This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

geoblocking & email best practices

Hello,

Recently one supplier's reply email was geoblocked at the firewall and through my own ignorance and inexperience haven't yet fully resolved it in a manner that seems elegant and secure.

Question:

Is it typical to have 2 geoblock exceptions entries for smtp services (one for each direction, eg to and from Ireland)

  • is it typical for enterprises to have Rx email server in North America and the Tx email server in Europe? How should the UTM be configured for this?

Should the UTM permit ALL port 25 traffic through the firewall and let the smtp proxy sort out the chaff from the wheat?

 

It makes sense to me that I should be able to email to almost any IP in the world and receive the same, I just unsure how to configure the UTM effectively.

I know the Firewall acts first, so it seems likely I could be dropping legitimate emails without knowledge (short of trawling through logs).

I am just looking to be safe and sensible with emails, I don't care so much about webtraffic, I can handle the bleating from the users about their favourite website not working, but not about their emails.

I have no test environment so I am loath to poke about too much.

Cheers



This thread was automatically locked due to age.
Parents
  • The problem with Country Blocking for Email is that you have no way of knowing what you missed.   Unfortunately, the blocked email list is only slightly better, but not adequate.   You really need to get the message into quarantine to see enough information to know whether a specific message should be blocked or allowed.

    UTM does many things, and some functions are done very well.   However, the email protection is pretty rudimentary.   Sophos Email Appliance appears to be their flagship offering.

  • Doug, it looks like you might have opened this thread before my post above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data