Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Poor Spamfilter v20MR2

Hi everybody,

we have installed a Sophos v20 MR2. However, we had to realize that the spam filtering is very poor compared to the UTM. The Sophos is acting as an MX and works in MTA mode. Spam protection is active as a policy and basically has all options active -> Greylisting, BATV, SPF, RBL (Premium and Standard) and Callout. Nevertheless, a lot of spam is being delivered, which was not the case before. Has anyone been able to determine this yet or does something else need to be configured? 



Edited TAGs
[edited by: Raphael Alganes at 11:15 AM (GMT -7) on 9 Oct 2024]
  • Hi,

    I am currently testing with L2 support on that issue. No results as of today.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks, hopefully there is a solution or it will be fixed in v21

  • Hello,

    Regret to hear about the experience. You may open a support case to have it further investigated and you may share with us the caseID.

    Thank you for your patience on this and thank you for choosing Sophos.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Raphael,

    thanks for reply. The Ticket ID is 01941861

  • UTM and SFOS uses the same Spam Filter. (Sophos SASI). 

    You could check the SMTP Log on the CLI to verify the Spam Score or check a Spam Message going through on the Spam Score. 

    __________________________________________________________________________________________________________________

  • I can confirm that spam filter on XG is not ok for few years... If remember correctly it became bad after upgrade to 18.5 MR3. I’m sure that spam detection didn't work ok anymore when Sophos change SPAM engine to SASI ... I had with Sophos team multiple opened tickets and none of them didn't solve issues completely. Their team add reported spam/phishing emails to block list and after few weeks we start receiving them again... Most spam which we receive and is not filtered have high score for example last one have X-SASI-SpamProbability: 41% which is for me pretty high and has been delivered...

    I’m recommend to support team multiple options which maybe will help us users decrease spam/phishing emails delivered to end user but nothing happen...

    Recommendations:

    1.) Is possible to integrate in XG some spam rules where we can create them. For example that if email contain some strings that it mark it as spam?

    2.) Also in XG need to be implemented better filter for blocked senders. For example we would like block  *@*.ru  ,  *@*.jp  and similar TLD's of senders which we don't want receive emails but GUI do not allow us to do this… Is possible to do this with modify some configuration file?

    3.) Is possible set threshold % what will be marked as probable spam and what spam? For example all emails with X-SASI-SpamProbability over 5% are marked as probable spam and all with X-SASI-SpamProbability more than 20% marked as spam… If not is possible yet can be in some near future added option to CLI that we can set probable spam and spam % threshold or change it manually in some conf file? Something like:
    set mta probablespam 5
    set mta spam 10

    This will mean that all emails with score more than 10% will be marked as SPAM and all emails from 5% to 10% will be marked as PROBABLE SPAM.

    This settings will help us customers fine tune sensitivity of detection… Most of hosting control panel(Like cPanel) have this settings for mailscanner for many years…

  • All points are right now supported in Central Email, which could be used by customers, if they want to migrate to Central. 

    __________________________________________________________________________________________________________________

  • We are not talking about Central Email(Which is not Free)!!! If Central Email work as you say why Sophos for XG users do not offer some scanning proxy in Central Email(To scan emails for spam/phishing)? For example they pay only one account... If we would like use Emails in cloud then I know for our company that we will chose "Microsoft 365" which cost same and we know that spam/phishing filter work very good...

    In XG we pay for "Email Protection" subscription which do not work. If this protection can't be provided then maybe is better than is removed and user do not rely on it...

  • SFOS uses SASI, as you stated. If SASI does not find the spam, we can look into this with a support case. But customization is not included in SFOS. Those features were implemented for Central Email.

    Central Email is like Email Protection a subscription , as a customer you can choose, which feature you need. 

    __________________________________________________________________________________________________________________

  • Add this case number to your collection.

    E: 07283388 

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.