Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 39 subscribers
  • Views 10740 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

More fun and games with the XG configuration.

IanMorehouse

Continuing on with the learning of this device. I have some sort of mail scanning working.

I can scan outgoing mail, my trailer message proves that.

Incoming gets scanned, but yesterday I received 32 spam mail messages from nobody to nobody. I received one clean email and another identifying both sender and receiver with a spam tag in the XG.

Appears as though all my various UTM daily reports and email from friends are classified as spam.

Ongoing work in learning this new toy. I hope the next release is early Jan 2016?

Ian



This thread was automatically locked due to age.
  • 0

    Hi Ian,

    Please provide me you Mail Server's IP address and Domain Name.

    I will need some more information to properly investigate this matter, can you share screenshots of the present configurations in XG for Anti Spam.

    Inbound Emails from specific Email Addresses may be blocked by Sophos Firewall (SF) if:

    - The Email is detected as spam by SF’s Anti-spam Engine.

    - The source IP Address is present in a Real-time Black List and classified as Spam.

    - SMTP Oversize Mail Action is set to Reject or Drop and Email exceeds the set limit.

    If you trust the source of the Email, you can White List it in SF.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    my apologies for not replying earlier, but I didn't receive any notification that there was a response to my post.

    I use imap/s, pop3/s on my mac book pro. The mail scanning on the XG takes a long time to process each message that has a number of attachments eg my daily UTM and XG reports. This usually ends up breaking my mail client and I need to kill the mail client. This does not happen on the UTM 9.4

    None of the incoming mail is blocked. If I open the mail that has been processed by the XG it usually contains added lines :-

    This is my daily XG report when read after being processed by the XG.

    "Please find the Executive Report statistics and graphs attached herewith.
    X-CTCH-PVer:  0000001
    X-CTCH-Spam:  Bulk
    X-CTCH-VOD:  Unknown
    X-CTCH-Flags:  0
    X-CTCH-RefID:  str=0001.0A150207.570FFA1B.002A,ss=1,re=0.000,recu=0.000,reip=0.000,lb,cl=3,cld=1,fgs=0
    X-CTCH-Score:  0.000
    X-CTCH-ScoreCust:  0.000
    X-CTCH-Rules:  
    Subject: Spam scan :"

    This is from my telephone company

    "X-CTCH-PVer: 0000001 X-CTCH-Spam: Unknown X-CTCH-VOD: Unknown X-CTCH-Flags: 0 X-CTCH-RefID: str=0001.0A15020A.570790A8.00BA,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-Score: 0.000 X-CTCH-ScoreCust: 0.000 X-CTCH-Rules:"

    But the junk mail from nigeria, russia and vietnam goes straight through without added header in most cases or just a comment added that is has been scanned. I have country blocking at the top of the policy list.

    My ISP tags the mail as spam, but I have configured the ISP mail to allow messages through to help with testing beta releases of UTM and XG.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • 0 in reply to sachingurung

    What I suspect happens in the XG so that the spam count from no-one to no-one is each attachment is treated as a message, because some of the daily UTM reports have ten or more attachments.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • 0 in reply to IanMorehouse

    Hi Ian,

    So are you trying to country-filter Spam Email(s)?

    What is the configuration on XG, can you please post some screenshots?

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    I am trying to country filter all access to the XG. The dashboard shows I have 3 policies and one of them is unused the country blocking policy.

    So, I am no sure what you screenshots you are after?

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

Unfiltered HTML