Hi, we have a problem with forwarding emails. Exchange 2013 on Prem. Using Email Security on Sophos Central.
This seems to have come up on here before, but I cant find a solution. Any help appreciated.
I use exchange to forward emails on for a user to an external account at firstname.lastname@example.org
I can email the external account from our domain email@example.com and they can email in.
If I email User1@domain1.com from any other exernal account, say firstname.lastname@example.org I get the following error:
Subject: Delivery Failure Notification
Sophos XG Firewall was unable to send the following mail:
From: User1@domain1.com MessageID: <LNXP265MB250800947BB98F138EDDAD85B6E69@LNXP265MB2508.GBRP265.PROD.OUTLOOK.COM>
Sent on: 2022-04-07 12:39:27
Mail delivery to following recipients failed:
email@example.com - 550 5.7.1 Command rejected
Received: from ExchangeServer (10.10.) by exchangeserver (10.10.) with Microsoft SMTP Server (TLS) id 15.0.847.32; Thu, 7 Apr 2022 12:42:47 +0100
Received: from inbound-18-216-7-10-us-east-2.prod.hydra.sophos.com
(126.96.36.199) by Exchange.domain1 (10.10. with Microsoft SMTP Server id 15.0.847.32 via Frontend Transport; Thu, 7 Apr 2022 12:42:28
Received: from ip-172-21-100-31.us-east-2.compute.internal
(ip-172-21-100-31.us-east-2.compute.internal [127.0.0.1]) by
inbound-18-216-7-10-us-east-2.prod.hydra.sophos.com (Postfix) with ESMTP id
4KZ00l6CnfzPjdl for <User1@domain1.com>; Thu, 7 Apr 2022 11:44:39
dkim=pass header.d=domain3 header.from=domain3; dmarc=pass (recordpolicy=quarantine) header.from=domain3
Received-SPF: pass receiver=mx-01-us-east-2.prod.hydra.sophos.com;
client-ip=188.8.131.52; envelope-from=< firstname.lastname@example.org >;
Received: from GBR01-LO2-obe.outbound.protection.outlook.com
(mail-lo2gbr01on2084.outbound.protection.outlook.com [184.108.40.206]) (using
TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx-01-us-east-2.prod.hydra.sophos.com (Postfix) with ESMTPS id 4KZ00c6Rhsz9rwG for <email@example.com>; Thu, 7
This happens because the forwarded email contains the original sender's HEADER FROM which will be domain3.com.
Since Sophos Central Email is a SaaS solution and it is shared by many tenants, it needs…
Since Sophos Central Email is a SaaS solution and it is shared by many tenants, it needs to have a way to determine which emails are for your organization. The way it does this is by using the HEADER FROM email address. If the domain here is not one of your configured domains AND the email address is not a MAILBOX on your Central account, you will get a reject message.
You should look into other options such as bypassing Central Email for auto forwarded emails or doing some HEADER FROM rewriting.
Thank you for the answer, at least I know what is going on with this. Really appreciate it.
Would you have any information on either of these options at all or is that a post for another topic area?