SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Mail Protection: SMTP Mail Address Rewriting

    It is often useful to forward or rewrite incoming mail domains or specific email addresses to a user or usergroups. It would be great if the feature would be possible. For example *@domain-A.de forward to hans.muster@meinefirma.de, or all messages from info@domaene-B.de forward to Felix.Hubert@meinefirma.de,

    62 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Mailsecurity: Hide internal IP in Mailheader

    It would be nice if the SMTP Proxy is removing the internal IP address in the "received from" line in the mailheader.

    Header with private IP
    Received: from mailsrv ([192.168.0.10]:2994) by asg with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69)

    Header without private IP
    Received: from mailsrv (unverified) by asg with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69)

    57 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Mail Security: Add DKIM DomainKeys Headers

    Would like to have the option to add headers with DKIMStatus = Verified. or DKIMSTATUS = Failed or DKIM_Status = Invalid or just give a reason so that we could filter out invalid message senders. who are signing the mail to which there is not a key to be retrieved.

    52 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Mail Protection: Forward POP3 Emails via SMTP to internal Server

    There are still a many customers out there which use POP3 Mailboxes. If a customer want's to connect these POP3 mailboxes to an internal Microsoft Exchange server, they always need to purchase an add-on tool which needs to be licensed on a per user basis. The tool downloads the POP3 Emails and forwards them 1:1 to the internal Server via SMTP. Each POP3 Mailbox needs to be configured via server, username and password and an SMTP email address where the email gets forwarded to.. Integrate this add-on feature and minimize the cost and effort needed to install, manage and maintain…

    50 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Email Quarantine Report

    Increase the number of available Email Quarantine Report scheduled times or have the F/W email users as their messages are quarantined.
    Having the quarantine report emailed twice daily causes issues with time critical emails, if they are stopped as false positive.

    48 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. SPX Reply Portal Attachments

    The built in "Reply Portal" for SPX should allow the recipient to attach files with their reply.

    46 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Planned  ·  Eric Bégoc responded

    We are planning to include this in next upcoming release 9.3 later in 2014

  7. Mail Protection: SMTP smarthost test button

    Troubleshooting SMTP Smarthost problems with authentication is hard to do. After changing config you need to send test mails to an outside domain and have to watch logging.

    Please add a test-button that can report:
    1. no connection (IP:Port not listening)
    2. connected, but user unknown (550)
    3. connected, but wrong password
    4. success

    46 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Mail Protection: CRL for email encryption Certificate Authority (CA)

    Using the ASTARO builtin Certificate Authority (CA) for creating certificates for external mailboxes, you should have a CRL (Certificate Revocation List) for certificates that have been revoked or are no longer valid, and therefore should not be relied upon. It is like the CRL you can use to disable a certificate in the "Remote Access" section of the ASG.

    42 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Mail Protection: Recipient Blacklist

    There is already a global Sender Blacklist for blocking unwanted Sender addresses.
    It would be nice to also have a Recipient Blacklist. If you have several mail addresses on your internal mail server that are for internal use only and should not be reached from the outside you could put them on that blacklist. This is especially useful for large distribution Groups or archiving mailboxes where external Messages can be unwanted and annoying.

    38 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mail Protection: SenderID Support

    I was able to mimic one of your support staff by having a fake address in the mail from section of the email, but having a legitimate envelope from address.
    When the message is received, it showed him as the sender, when it was actually myself.

    I believe this type of spoofing has been countered by having Sender ID Framework, but I was advised this is not a current feature from Astaro.

    I understand SPF can stop spoofing to some degree, however SPF only does a check against the envelope from, and not the mail from address.

    Essentially a feature…

    38 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. discover if ,doc attached file contain macro

    i'd like to know if is possible analyzer doc file attached to an email and discover if it contain macro and if has it put the message in quarantine

    36 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Email exceptions to anti spam sender blacklist

    Currently in the list of email exception rules there is no way to bypass the Sender Blacklist list of email addresses or domains.

    If like us you want to block all Facebook mail, and do this via blocking *@facebookmail.com,but still want to say your marketing/pr department to have access there is no way to create an exception. All the other AntiSpam categories are covered in the exceptions tab but not this one.

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Mail Protection: Non-delivery report for blocked Outgoing messages

    In my opinion its useful to receive a Non Delivery report for outgoing sended emails. Blocked file extensions like .exe or .bat will block ANY directions of mails (extern to intern and also intern to extern).

    These messages will be quarantined however internal users will not receive any information about that like an NDR. He belief, that the mail was delivered correctly.

    34 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add options to reject or quarantine emails that fail or have invalid DKIM

    Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

    33 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Email Protection : TLS Version and Ciphersuite selection

    Dear Sophos Team,

    please add an TLS Version selector to the Email Protection settings, like it's already done in "Webserver Protection > WAF > Advanced".

    In addition, please add an Ciphersuite Selector, so advanced users can specify further down which ciphersuite ( ECDH- / DHE-/ AES-*/ .. / ) they want to use.

    32 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. support managed PKI for mail encryption / signing

    For easier management of Astaro's mail encryption / signing feature in larger enviroments it would be helpful, if Astaro would support automated creation of encryption/signing mail users using trusted certificates through a automated interface to a official signing provider as trustcenter or swisssign or equal. There seems to exist RFC compliant interfaces to such providers according to RF2797 standard.

    32 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. SPX encryption: Changing language of SPX Password portal

    It would be nice if you could change the language of the SPX Password portal

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Wildcard support for antispam's sender blacklist & excepted email addresses

    Under "EMAIL PROTECTION > SMTP > ANTISPAM > SPAMFILTER"
    you are able to block email senders by adding their domain. You are also able to use wildcards i.e. "*@domain.com".

    Same you can do under "EMAIL PROTECTION > SMTP > EXPEPTIONS" to add a sender's email address to except him from specific rules (HELO, Antispam, etc.) buy using the same format and wildcards i.e. "*@domain.com".

    Unfortunately I get more and more spam emails from the same domain which uses A TON of subdomains i.e. the following (german) spam site:

    @elektronik.de-at-ch.com
    @rasierklingen.de-at-ch.com
    @versicherung.de-at-ch.com
    @mobil.de-at-ch.com
    *@reisen.de-at-ch.com

    The same applies to whitelist pages i.e.…

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. MailSecurity: Spam Action Forward

    The Mail Manager should have the ability to forward a message in the quarantine to a specified address. This could be used to correct invalid recipients, and/or "send back" messages to the sender in a sort of crafted bounce.. Provide administrators with more choice in managing mail and messages.

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. spoof attack

    Working with Sophos support (case 5397031), the current product is not able to stop a spoof attack in which the "envelope from" is valid but the body sender address is spoofed as an internal address.

    SPF checks are not effective in this scenario and the message is delivered.

    30 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.