Thread Info
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 9125 views
  • Users 0 members are here
Options
Suggested

SMTP Quarantine release - also whitelisted ?

Giri73

Hallo Sophos Team

As the manual is not stating it - does a SMTP quarantine release action will also whitelist the Sender Domain automatically ?

Or do I need to whitelist the specific domain manually after releasing the false positive Mails ?

Many thanks

Daniel

  • Hello Danial. 

     

    "Releasing quarantine" re-scans email for malware if mail quarantined due to spam before it releases it to email recipient. 

     

    Thank you for your feedback; it would help us in improving documentation.

     

    Thanks,
    Saurabh

    Proudly Sophos

  • in reply to SPandya

    Hello Saurabh

    Thanks for this explanation, but it unfortunately not the answer of my question.
    Does the "release" action also whitelist the sender ?

    Or with other words, when I release a mail from sender x, and the same sender x send the same message again one day later, will it be again quarantined ?

    Thanks
    Daniel

  • in reply to Giri73

    Hello Danial,

     

    XG doesn't automatically whitelist senders on release event.

     

    I hope this answers your question.

     

    Thanks,

    Saurabh

     

     

     

       

  • in reply to SPandya

    Hello Saurabh

    Many thanks, it answers my question but bring me to a generic problem...
    I use the XG currently in MTA mode and for example, all mails from this forum will be quarantined at the moment on my XG and I need to search for it and release it manually.

    So how can I whitelist for example the Sophos.com domain ?

    I checked this doc: https://community.sophos.com/kb/en-us/125596
    There is stated: "SMTP policy in MTA mode does not support whitelist/blacklist of email senders & recipients. Whitelist/blacklist is supported by SMTP policy in SMTP Legacy mode."

    So my basic question - how can I whitelist specific mail domains when the XG is in MTA mode - is this on the roadmap ???
    Without the possibility of whitelisting specific domains, MTA mode seems quite useless for me as I have false positives every day.

    My UTM before worked very well with this setup as I have the following setup:
    LAN clients ---- DMZ ---- Mail-Server ---- Sophos in MTA mode ----- Internet

    The Sophos sends the mail coming from the mailserver to internet and receive the mails from the Internet, checks it and sends it to the mailserver in the DMZ.
    With this setup, I need whitelisting for some domains, or the MTA mode is quite useless because of false positives. Manual release for all domains is not an option.

    Many thanks for a tip
    Daniel

  • in reply to Giri73

    Hello Danial,

     

    Yes Whitelist and Blacklists probably will appear in earlier maintenance release of V17.  

     

    Thank you,
    Saurabh

  • in reply to SPandya

    Thank you for this information. Looks like I will be pushing to the right even more on my migration from UTM to XG. The feature for users being able to create whitelist/blacklists on a per user basis is something that is required to keep a mail admin sane. There are just too many questionable e-mails that are caught based on their SPAMINESS (Spam Score).

     

    Will keep watching for updates.

    -Ron

Unfiltered HTML