MR-9 email scanning had to be disabled


after upgrading to MR-9 from a fresh install of MR-8 and restore I have had to disable mail scanning because the XG causes the Apple devices to not verify the various mail servers even after the installation of the CAs.

One server reports the certificate fails to meet pinning requirements and I suspect that there are too many older CAs in the keychains which need to be deleted. But the iPad and iPhone did not have any profiles installed. One other server returns incorrect userid or password which quite happily work when mail scanning is disabled or on the outside network.

HTTPS scanning works for web sites, I am a little unsure to the exact cause of mail insecurity.


  • I am having trouble understanding the current certificate setup. I am using the same CA on the iPhone as the MBP, the MBP does not have any issues with https scanning, where as the iPhone fails some sites.

    The MBP says the CA is installed and trusted for a Mail server for the mail client on the  MBP, but the XG doesn't, gives a pinning error.

    I have tried the default CA, the XG CA, my CA all fail the XG mail scanning.


  • In reply to rfcat_vk:

    Same issue for me. I have disabled IMAPS scanning for now.

  • In reply to shred:

    Same problem here. I generated a new sophos_ssl_CA with MR 9. But I have to disable email scanning.