We'd love to hear about it! Click here to go to the product suggestion community
I have seen a couple of posts with similar question but no straight forward answer was given.
Please advise how can I disable/remove email protection or scanning.
When connected on Sophos and try to send email via outlook on windows PC I get a pop up saying
Internet Secuirty Warning:
The server you are connected to is using a security certificate that can not be verified
The target principal name is incorrect
Do you want to continue using this server?
When I click yes emails still don't get sent. When connecting to my DSL modem directly I can send mails without any problems or windows pop up.
Please advise a simple way to disable any mail activities on sophos and make it just send the mail traffic without any manipulation as any consumer router will do without the fancy features.
Thank you very much
Hi basondole Did you configure the email protection in the XG firewall? Is it in MTA mode?Is there any scanning applied such as SMTP or SMTPS on the firewall rule from where the email traffic is passing?
In reply to Keyur:
HelloI have rule for internet access that allows any LAN to any WAN service.In the rule configuration Nothing is checked on the section "Web Malware and Content Scanning"also on the section "Advanced" only NAT is checked and the NAT policy MASQ is selected.On Protect > Email > Policies: there are bunch of policies specified. Cant see an option to disable them. Can I disable these?On Protect > Email > General Settings: SMTP Deployment Mode Device acts as MTA with an option to change it to proxy
Please advise how do I disable these settings
In reply to basondole:
Hi basondole Are you using the web site to access email or any app/email client to access email?Which protocol are you using SMTP or POP/IMAP to access email through email client?Could you please share the screenshot of the error?
Using outlook to access emails.
This is the pop up error
Clicking View Certificate
If you are not using email protection on the XG firewall, please disable Auto added firewall rule for SMTP/SMTPS.
I would also suggest you to create one test firewall rule with your workstations IP address in a source network without any filters and check if this certificate errors disappears or not.
If you no longer see these certificate errors with this test firewall rule than this traffic might be filtered with web proxy. Please update the outcome of this test.
In reply to H_Patel:
You mean I create a firewall rule from LAN Zone with my workstation ip as network to WAN Zone any destination?
Is it also required to change this to legacy proxy mode?
On Protect > Email > General Settings: SMTP Deployment Mode Device acts as MTA
Yes, create a firewall rule source zone LAN and destination zone WAN, add your workstation IP address in the source network and any in destination network and put this rule on top.
If you are not using email protection to protect internal email server you do not have to change anything in email protection, by default it is in MTA mode and that creates Automatic SMTP/SMTPS rule, you just have to ensure that rule is not turned on.
Have removed the default firewall rule and also changed the mail protection settings from MTA to transparent proxy (this is an extra step, may be unnecessary as you suggested but I did it just in case). Can send mail now without the any errors.
Hi basondole We glad that we could help you and issue got resolved, please reach out to us for further assistance.