SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Reject Quarantine Messages Choice

    Add option for quarantine emails to be rejected (add in drop down: View, Delete, Release).
    This will also inform the sender that his email was rejected if for example the antivirus engine failed to perform a security scan.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow custom exim configuration

    Allow custom exim.conf configuration to be added. Exim has alot of flexibility and features that are not available through the web interface, so it would be nice to be able to add your own custom config.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Block recepient address in SMTP proxy

    The option is required to block recipient email address in SMTP proxy to block users sending to their personal email accounts or to control recipient address if users are sending email to resigned employees by mistakenly.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. DNS Forwarders - allow a separate selection for Mail Protection

    If you've seen my DNS best practice (https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice/109152#109152) post, you know that it recommends NOT using the DNS servers of your ISP and using Google or OpenDNS. The reason for this is that many providers hijack DNS, breaking rDNS.

    When I started that post over eight (!) years ago, there were very few Content Delivery Networks (CDNs). Today, they abound, and that's a problem that may well trump thr rDNS problem. As Alexander Busch described this situati in a post near the end of the DNS Best Practice thread, "Essentially, it is about the provider operating a large…

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Different skriplist for incoming and outgoing traffic for MailProtetion

    It would be great to have in the "Email Protection - SMTP - Transparent Mode" a different Skip-List for incoming and outgoing traffic.

    In some cases you you need to use that feature (f.e. Bridge Mode) to get all SMTP Traffic scanned for Virus and Antispam, but you need that feature only incoming.

    When you can´t skip outgoing that traffic will be blocked - so it would be great to get the solution to differ the traffic way. In other modules you have that feature.

    I know that is a special case, but without that the E-Mail Protection SMTP don´t…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Spam unknown sandbox/hold

    This stemmed from a particular spam message we received. The spam was not caught by the filter(s) and was sent off to "Cyren" for analysis. In the time it took from that initial email to be sent to Cyren and then confirmed as spam, it had been 4 minutes. In those 4 minutes, we received multiple emails from that same sender, with the same subject, etc, which passed through the filters just as the first had done. Once Cyren responded back that the email was confirmed as spam, the UTM began blocking any future messages from that sender (as it…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Whitelist for File Type / MIME Type Filtering

    A customer wants to put email sender addresses on a white-list not only for bypassing spam filter, but for bypassing File Extension Filter or MIME Type Filter.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. AD Look-up MISSING contact!

    At the moment the currenct build in AD check/query is incomplete!

    This is the current AD check/query:

    ADLOOKUPOK = ${lookup ldapm{referrals=nofollow user=${quote:ADUSER} pass=${quote:ADPASS} ADSERVER/${quoteldap:ADBASE}?mail?sub?(&(|(objectClass=user)(objectClass=publicFolder)(objectClass=group)(objectClass=msExchDynamicDistributionList))(|(proxyAddresses=SMTP:${quoteldap:PRVSFLATTENRCPT})(mail=${quoteldap:PRVSFLATTEN_RCPT})))}{1}{0}}

    This is what is should be (as we use it, and have to change the exim every time the UTM is update):

    ADLOOKUPOK = ${lookup ldapm{referrals=nofollow user=${quote:ADUSER} pass=${quote:ADPASS} ADSERVER/${quoteldap:ADBASE}?mail?sub?(&(| (objectClass=contact) (objectClass=user)(objectClass=publicFolder)(objectClass=group)(objectClass=msExchDynamicDistributionList))(|(proxyAddresses=SMTP:${quoteldap:PRVSFLATTENRCPT})(mail=${quoteldap:PRVSFLATTEN_RCPT})))}{1}{0}}

    When you compare them you will find that we added:
    “(objectClass=contact)”
    As Exchange ready AD's can have contacts that can receive mail from "external".

    This "fix" can be implemented in the next release with no problem at all.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable Header Matching of Data Protection Custom Rules

    To match the functionality of the Sophos E-Mail-Appliance more closely, it would be helpful if it was possible to match E-Mail Headers with the Custom Rules of the Data Protection Engine.

    This would allow triggering SPX-Encryption by marking the E-Mail as confidential or trigger on words ONLY in the subject, not in the body.

    Two examples that work on the Sophos E-Mail-Appliance but do not work on the Sophos UTM:
    Subject: .[ENC].
    Sensitivity: company-confidential

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mail Limit Relayusers to a specific ip/network

    Improve the possibilty of the mail protection to define specific single/multiple IPs and/or networks which are allowed to use smtp auth. to send a mail from external through the UTM to other receiver (internal and external)

    We have had an open bug report on Sophserv but the sophos contact advised us to open a feature request here.

    Add. information: The blacklist/whitelist box is available at the moment. But if you assign "Any IPv4 Internet" Default rule to blacklist(as mentioned by sophos support - we speak of the SMTP Relay Tab) blocks all SMTP traffic not only the relay traffic.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fingerprinting Spam

    A development of spam methode is Fingerprinting Spam. Would be nice to have this feature available on Sophos devices. I was advised to raise a feature request by Sophos.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. email appliance

    Let the Sophos Email Appliance to accept LDAP credentials injection via HTML headers, query strings, or basic authentication headers in order to provide Single Sing On with 3rd party reverse proxy.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. smtp: change authenticated smtp proxy authentication flow

    UTM first verifies username/password, and then checks if the user is allowed to use the authenticated smtp proxy.
    This allows a botnet to do a DoS attack, by simply giving wrong passwords for any AD account -> sophos checks all passwords, causing the account to become lockedout on the AD (toomanyfailedpasswords)

    We would like UTM to first check if the user is allowed to use the auth smtp proxy AT ALL, then further authentication would in most cases not be required. (reducing the number of failed logons on our AD servers considerably)

    This is how…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. POP3 - Autoreply or Autoresponder when mail contain blocked extension

    The UTM doesn't have an option to send automatically e-mails back to sender if there mails where blocked cause of extensions like .doc or .xls and so on in POP3 Proxy.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. enable or disable digests for specific users

    it would be very useful if the quarantined digest could be enabled or disabled for specific users as some users you may not want to access the quarantine or for automated accounts to not receive an email that will never be viewed as an example

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. time of click catagorisation

    it would be very handy to be able to see what a url sits in catagory wise like we can on the sophos web appliance so we have a better understanding on what the high, medium and low categories actually work to or if they need recategorising

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. global white list isnt globally whitelisted

    in our mail appliance we have set white lists of domains, but the domains are not excluded from additional policies so we have to exclude / white list the same domain in all policies to prevent it still getting blocked

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. mail attachement - blockign file extensions

    i had an issue which i raised with support and got no where.

    we setup a rule that was supposed to block all attachments except the ones in the allowed list.

    as sophos only works on true file type detection, if its not a file type in its database it does not block the email.

    such as .xaml which is a valid file and will open in Excel

    one big issue is that if i set a rule that only allows .docx files through it should block any other file types regardless of its true file type, whether it is…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. time of click protection - not applied to quarantined emails

    if an email is released from quarantine then time of click protection is not applied.

    surely an email that was quarantined for some reason is more likely to have bad url's in it needing the TOC protection?

    TOC protection should be applied to all quarantine emails either before it is quarantined or after it is released

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. time of click protection - blocking / alerting page

    time of click protection block / warning pages should show the link they are being taken to rather than just the top level domain.

    time of click protections seems very basic and poor. we have always educated users to hover over the button or link and check the url before clicking it.

    time of click removes any ability to do this within the email its self or the warning page

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.