our customer is using aSophos XG for external mail delivery. Two weeks ago all e-mails that were sent from one domain landed in their outgoing quarantine. The customer must release these mails manually every few minutes. We found that one URL within the signature is causing this issue. If he removes the URL, all emails went through the outgoing spam filter. But he can't remove this URL because it's required for the German laws.
In addition to that, all recipients that are using the Sophos as mail target will sent these mails to their quarantine aswell. So the customer is losing money because emails are stuck in the outgoing quarantine of him, where he has to release them and in the quarantine of their customers where they might be never released.
I opened a case with high priority 2 weeks ago, escalated it, sent email examples to Sophos (will they arrive or are they blocked by their own systems?) and i called the hotline where the support is hanging up always.
The issues came up after an update of "IPS and Application signatures" on the 15th march. So we already know where the problem is but Sophos doesn't care. I think the cummunity can't do anything here, but probably somebody of Sophos will read this and just take this one URL from their blacklist.
Finally it was resolved with the latest AV definitions update. I hope this never happens again with a customer that has more users