Mails sent from alias rejected by gateway.

You need to have the domain, you are using to be verified. 

Both domains are verified in Central.

Otherwise one of the two mails sent from primary email would also be rejected.

So only outbound is affected? Does inbound to those alias addresses work? 

Yes inbound works.

Do you see the Outbound rejected Email in the history log or does it not appear? 

And do you see the alias addresses on the users affected? 

Do you see the Outbound rejected Email in the history log or does it not appear? 

And do you see the alias addresses on the users affected? 

Nothing in the history log.

But confirmed by support that the mail was rejected by Central.

If the alias address was not there I would not be able to receive an email for this address.

I doubt that we can do much to help with this since the case is already with our devs which is a higher tier than whoever can answer in these pages. I can see that inbound emails going to the alias account does not have issues, and that only outbound emails from that account seems affected - its like as if the alias is not recognized as such when sending outbound emails. It is quite a unique issue though as this is the first time I have seen this behavior. 
Has it been tried already to remove the alias and then re-add it? Or perhaps the domain been removed from the domains list and then re-added again? I am just asking for historical info which may help and not recommending this be done if you have not. I keep thinking that something might have gone wrong somewhere in the backend when the domain or alias accounts were being added. OR currently this might even be an expected behavior when it comes to sending emails using aliases - perhaps right now (although it is allowed for inbound somehow) alias accounts needs to be in the same domain as the primary address otherwise it would be rejected. 

This has been tried with three different Sophos Central Dashboards and multiple different domains where two setups have been with on premise Exchange and one with O365.
Therefore, I doubt this has anything to do with the setup of the mail system or the registration of the domains or aliases in Sophos Central. In addition, if I route the outgoing emails through a Sophos Email Appliance they are delivered without problems.
I do not know of any RFC regulation that would restrict the sending of emails from an alias with a different domain then the primary as long as both domains are proper configured (SPF, DKIM, etc.).
My problem is that even the case is with the devs, I have not got any answer (positive or negative) since more than 4 weeks and slowly I am running out of time to solve the problem.
The customer has 15 different domains and approx. 20 mailboxes with each 10 aliases in these domains and needs to be able to send emails from the alias without changing the mailbox.
If I do not find a solution soon I will have to move the customer to a different product.

Hello Gunter,

Thank you for contacting the Sophos Community.

It looks like your case is being investigated under XGE-25462, and already includes a Fix in the current sprint 2022.42.

Regards,

Hello Emmanuel,
Thanks’ for your answer.
Then I will wait for the information from devs when the fix will be implemented. Up until now I have not heard from them.
Kind regards,

send me the case number and dev reference information to tom.foucha+community@sophos.com and I will look into it