Our POP3, SMTP and IMAP is currently set to Default (Alert) in the AV profile.
We have noticed malicious emails coming through and identified via Wildfire for staff using personal email addresses/computers using POP3 protocols? These personal computers are allowed on some of our remote sites.
Should POP3/SMTP and IMAP be set to Drop-reset for “Action” and “Wildfire” in the Anti-Virus security policy if it detects malicious file/link etc?
We are using Proofpoint to scan all our internal corporate email.
Thanks in Advance.
Solved! Go to Solution.
For SMTP, choosing reset-both is a good idea because the firewall will send a 541 response to the sending SMTP server to prevent the message to be sent.
For POP3 and IMAP, reset-both seems to cause the email clients to retry downloading the offending message eternally, so it probably interferes with the normal operation of the client. Still, that behavior is probably better than getting viruses inside your network (even if it's on personal computers).
could you share in details what you mean by no "known" problems?
after you set to "reset-both" for POP3/IMAP, did your email clients keep retrying to download the offending message eternally?
thanks for sharing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!