POP3, SMTP and IMAP setup

Reply
L4 Transporter

POP3, SMTP and IMAP setup

Hello,

 

Our POP3, SMTP and IMAP is currently set to Default (Alert) in the AV profile.

 

We have noticed malicious emails coming through and identified via Wildfire for staff using personal email addresses/computers using POP3 protocols? These personal computers are allowed on some of our remote sites.

 

Should POP3/SMTP and IMAP be set to Drop-reset for “Action” and “Wildfire” in the Anti-Virus security policy if it detects malicious file/link etc?

 

We are using Proofpoint to scan all our internal corporate email.

 

Thanks in Advance.

 

Antivirus.png

L4 Transporter

Re: POP3, SMTP and IMAP setup

Hi,

 

For SMTP, choosing reset-both is a good idea because the firewall will send a 541 response to the sending SMTP server to prevent the message to be sent.

 

For POP3 and IMAP, reset-both seems to cause the email clients to retry downloading the offending message eternally, so it probably interferes with the normal operation of the client. Still, that behavior is probably better than getting viruses inside your network (even if it's on personal computers).

 

Regards,

 

Benjamin

L4 Transporter

Re: POP3, SMTP and IMAP setup

Thank you Benjamin for your suggestion. Much appreciated.

Highlighted
L3 Networker

Re: POP3, SMTP and IMAP setup

I use reset-both for pop3 and imap, with no "known" problems. Blocks viruses like a charm... Even after SSL decrypt. This is gmail. THREAT ALERT : medium : 173.194.222.109 -> 192.168.4.164 Trojan-Downloader/VBS.agent.dpiwk(1210797) reset-both type: THREAT subtype: virus app: imap category: web-based-email contenttype: severity: medium direction: server-to-client sport: 993 dport: 49498 natsport: 993 natdport: 36862 flags: 0x81502000 proto: tcp action: reset-both
L2 Linker

Re: POP3, SMTP and IMAP setup

hi,

 

could you share in details what you mean by no "known" problems?

 

after you set to "reset-both" for POP3/IMAP, did your email clients keep retrying to download the offending message eternally? 

 

thanks for sharing. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!