Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 44421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Basic Email Protection Setup

hucmat

Hi,


I've just configured a XG for email protection as per this KB article: https://www.sophos.com/en-us/support/knowledgebase/123663.aspx

That is fine and email is getting passed through to the SMTP server OK, but the anti spam features don't seem to be working. If I send a test email containing the Spamassassin GTUBE test string the email passes through the XG and the XG Email Log reports the message is clean. I can see a few other emails that are clearly spam as also being marked as clean.


Is this expected? Does the email protection only work on attachments, not email bodies? Or am I missing some other piece of configuration. Any help would be appreciated.

Cheers,

Matt.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Matt,

    Can you post the screenshot of Anti Spam configurations on XG ? Take SSH to XG and go to option 5>3 Advance shell. Run 'service -S', check if ctipd and antispam services are running. Next, I want you to check the header of the orignal mail, and verify XCTCH header. PFA screenshot.

     

    If X-CTCH- Spam is unknown, please submit it it here.

    Thanks

Reply
  • 0

    Hi Matt,

    Can you post the screenshot of Anti Spam configurations on XG ? Take SSH to XG and go to option 5>3 Advance shell. Run 'service -S', check if ctipd and antispam services are running. Next, I want you to check the header of the orignal mail, and verify XCTCH header. PFA screenshot.

     

    If X-CTCH- Spam is unknown, please submit it it here.

    Thanks

Children
  • 0 in reply to sachingurung

    Hi Sachin

    I've only configured the Email Scanning Policy as per the KB. I haven't changed any of the default Content Scanning rules. I've included all of the information requested below. It look like the XG is marking the message as spam, but not blocking it.

    Running 'service -S' shows that both the antispam and ctipd daemon are running.

    Email Headers below:

    X-sophos-smtpxy-version  1.0.6.3
    X-sophos-av-policy  default
    X-rbl-sophos

    clean
    clean


    X-sophos-ibs  success
    X-ctch-pver  0000001
    X-ctch-spam  Confirmed
    X-ctch-vod  Unknown
    X-ctch-flags  0
    X-ctch-refid  str=0001.0A150208.57326ED0.0061,ss=1,re=0.000,recu=0.000,reip=0.000,pt=F_4810712,cl=4,cld=1,fgs=0
    X-ctch-score  0.000
    X-ctch-scorecust  0.000
    X-ctch-rules 

     

    Anti Spam Configuration Screenshots:

     

     

    I had to break the policy up in to 3 screen shots.

    #1

     

    #2


     

    #3

     

    Sorry about the size of the attachements.

     

    Thanks,

    Matt.

  • +1 in reply to hucmat

    Hi Matt,

    Thanks for the update. I went through the screenshots, everything seems correct. The only thing missing is a Drop Spam Rule. There are rules configured to drop Anti Virus outbreak but, no rules to drop a confirmed spam.

    Please configure the spam rule referring the attached screenshots. 

    Hope that helps.

    Thanks

  • 0 in reply to sachingurung

    Hi Sachin,

    Thanks for that. I figured I had missed something, but I just assumed the XG default rules would handle my use case; like the SG did.  I've created a few rules for confirmed and possible spam and it seems to be working correctly now.


    Cheers,

    Matt.