Creating Antispam Profiles
Use the Unified Threat Management (UTM) policy page to configure antispam profiles.
E-mail spam consists of unwanted e-mail messages usually sent by commercial, malicious, or fraudulent entities. When the device detects an e-mail message deemed to be spam, it either blocks the message or tags the message header or subject field with a preprogrammed string. Antispam filtering allows you to use both a third-party server-based spam block list (SBL) and to optionally create your own local allowlists (benign) and blocklists (malicious) for filtering against e-mail messages.
Sophos updates and maintains the IP-based SBL. Antispam is a separately licensed subscription service.
Once you create a profile, you can assign it to UTM policies. Within the UTM policy, you can apply either the same antispam profile or create one inline to scan e-mail traffic.
Before You Begin
Read the UTM Overview topic
Decide what kind of filtering you want for the UTM policy: Web filtering, antispam, antiviurs, or content filtering.
Review the Antispam Profile main page for an understanding of your current data set. See Antispam Profile Main Page Fields for field description.
Configuring Antispam Profile Settings
To create an antispam profile:
Select Configure > UTM Policy > Antispam Profiles.
Click the + icon to create a new antispam profile.
Complete the configuration according to the guidelines provided in Table 1.
Table 1: Antispam Profile Settings
Enter a unique name for the antispam profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters.
Enter a description for the antispam profile; maximum length is 255 characters.
Use Sophos Blacklist
Select this check box to use server-based spam filtering. This check box is selected by default. If the box is unchecked, local spam filtering is used. Server-based antispam filtering requires Internet connectivity with the spam block list (SBL) server. Domain Name Service (DNS) is required to access the SBL server. The firewall performs SBL lookups through the DNS protocol.
Note: Server-based spam filtering supports only IP-based spam block list blocklist lookup. Sophos updates and maintains the IP-based spam block list. Server-based antispam filtering is a separately licensed subscription service.
Select the antispam action that the device should take when it detects spam:
Enter a custom string for identifying a message as spam. By default, the device uses ***SPAM***.