Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 10595 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

More fun and games with the XG configuration.

IanMorehouse

Continuing on with the learning of this device. I have some sort of mail scanning working.

I can scan outgoing mail, my trailer message proves that.

Incoming gets scanned, but yesterday I received 32 spam mail messages from nobody to nobody. I received one clean email and another identifying both sender and receiver with a spam tag in the XG.

Appears as though all my various UTM daily reports and email from friends are classified as spam.

Ongoing work in learning this new toy. I hope the next release is early Jan 2016?

Ian



This thread was automatically locked due to age.
  • 0

    Hi Ian,

    Please provide me you Mail Server's IP address and Domain Name.

    I will need some more information to properly investigate this matter, can you share screenshots of the present configurations in XG for Anti Spam.

    Inbound Emails from specific Email Addresses may be blocked by Sophos Firewall (SF) if:

    - The Email is detected as spam by SF’s Anti-spam Engine.

    - The source IP Address is present in a Real-time Black List and classified as Spam.

    - SMTP Oversize Mail Action is set to Reject or Drop and Email exceeds the set limit.

    If you trust the source of the Email, you can White List it in SF.

    Thanks

    Sachin Gurung

  • 0 in reply to sachingurung

    Hi Sachin,

    my apologies for not replying earlier, but I didn't receive any notification that there was a response to my post.

    I use imap/s, pop3/s on my mac book pro. The mail scanning on the XG takes a long time to process each message that has a number of attachments eg my daily UTM and XG reports. This usually ends up breaking my mail client and I need to kill the mail client. This does not happen on the UTM 9.4

    None of the incoming mail is blocked. If I open the mail that has been processed by the XG it usually contains added lines :-

    This is my daily XG report when read after being processed by the XG.

    "Please find the Executive Report statistics and graphs attached herewith.
    X-CTCH-PVer:  0000001
    X-CTCH-Spam:  Bulk
    X-CTCH-VOD:  Unknown
    X-CTCH-Flags:  0
    X-CTCH-RefID:  str=0001.0A150207.570FFA1B.002A,ss=1,re=0.000,recu=0.000,reip=0.000,lb,cl=3,cld=1,fgs=0
    X-CTCH-Score:  0.000
    X-CTCH-ScoreCust:  0.000
    X-CTCH-Rules:  
    Subject: Spam scan :"

    This is from my telephone company

    "X-CTCH-PVer: 0000001 X-CTCH-Spam: Unknown X-CTCH-VOD: Unknown X-CTCH-Flags: 0 X-CTCH-RefID: str=0001.0A15020A.570790A8.00BA,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-CTCH-Score: 0.000 X-CTCH-ScoreCust: 0.000 X-CTCH-Rules:"

    But the junk mail from nigeria, russia and vietnam goes straight through without added header in most cases or just a comment added that is has been scanned. I have country blocking at the top of the policy list.

    My ISP tags the mail as spam, but I have configured the ISP mail to allow messages through to help with testing beta releases of UTM and XG.

  • 0 in reply to sachingurung

    What I suspect happens in the XG so that the spam count from no-one to no-one is each attachment is treated as a message, because some of the daily UTM reports have ten or more attachments.

  • 0 in reply to IanMorehouse

    Hi Ian,

    So are you trying to country-filter Spam Email(s)?

    What is the configuration on XG, can you please post some screenshots?

    Thanks

    Sachin Gurung

  • 0 in reply to sachingurung

    Hi Sachin,

    I am trying to country filter all access to the XG. The dashboard shows I have 3 policies and one of them is unused the country blocking policy.

    So, I am no sure what you screenshots you are after?