Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 10251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is correct design pattern for SMTP Server Protection ?

Slawski

What is correct design pattern for SMTP Server Protection ?


Let's consider this example. I have an XG device and an internal Mail server. Mail server accets SMTP unauthenticateed traffic from other e-mail servers and authenticated connections from users.


I can create two business Rules. One from "Email Servers(SMTP)" template for inbound traffic. I can select scan SMTP and SMTPS but... Where should I select my SMTP server certificate ???


I haven't found a way to secure outbound SMTP traffic other than create a Client Business rule. Is that correct ? I wanted to protect my SMTP traffic in case of something wrong will go with my server.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Slawski,

     

    I will make it simple for you to configure your requirements.

    Step 1: Add third party/external CA

    Prerequisite:

    You should have the root or CA Certificate in .pem or .der format. This Certificate is provided by the CA in response to your Certificate Signing Request (CSR). To know how to generate a CSR, refer to article Generate Certificate Signing Request (CSR).

    Configurations:

    Go to Objects > Identity > Certificate Authority and click Add to add external CA.

    Step 2: Configure SMTPS Scanning

    Go to Protection > Email Protection > Configuration and select the external CA (added in Step 1) from the list of available CAs in SMTP TLS Configuration section.

     

    Step 3: Add the SMTPS scanning policy.

    Go to Policies and click +Add Firewall Rule. Select Business Application Rule to create a policy. Add a new rule using Email Servers (SMTP) Application template as shown in the below image.

    Thanks

  • 0 in reply to sachingurung

    i add the external CA as you said but i can not find the new certificate with TLS configuration it only default or appliance  

Reply Children