Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Incoming Mail Bypassing Sophos Central Email and coming direct to On Prem Exchange?

I've migrated from PureMessage to Sophos Central Email a couple of weeks ago and I am seeing an issue with spam that I can't quite figure out. 

I updated my MX record to use the two Sophos servers, 99% of our mail is flowing inbound as expected with a number of genuine bulk and spam mail being caught in Quarantine as expected.

However, I am seeing quite a bit of junk mail coming through and completely bypassing the Sophos servers, obvious to see as the  'Received: from' value is not the Sophos server but random I.P addresses. 

I still have PureMessage running so I am able to capture them before they hit the users inboxes but how is this scenario possible?

I was concerned it was an Exchange misconfiguration but everything looks fine there.

On another note, would it be recommend to update my Exchange Receive connector to only accept mail from the Sophos servers?

Thanks



Added tags
[edited by: Raphael Alganes at 10:03 AM (GMT -7) on 29 May 2023]