Sophos UTM (Astaro Security Gateway)

Email Quarantine

Sophos UTM forwards suspicious emails to what is known as quarantine. You will regularly receive an overview of all messages stored in the quarantine by email. If an email has been categorized incorrectly, you have the option of releasing the email. Sophos UTM moves the corresponding email to your inbox. You should only do this if you are certain that the message is trustworthy. 

Email Logs

Email Logs is only displayed when Mail Transfer Agent (MTA) mode is enabled. This feature requires a subscription. It can be configured but is only activated with a valid email Protection subscription.This page shows the logs of all processed emails.

Start and end date: Select the start and end date within which the message was processed.

Recipient domain: Specify the domain of the recipient whose emails you want to view.

Results Filter: Select the type of message to be displayed.

  • Delivered: Successfully delivered emails.
  • Rejected: Emails that the appliance has rejected and for which the sender has been notified.
  • Discarded: Emails that were discarded by the appliance and of which the sender was not notified.
  • Isolated: Isolated emails.
  • Rejected emails that were automatically discarded by the appliance after several failed delivery attempts.
  • Deleted: Emails that have been deleted manually.

Cause filter: Filter email logs according to the following causes:

  • Infected with malware
  • Spam
  • Contain blocked files / attachments
  • Contain unscannable content or protected attachments
  • Blocked by Data Protection (DP)
  • SPX encrypted
  • Undelivered and SPX encrypted
  • No SPF record found or matched
  • Blocked by RBL
  • Classified as Malicious by Sandstorm
  • Blocked for other reason

Filter: Click to apply the filter to the protocols shown.

Delete: Click to reset the filter options. The default options show the current day as the start and end date and all filters are selected.

Whitelist sender

Whitelisting is intended to ensure that the emails from the listed senders are reliably delivered to the recipients and do not end up in the spam folder. Whitelisting is an attempted solution to such an incorrect assignment.

With Sophos you can add wildcard domains (like *atgmail [dot] com) or email addresses (like friendatgmail [dot] com) to the 'sender whitelist'.

Overview SophosOn the control bar, select the "Sender Whitelist" option and click on the plus sign.


Ad an entryEnter the new entry, then click the check mark to save it.


Change, delete entryClick the clipboard icon to edit and the trash can icon to delete

Note that the whitelist only applies to AntiSpam and Expressions, but is ignored for anti-virus scans.

Blacklist sender

If an email is classified as spam, it will be blocked. At Sophos, desired email domains with wildcards (such as *atgmail [dot] com) or email addresses (such as friendatgmail [dot] com) can be added to the 'sender blacklist'. They will be blacklisted and will no longer be able to send any further messages to this address.

To add an entry, proceed as for 'Sender Whitelist':

  • On the control bar, select the 'Sender Blacklist' option and click on the plus sign.
  • Enter the new entry, then click the check mark to save it.
  • Click the clipboard icon to edit and the trash can icon to delete.

Service