I am using an on premise exchange server (but the same behavior is with O365).Scenario/setup:Exchange 2 domains: domain1.com and domain2.com and setup in Sophos Central with inbound and outbound mail flow through central email and ADSync for users/mailboxes.2 mailboxes setup with:Mailbox1: SMTP:firstname.lastname@example.org, smtp:email@example.com, smtp:firstname.lastname@example.orgMailbox2: SMTP:email@example.com, smtp:firstname.lastname@example.org, smtp:email@example.comBehavior (email sent to external recipient through Sophos central):Sent from SMTP:firstname.lastname@example.org – OKSent from smtp:email@example.com – OKSent from smtp:firstname.lastname@example.org – rejected by Sophos CentralSent from SMTP:email@example.com – OKSent from smtp:firstname.lastname@example.org – rejected by Sophos CentralSent from smtp:email@example.com – OKConclusion:If I send an email from an alias address which has a different domain then the primary address then Sophos Central is rejecting the email and not delivering it to the final recipient even both domains are set up in Sophos Central.I have a support case (05321938) open since 06/2022 about this problem, but no solution has been found.Has anyone run into the same problem and found a solution for it?Thanks’ with kind regards.Günter
You need to have the domain, you are using to be verified.
Both domains are verified in Central.
Otherwise one of the two mails sent from primary email would also be rejected.
So only outbound is affected? Does inbound to those alias addresses work?
Yes inbound works.
Do you see the Outbound rejected Email in the history log or does it not appear?
And do you see the alias addresses on the users affected?
Nothing in the history log.
But confirmed by support that the mail was rejected by Central.
If the alias address was not there I would not be able to receive an email for this address.
I doubt that we can do much to help with this since the case is already with our devs which is a higher tier than whoever can answer in these pages. I can see that inbound emails going to the alias account does not have issues, and that only outbound emails from that account seems affected - its like as if the alias is not recognized as such when sending outbound emails. It is quite a unique issue though as this is the first time I have seen this behavior. Has it been tried already to remove the alias and then re-add it? Or perhaps the domain been removed from the domains list and then re-added again? I am just asking for historical info which may help and not recommending this be done if you have not. I keep thinking that something might have gone wrong somewhere in the backend when the domain or alias accounts were being added. OR currently this might even be an expected behavior when it comes to sending emails using aliases - perhaps right now (although it is allowed for inbound somehow) alias accounts needs to be in the same domain as the primary address otherwise it would be rejected.
This has been tried with three different Sophos Central Dashboards and multiple different domains where two setups have been with on premise Exchange and one with O365.Therefore, I doubt this has anything to do with the setup of the mail system or the registration of the domains or aliases in Sophos Central. In addition, if I route the outgoing emails through a Sophos Email Appliance they are delivered without problems.I do not know of any RFC regulation that would restrict the sending of emails from an alias with a different domain then the primary as long as both domains are proper configured (SPF, DKIM, etc.).My problem is that even the case is with the devs, I have not got any answer (positive or negative) since more than 4 weeks and slowly I am running out of time to solve the problem.The customer has 15 different domains and approx. 20 mailboxes with each 10 aliases in these domains and needs to be able to send emails from the alias without changing the mailbox.If I do not find a solution soon I will have to move the customer to a different product.
Thank you for contacting the Sophos Community.
It looks like your case is being investigated under XGE-25462, and already includes a Fix in the current sprint 2022.42.
Hello Emmanuel,Thanks’ for your answer.Then I will wait for the information from devs when the fix will be implemented. Up until now I have not heard from them.Kind regards,