Mail Routing from Sophos to MailMarshal

Hi, Jeremy, and welcome to the UTM Community!

If you don't have a reseller with strong skills, this is a good way to fine-tune the SMTP proxy. Start with .

To have  incoming emails also transit MailMarshall, just replace the Host definition for your email server with one for your old antispam device in the 'Host List' on the 'Routing' tab.  Little by little, you'll be able to see the spams missed by the UTM and adjust its configuration to catch them first.

However,  I've seen this situation before. Often, it is simply a list of senders that are not spammers, rather they are valid emailers where people have given their addresses willingly. The folks could unsubscribe from these mailings and the emailers' databases and have all of the supposed spam eliminated within a few days.

Cheers - Bob

Hi Bob,

Thank you for the welcome and thank you for the advice. I thought it would be a change to the Host List but wanted to confirm before any changes are made.

The old MailMarshal system was setup to catch every mail and only let through known email address on a white list that were either manually put in or that had been harvested as trusted from internal users sent lists. So if an internal user emailed a new address it would be marked as safe. Does UTM have anything that can be setup like that so I can avoid putting MailMarshal back in service? MailMarshal was a pain as someone everyday had to review to release safe emails.

The reason I ask is since having moved to UTM a lot more spam emails are getting through and we actually got hit with encypto virus a few weeks ago. What is the best way to tighten up security in terms of spam emails getting through the UTM? Add more RBLs?

regards,

Jeremy 

On sophos user portal every user can add his own entrys to his own whitelist. If you plan to settup this globally there is also a global whitelist. But the feature you need to activate is greylisting.

Do you think uts a good idea to block in first time all mails?

Hi x.cr3w,

Thank you for the information.

I don't think its a good idea to block all mails and then manually have someone go through and release the safe ones. Its just how this company had their old system setup and are wondering if Sophos can be setup the same way. This is due to an increase in spam they are now seeing with out all mails being blocked.

regards,

Jeremy

Yes, Jeremy, it works a little differently, but you can achieve the same effect. When you set up the Quarantine Report and sync your users to the UTM,  they will have the option to Release or Release and Whitelist  quarantined emails. You can create a Whitelist Exception by importing all of the existing items on your old Whitelist.

Then, to block everything that's not on a Whitelist, add common words to the Expression Filter on the 'Antispam' tab.

Cheers - Bob

Hi Bob,

I was wondering if you could please help me with some more detail in particular the points below as I would hate to have to bring back online the MailMarshal system when we have installed the Sophos UTM.

1. Quarantine Report - I can see where to turn it on but not sure what it does?

2. Sync your users to UTM - I have no clue on this one.

3. Creating Whitelist exceptions by importing old list - not sure where to do this or how you would do it as everything I have seen so far in manually adding entries one by one.

4. What common words do you mean for the Expression Filter - I am not sure how this will block all emails?

Sorry I have asked you to pretty much explain everything in your post but I am knew to this system and want to learn as much as possible.

regards,

Jeremy

Jeremy, I tried to send you a PM about this, but your Settings don't allow 'Everyone' to PM you.

One of our unwritten rules here is "One topic per thread."  Beyond that, I would recommend that you find someone that's set these things up many times and understands what fundamental errors to avoid (Like The Zeroeth Rule in Rulz).I know that I wind up billing more to fix first-timers' bandaged-up configurations than I would have to have done the job right the first time.  If your reseller doesn't have that competency, call Sophos Sales to get a recommendation.

Cheers - Bob

Hi Bob,

I have fixed up my PM settings now.

Sorry about going into another topic in the same thread. Sometimes its just easier to get everything out in a conversation then starting many threads haha. I will follow the rules from now on.

regards,

Jeremy