Scan email content: "Common ports missing from Services"

I'm not sure if this is expected behavior but it seems a bit odd to me. If I create a firewall rule with the 'Services' to to 'Any' and subsequently select some options under 'Scan email content' such as 'Scan POP3' (this applies to any of the options), there's a small text dialog that says "Common ports missing from Services for POP3". If I click 'Add Ports', it will add 'POP3' to 'Services' thus removing 'Any'.

It would seem if I already have services set to 'Any', I shouldn't be getting the small text dialog prompting me to add POP3 ports.

Parents Reply
  • Hi Guys,

    you seem to misunderstand that you want mail scanning enabled and to do so requires specific ports which XG tries to add by default. Using ANY in a mail scanning firewall rule is not really applying security.


    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I agree with Ian.

    This is the expected behaviour. I really like the option that if the user is not an expert, a message will be shown to add the proper ports in the services.

    I guess that after the v18 official release, a proper KB on "how to scan IMAP/POP/SMPT" will be created. At the moment, the only KB available works for v16+.

    In v18, the email client scanning firewall rule has been changed.

  • I really like this version of the firewall. And I like the option, but sometimes even an expert (no matter how perfect you are) can be in a hurry and a simple mistake can bring a network to a halt. Having the firewall show that message is great and I don't want that to change. But in my opinion, I think that any should be seen as valid.

    I did some testing and it seems to only be the Any service/port that it overwrites and ignores as being a valid service/port. If I have http and https, then it adds the new ports without overwriting the existing services/ports. If some of the ports are already there, then it only adds the ones that are missing.


    Is it really difficult to say any is valid for the email ports?




  • I agree with that.

    As improvement, when the email scanning checkbox are selected, the UI should remove everything from the services and leave only "SMTP/S, POP3/S and so on".

    Can someone from Sophos take a look at this thread and report the improvement?