Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 13850 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Plans regarding spam filter or how to enhance filtering

Jelle

Hi community.

So we just got our new XG210-HA and I'm quite happy about the good filter rate compared to our existing GFI MailEssentials. Unfortunately I'm missing features to enhance the filter mechanism. Currently we drop spam and probable spam goes to quarantine. A few spam mails are still getting through and some non-spam mails are dropped or put into quarantine.

I'd like to drop GFI MailEssentials but regarding passing spam mails I'm unsure to leave it to filter these mails.

And what to do about false positives?

Greylisting is currently deactivated as it seems not to be working properly.

"Check for virus outbreak" is not activated as it is not described yet in the documentation.

Thanks for yout thoughts.



This thread was automatically locked due to age.
Parents
  • 0

    Well, after some reading I found a solution for blacklisting and whitelisting which seems to be new in v17

    https://community.sophos.com/kb/en-us/128049

    This definitely helps in some cases.

    Still I'd like to hear your thoughts about advanced email processing regarding spam.

  • 0 in reply to Jelle

    I don't use XG for mail filtering but there are a a few things that I always use in SG which are also available in XG

    1. General Setting > advanced smtp settings. Enable RDNS checking. This will cut your spam down drastically. If I had only one spam control, I would enable RDNS. Matching the sender to their claimed domain name cuts out all the fake email addresses relaying through different hosts. 

    2. Add more RBLs under email > address group. I have never been a fan of spamcop (too many false positives but sophos seems to be pushing it). Use zen.spamhaus.org or any others that you like. Quarantine your spam if you are using spamcop as I haven't had good experience with it. SG has other RBLs that sophos has sadly dropped from XG for some reason.

    3. Enable File protection to scan by mime type. This will intercept most of the attachments like exe files and other office documents etc. that you don't want in your LAN. Be careful that you don't block any legitimate attachments that users need to get their work done. This is how I used to block all the pdf files when I was getting multiple pdf attachments a day with viruses.

    Hope this gives you a starting point.

  • 0 in reply to Billybob

    Forgot to add, Use country blocking to block main offenders like china, russia, japan, india etc in your smtp firewall rule. Country blocking was broken in XG and I think they recently fixed it but I am not sure. We don't do any business with foreign countries so its easy to block spam emails coming from those countries without worrying about scanning such emails. This is almost like blocking TLDs so be careful that you don't block legitimate emails.

    People try to use country blocking for other purposes but to me the only legitimate reason for country blocking is if you are running smtp or maybe web servers.

Reply
  • 0 in reply to Billybob

    Forgot to add, Use country blocking to block main offenders like china, russia, japan, india etc in your smtp firewall rule. Country blocking was broken in XG and I think they recently fixed it but I am not sure. We don't do any business with foreign countries so its easy to block spam emails coming from those countries without worrying about scanning such emails. This is almost like blocking TLDs so be careful that you don't block legitimate emails.

    People try to use country blocking for other purposes but to me the only legitimate reason for country blocking is if you are running smtp or maybe web servers.

Children
No Data