MTA - Whitelist and Blacklist

Hi DMR188,

There is a feature request submitted here: http://ideas.sophos.com/forums/330219-sophos-xg-firewall/suggestions/15977194--email-protection-urer-portal-users-to-have-abil

Please Vote for this feature!

Thanks,
Hugh

Under <email> , <General settings> tab, there is "Spam Check Exceptions"

Isn't that the place to put trusted sender domains?

Hi Sixteen,

That option will bypass spam scanning of certain domains, define the domains as Spam Check Exceptions. I guess DMR188 wants is to Reject or Allow Email to certain domains through XG. To do this, create an address group and define it within the Email policies with action as REJECT/ALLOW as per the requirement. 

Any help with that?

sachingurung,

Do you have screen shot of that?   
Also seems like exception list I mentioned isn't working as expected.

Can you be more specific? Ho to create a white/black list of domains from which we want to accept (or reject) emails disregarding their SPAM status?

Ha-ha! So, if anybody interested, i've opened a ticket and got the answer:

"I have gathered information and came to know that currently there is no option to add a list of whitelist/blacklist domain in the SMTP policy which is created for the MTA in v16.
There is a running JIRA ticket for this at Sophos its called NC-15230 (and NC-13004)."

What a bunch o crap, if you'll ask me!

 

Ha-ha! So, if anybody interested, i've opened a ticket and got the answer:

"I have gathered information and came to know that currently there is no option to add a list of whitelist/blacklist domain in the SMTP policy which is created for the MTA in v16.
There is a running JIRA ticket for this at Sophos its called NC-15230 (and NC-13004)."

What a bunch o crap, if you'll ask me!

 

Hi Americo,

It is a pending feature to whitelist/blacklist the sender domains in MTA mode on XG. Please cast your votes to this feature request here.

This feature is only possible if the XG is configured in legacy mode for Email Protection. Refer the article here: community.sophos.com/.../

sixteen again To  allow/reject Emails to a particular domain you can configure an SMTP policy in Email> Policies> Add SMTP Policy> Domain> Accept/Reject.

Thanks

Any new info to get blacklist/whitelist option to MTA? In legacy mode work great but we can't switch to MTA because this function missing(There is no option when you create smtp policy to select sender)...

I would like to know the same thing, this was mentioned months ago as on the feature list. No word on the current status.

I know for our company that until this is not fixed in MTA mode(That we can whitelist/block senders in SMTP rule) we will not use MTA and without MTA we can't test Sandstorm and also can't buy Sandstorm license...

P.S. We don't need per user rule! We need general rule which can't be override by user!

Hi

I have White Listed Domains With MTA in XG 130.

Here is how i did it:

1) Configure MTA mode

2) Goto Email -> Address Groups -> Add and create one for example in Name: WhiteListedDomains and in put the domain that you want to whitelist like this for example google.com

3) Goto Email -> Policies and you have for sure one SMTP Policy in that policie click on edit and under Domains And Routing Target on Protected Domain add the Address Group Created Before (WhiteListedDomains) and save.

And that's all

I hope i could help.

But you don't have blacklist option...

I've tried configuring an SMTP policy as you've mentioned here and that doesn't work. 

Final solution in v17:

https://community.sophos.com/kb/en-us/128049

Ha! They call it a solution! Now tell me how to block a TLD? you know, these pesky .work or .party or just simple .ru spam emails? The "Blocked email addresses" list will not accept "*@*.work" :-( They should've made the first list not "Allowed IP addresses/FQDNs" but "Blocked.." instead. And extended the mask to include just TLDs.

To be honest, in my opinion blacklisting a complete TLD seems not be a good solution. So I wouldn't implement that too. You never know who's going to send an email from such a TLD next time. Besides that I only see a few spam mails coming through. For these I'd like to see the greylisting feature work correctly. I bet that even the last spam mails are dropped then. The mentioned solution is more important to me regarding the whitelisting, as for example some important senders get blacklisted and don't do anything about it.