Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forwarding Email from Exchange 2019 not working

I have outbound emails filtered through Sophos and in the outbound gateway I have the ip of the firewall.  The client can send emails out normally using outlook.  The issue is when we have a mailbox set up to forward mail to a contact through the recipient / mail flow in the exchange admin center the email gets rejected by Sophos.

This is not an issue with the exchange server as it used to work when filtered through Reflexion. The minute we moved to Sophos Email it started to block any forwarded messages.  Any help would be appreciated.


This thread was automatically locked due to age.
Parents Reply Children
  • This is an intended behavior of Central Email.

    The reason is, Exchange somewhat act ugly in a sense.

    Because if you do a auto forward on the Exchange, Exchange will forward the email in the name of the original sender. Which means, if somebody is sending you a email from Exchange will try to send this email with "FROM:" which of course breaks with a lot of stuff like SFP etc. 

    To prevent this blocking and potential blacklisting of Central IPs, CEMA is blocking the email directly.

    If you press in Outlook "Forward" the user is sending the email in a "nice manner", which means, the original recipient is the new "sender". 

    I cannot comment on "why Exchange is doing this". But we tested this several times and cannot get any way of "admin way" to get this forwarding working. 


  • Hi

    Thanks for the update. I guessed that much.

    I have it working now with the Outlook rule. Have to check Exchange server Mailflow rules.

    In Outlook rules you have an option of forwarding to specific users or groups and forwarding the message to specific users or groups. It might look the same but the first relays the message with the original sender as email sender and the second forwards the message by adding FWD: and the forwarders e-mail adress (the original recipient) as e-mail sender. The difference for Sophos is obvious. The first is relay and not allowed and the second is allowed as it send from a domain email user.

    I have to check if Exchange server side has this difference also in the actions when creating a Mailflow rule.

    So you can't use the setting in Exchange to autoforward on the mailbox itself. You would have to check if the action in Mailflow rules also has a forward the message action. Another option is sending it autoforward as an attachment. 

    Outlook needs to be open (RDS session) for rules to work otherwise it won't autoforward.

    Exchange Mailflow rules are always on.



  • The Mailflow rule action option has three options:

    1. Forward message for approval… This option allows you to stop the message from leaving your organization until it is accepted by an authorized person.
    2. Redirect the message to… The message is not delivered to the original recipient and is redirected to the one defined in the rule.
    3. Add recipients… As the name suggests this action allows you to add more recipients to the message in the ToBcc, or Cc field.

    And I am afraid that all three will not pass Email Gateway for external delivery. Microsoft needs to fix this. We can check at the Ms Exchange forums if someone has a workaround without going for third part solutions as

    Let me know if you find a way.