Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 17 subscribers
  • Views 5472 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mails sent from alias rejected by gateway.

Günter Gruber

Hello

I am using an on premise exchange server (but the same behavior is with O365).
Scenario/setup:
Exchange 2 domains: domain1.com and domain2.com and setup in Sophos Central with inbound and outbound mail flow through central email and ADSync for users/mailboxes.
2 mailboxes setup with:
Mailbox1: SMTP:primaryemail1@domain1.com, smtp:aliasemail1@domain1.com, smtp:aliasemail1@domain2.com
Mailbox2: SMTP:primaryemail2@domain2.com, smtp:aliasemail2@domain1.com, smtp:aliasemail2@domain2.com

Behavior (email sent to external recipient through Sophos central):
Sent from SMTP:primaryemail1@domain1.com – OK
Sent from smtp:aliasemail1@domain1.com – OK
Sent from smtp:aliasemail1@domain2.com – rejected by Sophos Central
Sent from SMTP:primaryemail2@domain2.com – OK
Sent from smtp:aliasemail2@domain1.com – rejected by Sophos Central
Sent from smtp:aliasemail2@domain2.com – OK

Conclusion:
If I send an email from an alias address which has a different domain then the primary address then Sophos Central is rejecting the email and not delivering it to the final recipient even both domains are set up in Sophos Central.

I have a support case (05321938) open since 06/2022 about this problem, but no solution has been found.
Has anyone run into the same problem and found a solution for it?

Thanks’ with kind regards.
Günter



Added tags
[edited by: Raphael Alganes at 11:05 AM (GMT -7) on 2 Jun 2023]
Parents Reply Children
  • 0 in reply to LuCar Toni

    Nothing in the history log.

    But confirmed by support that the mail was rejected by Central.

    If the alias address was not there I would not be able to receive an email for this address.

  • 0 in reply to Günter Gruber

    I doubt that we can do much to help with this since the case is already with our devs which is a higher tier than whoever can answer in these pages. I can see that inbound emails going to the alias account does not have issues, and that only outbound emails from that account seems affected - its like as if the alias is not recognized as such when sending outbound emails. It is quite a unique issue though as this is the first time I have seen this behavior. 
    Has it been tried already to remove the alias and then re-add it? Or perhaps the domain been removed from the domains list and then re-added again? I am just asking for historical info which may help and not recommending this be done if you have not. I keep thinking that something might have gone wrong somewhere in the backend when the domain or alias accounts were being added. OR currently this might even be an expected behavior when it comes to sending emails using aliases - perhaps right now (although it is allowed for inbound somehow) alias accounts needs to be in the same domain as the primary address otherwise it would be rejected. 

  • 0 in reply to josepalad

    This has been tried with three different Sophos Central Dashboards and multiple different domains where two setups have been with on premise Exchange and one with O365.
    Therefore, I doubt this has anything to do with the setup of the mail system or the registration of the domains or aliases in Sophos Central. In addition, if I route the outgoing emails through a Sophos Email Appliance they are delivered without problems.
    I do not know of any RFC regulation that would restrict the sending of emails from an alias with a different domain then the primary as long as both domains are proper configured (SPF, DKIM, etc.).
    My problem is that even the case is with the devs, I have not got any answer (positive or negative) since more than 4 weeks and slowly I am running out of time to solve the problem.
    The customer has 15 different domains and approx. 20 mailboxes with each 10 aliases in these domains and needs to be able to send emails from the alias without changing the mailbox.
    If I do not find a solution soon I will have to move the customer to a different product.

  • 0 in reply to Günter Gruber

    Hello Gunter,

    Thank you for contacting the Sophos Community.

    It looks like your case is being investigated under XGE-25462, and already includes a Fix in the current sprint 2022.42.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hello Emmanuel,
    Thanks’ for your answer.
    Then I will wait for the information from devs when the fix will be implemented. Up until now I have not heard from them.
    Kind regards,

  • 0 in reply to Günter Gruber

    send me the case number and dev reference information to tom.foucha+community@sophos.com and I will look into it

Unfiltered HTML