Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 8211 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

geoblocking & email best practices

Simon Denham

Hello,

Recently one supplier's reply email was geoblocked at the firewall and through my own ignorance and inexperience haven't yet fully resolved it in a manner that seems elegant and secure.

Question:

Is it typical to have 2 geoblock exceptions entries for smtp services (one for each direction, eg to and from Ireland)

  • is it typical for enterprises to have Rx email server in North America and the Tx email server in Europe? How should the UTM be configured for this?

Should the UTM permit ALL port 25 traffic through the firewall and let the smtp proxy sort out the chaff from the wheat?

 

It makes sense to me that I should be able to email to almost any IP in the world and receive the same, I just unsure how to configure the UTM effectively.

I know the Firewall acts first, so it seems likely I could be dropping legitimate emails without knowledge (short of trawling through logs).

I am just looking to be safe and sensible with emails, I don't care so much about webtraffic, I can handle the bleating from the users about their favourite website not working, but not about their emails.

I have no test environment so I am loath to poke about too much.

Cheers



This thread was automatically locked due to age.
  • +1

    As you're new to WebAdmin and the UTM, you will want to refer to Rulz - especially #2 in this case as you don't want any firewall rules to do this.  Also see Doug Foster's take on some of this: READ ME FIRST: UTM Architecture.

    In Country Blocking, I generally only block traffic initiated From a county, not All or To.  Then, on the 'Country Blocking Exceptions' tab, make an Exception for ports 25, 465 and 587:

    Any better luck now?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    The problem with Country Blocking for Email is that you have no way of knowing what you missed.   Unfortunately, the blocked email list is only slightly better, but not adequate.   You really need to get the message into quarantine to see enough information to know whether a specific message should be blocked or allowed.

    UTM does many things, and some functions are done very well.   However, the email protection is pretty rudimentary.   Sophos Email Appliance appears to be their flagship offering.

  • 0 in reply to DouglasFoster

    Doug, it looks like you might have opened this thread before my post above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1

    Suposing that you have blocked Albania in "Country Blocking" and other Countries too, but you have to receive emails from Albania

    The configuration will be like this:

  • 0 in reply to BAlfson

    Super, the emails are working for all users and expected customers now.

    I'll keep an eye on the logs and try not to break anything.

    Thanks to you all.

Unfiltered HTML