I have outbound emails filtered through Sophos and in the outbound gateway I have the ip of the firewall. The client can send emails out normally using outlook. The issue is when we have a mailbox set up to forward mail to a contact through the recipient / mail flow in the exchange admin center the email gets rejected by Sophos.
This is not an issue with the exchange server as it used to work when filtered through Reflexion. The minute we moved to Sophos Email it started to block any forwarded messages. Any help would be appreciated.
When the forwarded message is internal, Sophos will allow it through.
When the forwarded nessage is external, Sophos will not accept it. The mail log shows no entry of the forwarded e-mail.
This is an intended behavior of Central Email.
The reason is, Exchange somewhat act ugly in a sense.
Because if you do a auto forward on the Exchange, Exchange will forward the email in the name of the original sender. Which means, if somebody is sending you a email from @sophos.com Exchange will try to send this email with "FROM: @sophos.com" which of course breaks with a lot of stuff like SFP etc.
To prevent this blocking and potential blacklisting of Central IPs, CEMA is blocking the email directly.
If you press in Outlook "Forward" the user is sending the email in a "nice manner", which means, the original recipient is the new "sender".
I cannot comment on "why Exchange is doing this". But we tested this several times and cannot get any way of "admin way" to get this forwarding working.
Hi LuCar Toni
Thanks for the update. I guessed that much.
I have it working now with the Outlook rule. Have to check Exchange server Mailflow rules.
JTK In Outlook rules you have an option of forwarding to specific users or groups and forwarding the message to specific users or groups. It might look the same but the first relays the message with the original sender as email sender and the second forwards the message by adding FWD: and the forwarders e-mail adress (the original recipient) as e-mail sender. The difference for Sophos is obvious. The first is relay and not allowed and the second is allowed as it send from a domain email user.
I have to check if Exchange server side has this difference also in the actions when creating a Mailflow rule.
So you can't use the setting in Exchange to autoforward on the mailbox itself. You would have to check if the action in Mailflow rules also has a forward the message action. Another option is sending it autoforward as an attachment.
Outlook needs to be open (RDS session) for rules to work otherwise it won't autoforward.
Exchange Mailflow rules are always on.
The Mailflow rule action option has three options:
And I am afraid that all three will not pass Email Gateway for external delivery. Microsoft needs to fix this. We can check at the Ms Exchange forums if someone has a workaround without going for third part solutions as codetwo.com.
Let me know if you find a way.