Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

G Suite - Group mail Forwarding rejected by Sophos Central.

Hi,

I have the Google Suite and scanning incoming and outgoing emails. Both direction mail flow is working fine but When an outside user is sending mail on Google Group ID then this mail is delivering on the Google platform and Google is putting in forwarding pipe and the same time it is getting failed/bounced with below error on the Google Gsuite:

Bounced
Google tried to deliver your message, but it was rejected by the server for the recipient domain <a href="relay-us-east-2.prod.hydra.sophos.com" target="_blank">relay-us-east-2.prod.hydra.<wbr>sophos.com</a> [18.221.253.246]. The error that the other server returned was: 550 5.7.1 Command rejected
 
Bounced
Google tried to deliver your message, but it was rejected by the server for the recipient domain <a href="relay-us-east-2.prod.hydra.sophos.com" target="_blank">relay-us-east-2.prod.hydra.<wbr>sophos.com</a> [18.221.253.246]. The error that the other server returned was: 550 5.7.1 Command rejected
 

What is happening in the background:

Outside User sending a mail to Group ID abcgroup@mydomain.com -----> Mail received and scanned on the Sophos Central------->mail delivered on the group----> mail Forwarded from group: abcgroup@mydomain.com to Individual recipients of this group as it@mydomain.com (at this point the mail getting bounced)

 

We noticed an error message on the Sophos central as:

Sender local part <abcgroup+bncbc5o5shs74mbbwgb6trqkgqealgwhzy@mydomain.com> could not be validated for domain <mydomain.com>  (as Mail sender).

After a long search on the internet, I found 

1). This behavior was changed from Google sometime before to fight with DMARC “P=Reject” policy from various domains/email providers.

2). As Sophos is following RFC 5322 for incoming and outgoing emails but here looking that Google is violating this RFC ( I am not gone through the complete RFC).

 

 Reference URL:

https://serverfault.com/questions/779730/why-dont-my-domains-messages-to-a-google-group-get-their-headers-rewritten-so

http://onlinegroups.net/blog/2014/05/01/dmarc-taking-responsibility-sending-group-email/

https://support.google.com/mail/answer/1311182?hl=en

https://www.spamresource.com/2014/04/google-groups-rewriting-from-addresses.html

https://tools.ietf.org/html/rfc5322#appendix-A.1.3

https://webapps.stackexchange.com/questions/62737/why-does-google-change-my-from-header-to-have-via-me-in-it

https://dmarc.org/wiki/FAQ#s_3

 

Here, Google is saying that this is normal behavior of Google's group and it will rewrite mail header with a random ID as  <abcgroup+bncbc5o5shs74mbbwgb6trqkgqealgwhzy@mydomain.com>.  And this issue belongs to the Sophos central. 

 

Looking expert guide to resolving the issue. 



Edited tags
[edited by: Raphael Alganes at 5:23 AM (GMT -7) on 8 Jun 2023]
  • Hi Deepak Verma,

    My apologies for this inconvenience. I would advise raising a support case and attaching the bounce email as a file attachment, for further investigation by our team.

    Please also PM me with your case number and details so I can follow up accordingly.

    Regards,


    Florentino
    Director, Global Community & Digital Support

    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • I had booked a case and we worked more than 4 months with Sophos. Finally, Sophos as accepted that this limitation of Sophos Central as 

     

    We use google groups for distribution lists. This sends the email out and then back in through the gateway. It looks like its coming externally, which will trip the header anomaly feature.
    We have our settings configured to reject header anomalies. so these wont even get delivered.
    Subaddressing is a common tactic used in google mail. Google allows you to give different variants of your email address to different third parties, and thus know who leaked your address to spammers. and block it if you want. for example; google will consider celworthy+foobar@gmail.com the same as celworthy@gmail.com
    Currently, central is blocking sending from subaddressed mailboxes. this has caused an issue with google customers.

    More details are mentioned in the PM.

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

  • Hi All,

    This is related to the improvement ID XGE-9910, to include support for subaddressed mailboxes.

    This improvement is continually being evaluated by our product team for future inclusion into the roadmap.

    Regards,


    Florentino
    Director, Global Community & Digital Support

    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids