Filtering Options

Use the Configuration > Policy > Filtering Options page to set advanced mail security settings and configure the Blocked and Warning page .

Sender Genotype Service

Messages from known bad senders can be blocked using SophosLabs Sender Genotype connection management technology. Choose one of three options for this setting:

  • Enable connection-level blocking of mail from known bad senders rejects messages from known bad senders as soon as the sender information from the TCP/IP connection is received. This option is recommended because it improves performance by blocking spam before it reaches more complex tests in the policy. With this option enabled, policy blocking is also active, and messages that were last relayed from hosts in the Trusted Relays list may be blocked if the message was passed by a known bad sender earlier in the relay chain. Configure whether blocked messages are discarded or quarantined with the Action for policy-level blocked messages drop-down list.
  • Enable policy-level blocking of mail from known bad senders blocks messages from known bad senders using a policy rule. This option is not as efficient as connection-level blocking, since the entire message must be accepted by the appliance. When messages are blocked at the policy level, the action is logged for reporting. Configure whether blocked messages are discarded or quarantined with the Action for policy-level blocked messages drop-down list.
  • Disable blocking of mail from known bad senders disables reputation filtering. When blocking of bad senders is disabled, messages identified as spam are quarantined rather than discarded.

Use the Action for policy-level blocked messages drop-down list to select how messages blocked by policy are managed. This action is only available for the Enable connection-level blocking of mail from known bad senders and Enable policy-level blocking of mail from known bad senders options. You can choose to:

  • Discard all blocked messages. This is the default.
  • Quarantine for reason "spam" any messages that did not match the anti-virus policy rules. These messages will usually be reported as blocked messages; however, if the message and/or its attachments include a virus, or an unscannable, encrypted, or suspect attachment, the message is processed at the policy level, and the reason is reported.
Note
If your network has trusted local SMTP relays that pass inbound messages to the Email Appliance, use policy-level blocking instead of connection-level blocking, and add the local inbound SMTP relays to the Trusted Relays list. Connection-level blocking will only work correctly if the Email Appliance receives messages directly from the internet.

The Enable proactive IP connection control for blocking suspicious hosts option rejects messages originating from dynamic hosts, spambots, and suspicious hosts. Enabling this option allows the appliance to block spam from hosts that have not yet established a reputation, but which are very likely to be sending spam.

Blocked/Warning Page for Time-of-Click Protection

Using this section, you can customize the warning or blocked page displayed to the user when a Time-of-Click policy is applied. You can:
  • View the current appearance of the blocked or warning page by clicking Preview.
  • Use the default blocked or warning page provided by Sophos, by clicking Use Default button.
  • You can upload a customized HTML file and images by clicking Configure. You can customize the appearance and messages displayed in the blocked or warning page.
    Note
    • Customizing the blocked or warning page is an advanced topic. Only those with sufficient knowledge of HTML and JavaScript should attempt these tasks.
    • HTML file with .html or .htm extension only is allowed with maximum file size 10 KB.
    • Image file with .gif, .jpg, .jpeg or .png extension only is allowed with maximum file size 1 MB.
    • While customizing the Warning Page, make sure you include the Proceed button, clicking which user can access the desired URL.
    • Make sure you Apply your changes within 15 minutes of uploading your files.

Sample Templates

For guidance, Sophos provides sample templates. These templates show you how to use variables that can dynamically insert information that is relevant for individual user messages. For example, if a URL is blocked because it is malicious, you can include a variable that inserts the actual URL that was blocked.

To download the sample templates and images, click the link below, and save the .zip file:

SampleTemplates.zip

Variables

Each of the web templates provided by Sophos supports the use of variables to help customize the pages that are displayed to users. If you are uploading your own HTML files, you must use the template-specific variables in the same context that they are used in the sample templates supplied by Sophos.

The variables used in the templates are:
  • <?url?>: The domain of the URL clicked by the user.
  • <?date?>: Date when URL is submitted to Email Appliance.
  • <?admin_email?>: Email address of the administrator as mentioned in Configuration > System > Alerts & Monitoring > Email.
  • <?image_path?>: Path of the image uploaded to Email Appliance.

  • <?full_url?> : This variable is used in Warning Page, in the onclick event of the 'Proceed' button. It will contain the complete URL to which will get redirected on clicking the Proceed button.