Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 20828 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I select a specific certificate to scan inbound E-mail trafic (SMTP) ?

Slawski

I was trying to create an inbound forward rule for my internal mail server. The problem is that I can't see where I should select a certificate for "Hosted Server". I tried creating a rule by using "Security Policies >> Add Business Rule" and selecting application template "Email servers (SMTP)". It works, but when I try to connect it presents an appliance signed certificate.

This is opposite to a situation with application template "HTTP Based Policy" where after selecting "HTTPS" I can select a public certificate I have uploaded.

Is it really "Email servers (SMTP)" template supposed to protect internal mail servers ??? I was thinking it is, because there is also another application template called "Email clients (POP & IMAP)" and in this template I can also select to scan SMTP/SMTPS traffic.

Am I missing something ?



This thread was automatically locked due to age.
Parents
  • 0
    Hello Slawek,

    The certificate that will be used to decrypt and create a two-step connection for SMTP can be found at Protection> Email Protection> Configuration > SMTP TLS Configuration> TLS Certificate. You will have to change that to a self signed or a uploaded one.

    You can also use TLS options to bypass/create exceptions
  • 0 in reply to AmitSharma
    But I can't select a server certificate here. I can only select CA certificate or "Default" - which is not described in the help.

    From my understanding. If you are protecting an internal SSL secured server - you have to put its certificate on the firewall - just like with HTTPS we do.

    When you will connect from WAN side - you are presented an appliance generated certificate from CA you have selected. I suppose it works good if the connection is from LAN to WAN - you can control the trust.

    But from WAN side you cannot expect everybody will trust your custom CA certificates.

    Please have a look how does it work in HTTPS server Business Rule.
  • 0 in reply to Slawski
    Hello,

    i tried the same but i cannot change the certificate in the emailscanning part of configuration
Reply Children
No Data