This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blacklist und Delete Button in Mail Quarantäne Report

Hello again,

 

my users also want a button for blacklist and a button to delete in the mail quarantine report.

Is there a function that I overlooked in the meantime?

 

 



This thread was automatically locked due to age.
Parents
  • You didn't miss those, Patrick - those options are only available via the User Portal.  The Quarantine Report is meant for rapid access to emails that the recipient would like to release.  The Release & Whitelist option was added later.

    If there's a demand for the ability to be able to blacklist easily, it's probably because the users have been subscribing to mailing lists that they want to stop.  In fact, virtually all such emails contain a quick link to unsubscribe, and that's what they need to do.  If they want to blacklist, they can go into the User Portal once or twice a month to check their quarantine and add addresses to their personal Blacklist there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Ok, I agree with that :-)

    I haven't thought about a newsletter yet.

    But there is another question that comes to my mind:

    Can I set somewhere what happens with the mails in the blacklist?

    So far I have received a quarantine report.

    Is it also possible that these mails are deleted immediately?

    Yours sincerly

    Patrick

  • Emails from blacklisted addresses are rejected immediately, Patrick, and do not appear in the Quarantine.

    EDIT 2018-12-31: Oops!  This applies only to the global 'Sender Blacklist' on the 'Antispam' tab of 'SMTP'.  The 'Sender Blacklist' tab in the User Portal only causes quarantining.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It's not like that with me.

    Where can I set this so that the mails are deleted from the blacklist immediately ?

    So far, if the user adds a sender to the blacklist, he will still receive a quarantine report by mail.

    Cheers

    Patrick

    Edit:

    Is it the follwing feature:

    Under E-Mail Protection -> SMTP-> Antispam -> Spam Filter -> Confirmed Spam Action ?

    I have to bet on "Blackhole" instead of "Quarantine"?

  • If you look up how emails are transferred, Patrick, you will see that the "sender" is declared with the "MAIL FROM:" command during the establishment of the connection.  The "From:" field in an email is populated as a part of the "DATA" stream.  You can only blacklist the "sender" and not the address appearing in the "From:" field.  Does that explain what you're seeing?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I think we're getting it wrong right now, Bob.  :)

    I can keep a blacklist as a user.

    Suppose I add Patrick.ebert@sophos.de to the blacklist in the user portal.

    If now Patrick.ebert@sophos.de writes me a mail, I still get a quarantine report by mail.

    Here the sender (Patrick.ebert@sophos.de) should be deleted immediately and no quarantine report should be sent to the user anymore.

    In the upper post you said that this works.

    But where do I find the setting for it?

Reply
  • I think we're getting it wrong right now, Bob.  :)

    I can keep a blacklist as a user.

    Suppose I add Patrick.ebert@sophos.de to the blacklist in the user portal.

    If now Patrick.ebert@sophos.de writes me a mail, I still get a quarantine report by mail.

    Here the sender (Patrick.ebert@sophos.de) should be deleted immediately and no quarantine report should be sent to the user anymore.

    In the upper post you said that this works.

    But where do I find the setting for it?

Children
  • What I think you seeing, Patrick, is explained here.  If you think blacklisting isn't working as I describe, please show us the header from an email that was quarantined instead of rejected.  Obfuscate your public IP like 77.x.y.29 and your domain like @domain.de.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    I'll describe it briefly:
    I add the following mail address to the blacklist in my user portal.

    Now I send a mail from patrickebert1990@domain.de

    in the Maillog I can now see that it lands in the mail quarantine, but is not deleted immediately.

    That means, I would get an e-mail from do-not reply@fw-notify.net again. (Quarantine report)

     

    Can I set here that the domains in the blacklist will be deleted immediately?

     

    Cheers Patrick

  • Aha!  I apologize for the misdirection!

    You're right, Patrick - my test showed that the personal blacklists only cause quarantining.  I didn't realize that that behavior was different than the blacklist on the 'Antispam' tab of 'SMTP', as it does cause immediate rejection.  Since I don't recommend using the sender blacklist, I don't know if this is new behavior or if it has always worked like that.  You might open a ticket with Sophos Support to ask them if there's change that can be made at the command line to make personal blacklists cause rejection like the global blacklist.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • No problem. Thank you very much for your help. I will open a Support Ticket in the new year. I wish you a happy new year. Cheers Patrick
  • I think, this is how it is designed. 

    Webadmin Blacklist is not the same like user blacklist. 

    The User blacklist will only be used, if the mail is already accepted by Exim, not while SMTP Transmission. 

    So we cannot delete this email in SMTP Transmission, most likely we cannot delete simply the mail after accepting. This would cause legal trouble. 

     

    Only help clearly points out, this is the correct behavior.  

    __________________________________________________________________________________________________________________