ATP100: Email Security not working

e_mano_e
e_mano_e Posts: 27
First Comment Friend Collector Second Anniversary
 Freshman Member
Hi,

my ATP100 runs with the latest firmware V5.21.

I just realized that the "Email Security" feature is not working.
I looked at "Monitor" -> "Security Statistics" -> "Email Security".
"Collect Statistics" is enabled but "Total Mails Scanned" says "0".

Under "Configuration" -> "Security Service" -> "Email Security" the checkbox "Enable" is activated.
"Actions for Spam Mail" is set to "SMTP = forward" and "POP3 = forward with tag".

From my understanding "POP3 = forward with tag" means that incoming emails are scanned. SMTP (outgoing emails) will be forwarded without scanning.

I'm using an on-premise installed email server software called "Tobit david".
Outlook or MS Exchange are not in use.

Any ideas why the email security is not working?

Thanks.
Jens

All Replies

  • e_mano_e
    e_mano_e Posts: 27
    First Comment Friend Collector Second Anniversary
     Freshman Member
    edited March 10
    I just read in the Zyxel Online Web Help the following:

    The Zyxel Device’s email security feature checks SMTP (TCP port 25) and POP3 (TCP port 110) emails by default. You can also specify custom SMTP and POP3 ports for the Zyxel Device to check.

    My Mailserver is configured to use POP3 on port 995.
    That should be reason why the ATP100 statistics say that 0 emails are scanned.

    But where do I set the custom POP3 port in the ATP100 Configuration?
    I've searched but found nothing regarding a custom POP3 port.

    Thanks.
    Jens
  • USG_User
    USG_User Posts: 329
    First Comment First Answer Friend Collector Fourth Anniversary
     Master Member
    Normally port 995 is SSL encrypted. That's why your device is not able to check these retrieved emails. They will be finally decrypted at your email server after passing the ATP.
  • e_mano_e
    e_mano_e Posts: 27
    First Comment Friend Collector Second Anniversary
     Freshman Member
    Oh, I never thought about this in detail.

    But than the Email Security feature of the ATP is completely unuseable. Or am I wrong?
    All email traffic should always be done using a SSL/TLS encrypted way.

    Jens
  • USG_User
    USG_User Posts: 329
    First Comment First Answer Friend Collector Fourth Anniversary
     Master Member
    That's why we do not using this feature of our USG110 since in Germany all big mail providers only accept encrypted mail delivery and retrieval, although this does not mean a complete end-to-end mail encryption.
    But in case you could switch-over to port 110, your firewall might be able to look into your incoming mails. But then the traffic from/to your mail provider is unsecured.

    Here with us the mail provider is scanning all of our mails as a first step, and secondly our Windows client computers have an A/V software running, which is checking any read/write jobs, including mail client traffic. That's why it doesn't hurt too much that our USG is not scanning the mails.
  • e_mano_e
    e_mano_e Posts: 27
    First Comment Friend Collector Second Anniversary
     Freshman Member
    Here with us the mail provider is scanning all of our mails as a first step, and secondly our Windows client computers have an A/V software running, which is checking any read/write jobs, including mail client traffic. That's why it doesn't hurt too much that our USG is not scanning the mails.
    That's exactly the same for me but I wanted to configure some custom spam lists for incoming emails.

    Thanks so far.

    Jens
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 248
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 5 Answers First Comment
     Master Member
    Hi @e_mano_e ,
    Yes, Anti-spam is not able to check due to Mail Encrypted.
    Now, We have CES (Cloud Email Security) Solution to protect the incoming mail.
    Kindly find the following link:
    https://www.zyxel.com/products_services/Security-Service-Cloud-Email-Security/overview
    Kevin
  • e_mano_e
    e_mano_e Posts: 27
    First Comment Friend Collector Second Anniversary
     Freshman Member
    Hi @e_mano_e ,
    Yes, Anti-spam is not able to check due to Mail Encrypted.
    Now, We have CES (Cloud Email Security) Solution to protect the incoming mail.
    Kindly find the following link:
    https://www.zyxel.com/products_services/Security-Service-Cloud-Email-Security/overview
    Kevin
    Is CES part of the ATP100 license? Or do I have to purchase CES as a separate license?

    Jens
  • USG_User
    USG_User Posts: 329
    First Comment First Answer Friend Collector Fourth Anniversary
     Master Member
    edited March 11
    I'm always critical with all "cloud based" services, especially in Europe where the GDPR is to be observed (in business matters), means no personal data must be transmitted outside EU. And please note, at least IP addresses are defined as personal data!
    And in case the Zyxel servers are situated inside EU without transmitting anything to Asia (where I'm in doubt), Zyxel act at least as a data processor on your behalf and has to be contracted in accordance to Article 28 (3) GDPR.

    Our mail server (Mercury) behind the firewall (USG110) has a built in anti-spam engine which is filtering a lot of unwanted mails and which is able to learn from false positives or missed spam.
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 248
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 5 Answers First Comment
     Master Member
    Hi @e_mano_e,
    CES is not part of the ATP100 license. You have to purchase separate license.
    For more information. You could contact local reseller.Thanks
    Kevin

Security Highlight