply to Keyur:

    Hello

     

    Using outlook to access emails.

    This is the pop up error

     

    Clicking View Certificate

     

    Install Certificate

  • In reply to basondole:

    Hi  

    If you are not using email protection on the XG firewall, please disable Auto added firewall rule for SMTP/SMTPS. 

    I would also suggest you to create one test firewall rule with your workstations IP address in a source network without any filters and check if this certificate errors disappears or not.

    If you no longer see these certificate errors with this test firewall rule than this traffic might be filtered with web proxy. Please update the outcome of this test.

    Thanks,

  • In reply to H_Patel:

    Hello

    Please  clarify

    You mean I create a firewall rule from LAN Zone with my workstation ip as network to WAN Zone any destination?

  • In reply to H_Patel:

    Is it also required to change this to legacy proxy mode?


    On Protect > Email > General Settings: SMTP Deployment Mode Device acts as MTA

  • In reply to basondole:

    Hi  

    Yes, create a firewall rule source zone LAN and destination zone WAN, add your workstation IP address in the source network and any in destination network and put this rule on top.

    Thanks,

  • In reply to basondole:

    Hi  

    If you are not using email protection to protect internal email server you do not have to change anything in email protection, by default it is in MTA mode and that creates Automatic SMTP/SMTPS rule, you just have to ensure that rule is not turned on.

    Thanks,

  • In reply to H_Patel:

    Hello

    Have removed the default firewall rule and also changed  the mail protection settings from MTA to transparent proxy (this is an extra step, may be unnecessary as you suggested but I did it just in case). Can send mail now without the any errors.

    Thank you very much

  • In reply to basondole:

    Hi  

    We glad that we could help you and issue got resolved, please reach out to us for further assistance.