This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mails sent from alias rejected by gateway.

Hello

I am using an on premise exchange server (but the same behavior is with O365).
Scenario/setup:
Exchange 2 domains: domain1.com and domain2.com and setup in Sophos Central with inbound and outbound mail flow through central email and ADSync for users/mailboxes.
2 mailboxes setup with:
Mailbox1: SMTP:primaryemail1@domain1.com, smtp:aliasemail1@domain1.com, smtp:aliasemail1@domain2.com
Mailbox2: SMTP:primaryemail2@domain2.com, smtp:aliasemail2@domain1.com, smtp:aliasemail2@domain2.com

Behavior (email sent to external recipient through Sophos central):
Sent from SMTP:primaryemail1@domain1.com – OK
Sent from smtp:aliasemail1@domain1.com – OK
Sent from smtp:aliasemail1@domain2.com – rejected by Sophos Central
Sent from SMTP:primaryemail2@domain2.com – OK
Sent from smtp:aliasemail2@domain1.com – rejected by Sophos Central
Sent from smtp:aliasemail2@domain2.com – OK

Conclusion:
If I send an email from an alias address which has a different domain then the primary address then Sophos Central is rejecting the email and not delivering it to the final recipient even both domains are set up in Sophos Central.

I have a support case (05321938) open since 06/2022 about this problem, but no solution has been found.
Has anyone run into the same problem and found a solution for it?

Thanks’ with kind regards.
Günter



This thread was automatically locked due to age.
  • You need to have the domain, you are using to be verified. 

    __________________________________________________________________________________________________________________

  • Both domains are verified in Central.

    Otherwise one of the two mails sent from primary email would also be rejected.

  • So only outbound is affected? Does inbound to those alias addresses work? 

    __________________________________________________________________________________________________________________

  • Do you see the Outbound rejected Email in the history log or does it not appear? 

    And do you see the alias addresses on the users affected? 

    __________________________________________________________________________________________________________________

  • Nothing in the history log.

    But confirmed by support that the mail was rejected by Central.

    If the alias address was not there I would not be able to receive an email for this address.

  • I doubt that we can do much to help with this since the case is already with our devs which is a higher tier than whoever can answer in these pages. I can see that inbound emails going to the alias account does not have issues, and that only outbound emails from that account seems affected - its like as if the alias is not recognized as such when sending outbound emails. It is quite a unique issue though as this is the first time I have seen this behavior. 
    Has it been tried already to remove the alias and then re-add it? Or perhaps the domain been removed from the domains list and then re-added again? I am just asking for historical info which may help and not recommending this be done if you have not. I keep thinking that something might have gone wrong somewhere in the backend when the domain or alias accounts were being added. OR currently this might even be an expected behavior when it comes to sending emails using aliases - perhaps right now (although it is allowed for inbound somehow) alias accounts needs to be in the same domain as the primary address otherwise it would be rejected. 

  • This has been tried with three different Sophos Central Dashboards and multiple different domains where two setups have been with on premise Exchange and one with O365.
    Therefore, I doubt this has anything to do with the setup of the mail system or the registration of the domains or aliases in Sophos Central. In addition, if I route the outgoing emails through a Sophos Email Appliance they are delivered without problems.
    I do not know of any RFC regulation that would restrict the sending of emails from an alias with a different domain then the primary as long as both domains are proper configured (SPF, DKIM, etc.).
    My problem is that even the case is with the devs, I have not got any answer (positive or negative) since more than 4 weeks and slowly I am running out of time to solve the problem.
    The customer has 15 different domains and approx. 20 mailboxes with each 10 aliases in these domains and needs to be able to send emails from the alias without changing the mailbox.
    If I do not find a solution soon I will have to move the customer to a different product.

  • Hello Gunter,

    Thank you for contacting the Sophos Community.

    It looks like your case is being investigated under XGE-25462, and already includes a Fix in the current sprint 2022.42.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello Emmanuel,
    Thanks’ for your answer.
    Then I will wait for the information from devs when the fix will be implemented. Up until now I have not heard from them.
    Kind regards,