I have outbound emails filtered through Sophos and in the outbound gateway I have the ip of the firewall. The client can send emails out normally using outlook. The issue is when we have a mailbox set up to forward mail to a contact through the recipient / mail flow in the exchange admin center the email gets rejected by Sophos.
This is not an issue with the exchange server as it used to work when filtered through Reflexion. The minute we moved to Sophos Email it started to block any forwarded messages. Any help would be appreciated.
Thanks all for the replies. I found out the exact same thing through trial and error. Forwarding via an outlook rule seems to work. Fred_B not sure what version of Exchange your running but I know you had to have outlook open in the past but I set this up with outlook online and it seems to be working without having outlook open. I also thought they were on at least 2016 but it seems to be 2013 with the latest service packs.
Also for anyone running 2013, 2016 or 2019 the ability to allow forwarding to remote domains is disabled by default and your can't change it in the gui. You have to run the following code to enable it:
Set-RemoteDomain Default –AutoForwardEnabled $true
That is of course if your policy is still named default.
So now I just have to determine which mailboxes have forwarding enabled on. Reset the passwords, log in through outlook web and setup the same rule to forward the message which then comes from the mailbox and not the original sender.
So now of course the issue is since the email is no longer sent as the original sender when it goes to their ticketing solution it can't open the ticket as the original sender because it is forwarded as the email account that received it on Exchange :/.
We are using on premise Exchange.
The problem is only with remote domain delivery. You could check if you could set up another email connector to deliver e-mail directly (not via Sophos Email Gateway) for certain autoforwarded email accounts. As LuCar Toni pointed out the receiving remote domain may consider it spam as it can violate SPF and DMARC settings of the original sender.
The issue here seems to be since we have a sender connector set to send all domain emails * outbound to Sophos Email protect this rule will override any other send connectors. So if I added one like for all gmail.com emails send out through directly or through another host the catch all * rule will get it instead and go out through the Sophos connector to mail protect.
A *.gmail.com send connector will take precedence over * You can also set the priority cost lower.
The Send connector that's used to route messages to a recipient is selected during the routing resolution phase of message categorization. The Send connector whose address space most closely matches the recipient's email address, and whose priority value is lowest is selected.