Poor Spamfilter v20MR2

But your ID is talking about IMAP/POP Scanning, not MTA? I thing this is not related, as SMTP / MTA is different compared to IMAP/POP. Many techniques of SASI and MTA are not applicable for IMAP. 

Thanks for your time and answers.

We don't need features which I’m write if ordered "Spam Protection" in Firewall will work as must and if it will work as in most email servers which use mailscanner or similar spam scanner...

Let's try be more technical to understand how SASI work different than simple mailscanner…

When remote SMTP server connect to Firewall and try send email to internal email server, firewall check this email. Firewall check all “email security” options like RBL, Whitelisting, SPF, if recipient exits and other… Then it scan body by antivirus(Sophos AND Avira???) and if contain some markers which are usually used in spam/phishing email. Then it add  “X-SASI-SpamProbability” with some score to header.

What threshold is set that email is spam or probable spam ? Because in my samples I also se some very high scored email(More than 40%) has been delivered to user and is some email have that high value I think it must be at least marked as “probable spam”…

Just to be sure, you are blocking Probable spam in your policy? Because that is an extra option in the policy. 

I was using MTA for sometime with no benefit.

Yes. Sophos team has multiple times(Everytime when we open ticket) check if settings are ok...

Basically SFOS is having a threshold score of 50 for probable spam. 

Turning it down / making it adjustable would be a feature request for the future. You can open the feature request via Feedback loop in the product. 

I can only encourage to look into Central Email as a cloud based email solution, which can do this today. 

BTW: Central Email scans the email and sends it to your on premise email server. 

You can also talk to Sophos Sales to get a midterm upgrade / credit of your current email subscription and move to CEMA. 

I submitted some of the spam message to the Sohps laboratory and the spam came back with the same results as genuine mail message, probably spam with a reputation of 30. I am waiting on a detailed report from the Labs. So, it is not an imap issue.

Ian

Hi,

Upon checking the case update, the case handler requested the latest email and the timestamps, which were spam and were delivered. 

We are also not happy what Sophos did here with SFOS E-Mail Protection (especially compared to UTM). The answer here is always Central Email BUT there are a lot of customers that don´t want cloud things and Central E-Mail Protection also costs sometimes x10 compared to SFOS Email Protection or UTM E-Mail Protection...

For me it´s clear that Sophos is not interested to do anything here for SFOS E-Mail Protection and just want to push their Central Email Protection - it´s clear an intentionally decission from Sophos and that's a pity. A few customers are already looking for an other hardware/gateway solution for E-Mail Spamfiltering...

It should normally be no problem to correct things here in SFOS E-Mail Protection for Sophos and make this solution a really good solution (as it was on UTM)...But this is not what Sophos wants...

The most horrible things on SFOS:

Poor Spamfilter: Too much spam passing - we´re filtering with another AV-Solution after Sophos and there is a lot of real spam that we see after the Sophos filtering.

Quarantine Digest:You may use an AD-group for the E-Mailusers but you have to select Quarantine Digest MANUALLY for every user and this only possible after the user did any authentication against the SFOS System...Also you have to do it for every new AD-User!

No Quarantine for E-Mails with blocked MIME or Filetypes - blocked MIME or Filetypes will just be cutted off the E-Mail

Sync from Mails/Quarantine Digest in a HA-Environment - just a completely crazy implementation

(Missing S/MIME Encryption - it would be ok if this would be the only thing that is missing/not working here)

regards