Scan email content: "Common ports missing from Services"

I'm not sure if this is expected behavior but it seems a bit odd to me. If I create a firewall rule with the 'Services' to to 'Any' and subsequently select some options under 'Scan email content' such as 'Scan POP3' (this applies to any of the options), there's a small text dialog that says "Common ports missing from Services for POP3". If I click 'Add Ports', it will add 'POP3' to 'Services' thus removing 'Any'.

It would seem if I already have services set to 'Any', I shouldn't be getting the small text dialog prompting me to add POP3 ports.

  • I agree. I just ran into this problem myself. Managed to remove internet access from some computers because I didn't notice that Any was removed when I clicked the link to see what it would do. Any should be seen as a valid service when enabling the "Scan email content" options.

     

    Regards,

    William

     

     

    .

  • In reply to TorvaFirmus:

    Hi Guys,

    you seem to misunderstand that you want mail scanning enabled and to do so requires specific ports which XG tries to add by default. Using ANY in a mail scanning firewall rule is not really applying security.

    ian

  • In reply to rfcat_vk:

    I agree with Ian.

    This is the expected behaviour. I really like the option that if the user is not an expert, a message will be shown to add the proper ports in the services.

    I guess that after the v18 official release, a proper KB on "how to scan IMAP/POP/SMPT" will be created. At the moment, the only KB available works for v16+.

    https://community.sophos.com/kb/en-us/123274

    In v18, the email client scanning firewall rule has been changed.

  • In reply to lferrara:

    I really like this version of the firewall. And I like the option, but sometimes even an expert (no matter how perfect you are) can be in a hurry and a simple mistake can bring a network to a halt. Having the firewall show that message is great and I don't want that to change. But in my opinion, I think that any should be seen as valid.

    I did some testing and it seems to only be the Any service/port that it overwrites and ignores as being a valid service/port. If I have http and https, then it adds the new ports without overwriting the existing services/ports. If some of the ports are already there, then it only adds the ones that are missing.

     

    Is it really difficult to say any is valid for the email ports?

     

    Regards,

    William

  • In reply to TorvaFirmus:

    I agree with that.

    As improvement, when the email scanning checkbox are selected, the UI should remove everything from the services and leave only "SMTP/S, POP3/S and so on".

    Can someone from Sophos take a look at this thread and report the improvement?

    Thanks