Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central migrated SMIME EMAIL security policies do not work any longer

Dear community,

in our Sophos Central administration we noticed since 10.02.23 in EMAIL SECURITY, that Sophos migrated the SMIME policies for users, grouops and domains to a new section / category.

since 10.02.23 the SMIME policies do not work any longer, although we have activated the basic SMIME settings in "Settings".
The result is that the inbound Emails from partners are not recognized as SMIME and decrypted any longer . 
the EMAIL smtp logfile shows no SMIME Activity any longer when email is processed.

does anyone else in Europe have this error ?

We are quite in need of a solution for this, because we would have to inform all partners to turn off their automatic attachment of our SMIME public certs until Sophos Central starts to work again...

best regards

Matthias Edler

IT Dept. / hamburg



This thread was automatically locked due to age.
Parents
  • Dear admins, Dear Sophos support,

    I would llike to close this topic  -  Meanwhile we have been created a Sophos Ticket which has been sent to 3rd level support / Developers, which has been closed already.

    It was reported by Sophos support,  that any SMIME policies do not work against EMail accounts marked as "Distribution List" any longer.
    Last support msg (09.05.2023) was that SMIME should work against Distrubtion lists as well now, but we never got to test this scenario.

    Our final solution was to re -create all email accounts which were marked as "Distribution List" and make new "User" related mailboxes and entries.
    Even for our shared mailboxes / team email we were creating user-based  "People" and "EMail inbox".  Since Sophos wants a license per Mailbox, disregarding if it is a real user or a shared mailbox, it did not matter anyway to have these Email inboxes.

    this issue we have seen since the changes in the policy adminstration -  separation of Data / Security / Content policies in the admin dashboard.

    We were facing this issue, because we imported User / Email lists from Active Directory one-time,  to make our migration to Sophos cloud protection easier.
    While doing this , Sophos recognized some addresses as "Distribution Lists" from Acttive Directory and left them on this status.
    In the beginning, we were not aware of this and - did not know howto properly delete and re-create user accounts / mailbox in Sophos Central and after the Policy change in February we faced this failures.

    we wanted to share our gained knowledge with the community.
    Thanks everyone for contributing solutions, feedback and input to these forums.


    Summary
    From what we learned now,  Mailbox protection is best to have on "User mailbox" (shown by the icon in front of the email list) 
    If you need to change this, you need to first delete and recreate the user account + mailbox 
    All policies will work , either basic or self-generated.  If one policy is hit by an emali , other policies below in the list will not be executed.

    EMail Aliases per mailbox are used by sophos protection fully transparent, but if you want to catch Alias addresses your target system (if there exists) must handle the incoming alias adress as well , sophos does not automatically translate this.

    you definitely need 1 license per email address, disregarding if a team address / shared mailbox or single user.
    Email address  that is not licensed, will appear in the reports -> license report list on the right side and will not be protected ( please correct me if i am wrong here )
    this means it will have no policies applied either, including SMIME policies.
    the list of EMail Addresses in this report  is like a  "live" monitoring from Sophos Central and represents the real set of your incoming and outgoing EMail . it is updated every xx hours.  (did not find clear KB information about this )

Reply
  • Dear admins, Dear Sophos support,

    I would llike to close this topic  -  Meanwhile we have been created a Sophos Ticket which has been sent to 3rd level support / Developers, which has been closed already.

    It was reported by Sophos support,  that any SMIME policies do not work against EMail accounts marked as "Distribution List" any longer.
    Last support msg (09.05.2023) was that SMIME should work against Distrubtion lists as well now, but we never got to test this scenario.

    Our final solution was to re -create all email accounts which were marked as "Distribution List" and make new "User" related mailboxes and entries.
    Even for our shared mailboxes / team email we were creating user-based  "People" and "EMail inbox".  Since Sophos wants a license per Mailbox, disregarding if it is a real user or a shared mailbox, it did not matter anyway to have these Email inboxes.

    this issue we have seen since the changes in the policy adminstration -  separation of Data / Security / Content policies in the admin dashboard.

    We were facing this issue, because we imported User / Email lists from Active Directory one-time,  to make our migration to Sophos cloud protection easier.
    While doing this , Sophos recognized some addresses as "Distribution Lists" from Acttive Directory and left them on this status.
    In the beginning, we were not aware of this and - did not know howto properly delete and re-create user accounts / mailbox in Sophos Central and after the Policy change in February we faced this failures.

    we wanted to share our gained knowledge with the community.
    Thanks everyone for contributing solutions, feedback and input to these forums.


    Summary
    From what we learned now,  Mailbox protection is best to have on "User mailbox" (shown by the icon in front of the email list) 
    If you need to change this, you need to first delete and recreate the user account + mailbox 
    All policies will work , either basic or self-generated.  If one policy is hit by an emali , other policies below in the list will not be executed.

    EMail Aliases per mailbox are used by sophos protection fully transparent, but if you want to catch Alias addresses your target system (if there exists) must handle the incoming alias adress as well , sophos does not automatically translate this.

    you definitely need 1 license per email address, disregarding if a team address / shared mailbox or single user.
    Email address  that is not licensed, will appear in the reports -> license report list on the right side and will not be protected ( please correct me if i am wrong here )
    this means it will have no policies applied either, including SMIME policies.
    the list of EMail Addresses in this report  is like a  "live" monitoring from Sophos Central and represents the real set of your incoming and outgoing EMail . it is updated every xx hours.  (did not find clear KB information about this )

Children
No Data