Sophos XG 17.5 - SPF Check not working

I installed Sophos XG 17.5 on a Sophos XG in HA Active/Passive Cluster.

Yesterday and today we received several E-Mails from user@domain.com to our internal domain user@domain.com.

SPF-Records are set for domain.com.

The E-Mail was sent from an external adress that doesn't match the SPF-Record.

All these mails were accepted without restrictions or filtered out as beeing probable Spam.

 

The Policy is configured accordingly and SPF Check is activated in the Policy.

It looks like SPF isn't checked at all.

 

I already opend a ticket with our Distribution and waiting for response.

Anyone here experiencing the same?