This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

General Email Protection Inquiries

Hello,

I have a couple of questions regarding Mail Protection, would appreciate some pointers and/or feedback:

  1. Can I reuse the web filtering CA as the POP3 proxy certificate (instead of creating and deploying a dedicated certificate for the POP3 proxy)?
  2. I assume that SMTP protection isn't necessarily needed in my situation, as the internal mail server (behind the UTM) is mainly relaying outgoing email through third-party email providers, but can I force all SMTP traffic from all interfaces to be sent/relayed via the internal mail server?

Thanks!



This thread was automatically locked due to age.
Parents
  • Hi Andrew and welcome to the UTM Community!

    1. I doubt it, but I haven't tried it.  The default is the "Local X509 Cert" which was created during the installation process - no extra creating and deploying required.
    2. The SMTP Proxy can provide antivirus and anti-spam for outbound mail.  I assume that you're not talking about inbound emails, rather ones originating on other internal Ethernet segments connected to the UTM.  If you just use a firewall rule like '{Mail server} -> SMTP/S -> Internet IPv4 : Allow' and you don't create an SMTP/S Allow rule for anything else, only email sent to the mail server will be allowed.  My Basic Exchange setup with SMTP Proxy post might help you if you're going to enable the SMTP Proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Andrew and welcome to the UTM Community!

    1. I doubt it, but I haven't tried it.  The default is the "Local X509 Cert" which was created during the installation process - no extra creating and deploying required.
    2. The SMTP Proxy can provide antivirus and anti-spam for outbound mail.  I assume that you're not talking about inbound emails, rather ones originating on other internal Ethernet segments connected to the UTM.  If you just use a firewall rule like '{Mail server} -> SMTP/S -> Internet IPv4 : Allow' and you don't create an SMTP/S Allow rule for anything else, only email sent to the mail server will be allowed.  My Basic Exchange setup with SMTP Proxy post might help you if you're going to enable the SMTP Proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi BAlfson,

    I have followed your instructions for the SMTP proxy and enabled it accordingly, along with the firewall rule, works a treat, thanks for pointing that!

    Regarding the POP3 proxy certificate, when I mentioned deployment I actually meant on the client (phone, pc, laptop) to be used by a mail client.

    Andrew

  • I'm no POP3 guru, Andrew, but I think mail clients use a cert already available to them.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA