IMAP ONLINE and policy

Hello,
in the company we have always used e-mail clients such as outllok or Thunderbird, with the relative IMAP and POP3 policies to check incoming and outgoing mail, now that we would like to go online how can I check with the same policies that seem to not work?

Comments

  • Online using what?

  • office 365 or ITALIAN local provider "ARUBA"

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Cristiano

    With regards to the client connections. there are two basic ways this can go:

    -Webmail: You can use the HTTP/HTTPS proxies (HTTPS will need content inspection turned on.) This can provide antivirus scanning, but won't help with spam blocking.

    -Connecting to Cloud/online server via a client using IMAP/POP3: You can use the IMAP proxy, just as you would have done before.

    For the server, you can still use the firebox to scan inbound SMTP mail, you'll just need to set the firebox up to forward it to the server in the cloud, like here:

    (Configure the Firebox SMTP proxy to work with Office 365 and other cloud-based email services)
    https://watchguardsupport.secure.force.com/publicKB?type=Article&SFDCID=kA10H000000g3drSAA&lang=en_US

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Thanks,
    in my case not an internal mail server, I would just like to scan the mail visible from webmail.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Cristiano
    in order to scan webmail, you'll need to use the HTTP and HTTPS proxies. You'll only be able to do Gateway AV scanning, IPS scanning here. Spamblocker won't work via the HTTP/HTTPS proxies.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Hi,

    I have not explained myself well, I would just like to scan mail with antispam / APT and AV via webmail in the office 365 platform, but I don't have an internal mail server because until now we have used mail clients

  • Web mail does not use SMTP, thus you can not use SMTP options such as spamBlocker. You need an internal mail server to use the SMTP proxy.

    You can implement AV on an HTTP proxy action, and if you use Inspect on a HTTPS proxy action for your web mail access, you can use AV.

  • Thanks Bruce

  • but in this case of active deep inspection, does the APT work?

    Thank you

    "With regards to the client connections. there are two basic ways this can go:

    -Webmail: You can use the HTTP/HTTPS proxies (HTTPS will need content inspection turned on.) This can provide antivirus scanning, but won't help with spam blocking.

    -Connecting to Cloud/online server via a client using IMAP/POP3: You can use the IMAP proxy, just as you would have done before.

    For the server, you can still use the firebox to scan inbound SMTP mail, you'll just need to set the firebox up to forward it to the server in the cloud, like here:

    (Configure the Firebox SMTP proxy to work with Office 365 and other cloud-based email services)
    https://watchguardsupport.secure.force.com/publicKB?type=Article&SFDCID=kA10H000000g3drSAA&lang=en_US "

  • Q. but in this case of active deep inspection, does the APT work?
    A. yes
    From the documentation:

    APT Blocker can scan files for these proxy policies:
    HTTPS-proxy, if APT Blocker is enabled in the HTTP proxy action used for Content Inspection

    About APT Blocker
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/apt/apt_about_c.html

  • Thank you Bruce

  • It probably will NOT work with Microsoft 365 as you desire if you have HTTPS DPI working with its defaults because most of the Microsoft sites needed for Microsoft 365 to work are already excluded from DPI.

    Gregg Hill

  • If you use Microsoft 365, you can set up mail flow rules in the Microsoft 365 Exchange Admin console to block most potentially malicious file types from being received. You can add custom rules to strip email attachments by extension, for example, block all files with extensions such as .vb, .vbs, .js, .ps1, .iqy, .docm, .xlsm, etc.

    If you use Microsoft 365, you likely won't have any need to use IMAP or POP3, and for security reasons, those protocols should be disabled in Microsoft 365 anyway.

    Gregg Hill

  • Thank you Gregg

  • edited September 2020

    You do spam filtering and virus scan on the server side (Office 365) and those are already enabled by default. You won't even need IMAP and/or POP3 (they are enabled by default). Outlook connects to 365 mailboxes over https.

  • edited September 2020

    @Ron said:
    You do spam filtering and virus scan on the server side (Office 365) and those are already enabled by default. You won't even need IMAP and/or POP3 (they are enabled by default). Outlook connects to 365 mailboxes over https.

    "You won't even need IMAP and/or POP3 (they are enabled by default)."

    And IMAP/POP3 should be DISABLED manually for security and to help prevent "spray & pray" credential attacks. I also recommend MFA for all accounts.

    Gregg Hill

  • I'm just stating the default settings. Both IMAP and POP are enabled by default. Sure I can see a few sign-in attempts from all over the world. All break-in attempts I've seen are over IMAP4 protocol.

    Having said that, I'm not sure if the IMAP/POP settings are effective. I have tried turning off ActiveSync on a few mailboxes to prevent users from checking mail on their phones. It does absolutely nothing. Those users can still add their mailboxes as Exchange mail account.

Sign In to comment.