Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 25253 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is UTM mail proxy still relevant?

rfcat_vk

My question is based around the fact that most mail systems use either 465 or 587 for outgoing mail? The proxy only listens on port 25.

The pop proxy is no better it listens on 110 where as most systems use 143, 993.

So to those in the know are there any plans to upgrade the proxy so that it will work with other mail protocols?

Ian



This thread was automatically locked due to age.
Parents
  • 0

    Some UTM functions are to protect the desktop clients on your network from hostile servers on the internet, while others are intended to protect the servers on your network from hostile devices on the internet.

    It appears that you are thinking of the SMTP proxy as a device to protect the connection between Outlook on your PC from your mail server.   The POP3 proxy plays that role, you can think of it as a second line of defense in case your mail server is successfully attacked.   However, the SMTP proxy is intended to protect a mail server from incoming messages sent by a hostile server on the internet.

    You are right that your mail program uses ports 25, 465, or 587 to send messages to the mail server.   That traffic is trusted because you have to log in to send messages (or you need a special exemption based on your IP).   

    Mail servers also transmit to other servers using port 25 as the target.  The remote server does not authenticate and is not trusted, but it is allowed to send messages to the accounts on the mail server.    The UTM SMTP proxy intercepts that traffic to reduce the risk that a hostile message will be accepted.

    If your mail does not flow into your UTM before flowing into your mail server, then the SMTP proxy is not intended for your situation.   

    Hope this helps. 

  • 0 in reply to DouglasFoster

    Hi Douglas,

    yes and no. If you take the XG it can scan imap/s, pop/s, smtp/s as part of a business rule but not 587. The MTA well I haven't succeed in getting it to work yet. So my query is about bringing the UTM mail scanning up to XG standard. Yes, the UTM has features in mail handling that the XG does not.

    Not all business that use the uTM have an onsite mail server and in a lot of cases rely on their ISP to provide mail server functions. Now for security purposes most businesses will have moved away from ports 25 and 110. Also POP mail does not allow the user to maintain a copy on the server if something goes wrong at the user end whereas imap does.

    So, the way the UTM is provided at the moment is not good for small business or home use for mail security. Small business is why mac security is really needed....

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Multiple layers of defense are always a good idea.   

    Your primary mail defense needs to be a spam filter for mail coming inbound from the internet on port 25 to your mail server.   This intercepts mail that arrives on unauthenticated sessions.  This is the role that UTM Spam Filter is designed to play.

    If you mail server is hosted by a third party, it is the third party's responsibility to provide an effective spam filter.   (Office 365 is an exception, they provide instructions for providing your own spam filter.)   If your hosting service cannot provide good spam filtering, you should pursue an alternate hosting service.   Of course, this becomes painful if you are using the vendor's email domain instead of one that you own.

    Filtering traffic between the mail client and the mail server become a second line of defense.  There are an abundance of protocols between clients and servers, including at least:  IMAP+SMTP, POP+SMTP, MAPI (Outlook to Exchange), ActiveSync (Cell phone to Exchange), EWS (Outlook to Office 365), and Outook to Hotmail (name unknown).   Some of these have encrypted and unencrypted variants, as you indicated.  In this context, UTM can only filter traffic from the mail server to the client when the connection uses POP3, encrypted or unencrypted.   POP3 is an unattractive solution for multiple reasons, and is falling out of use.

     

     

Reply
  • 0 in reply to rfcat_vk

    Multiple layers of defense are always a good idea.   

    Your primary mail defense needs to be a spam filter for mail coming inbound from the internet on port 25 to your mail server.   This intercepts mail that arrives on unauthenticated sessions.  This is the role that UTM Spam Filter is designed to play.

    If you mail server is hosted by a third party, it is the third party's responsibility to provide an effective spam filter.   (Office 365 is an exception, they provide instructions for providing your own spam filter.)   If your hosting service cannot provide good spam filtering, you should pursue an alternate hosting service.   Of course, this becomes painful if you are using the vendor's email domain instead of one that you own.

    Filtering traffic between the mail client and the mail server become a second line of defense.  There are an abundance of protocols between clients and servers, including at least:  IMAP+SMTP, POP+SMTP, MAPI (Outlook to Exchange), ActiveSync (Cell phone to Exchange), EWS (Outlook to Office 365), and Outook to Hotmail (name unknown).   Some of these have encrypted and unencrypted variants, as you indicated.  In this context, UTM can only filter traffic from the mail server to the client when the connection uses POP3, encrypted or unencrypted.   POP3 is an unattractive solution for multiple reasons, and is falling out of use.

     

     

Children
No Data
Unfiltered HTML