Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

For those coming from Reflexion, how have you handled the following?

I am wanting to know how prior users handled the migration to Sophos when they had to deal with hundreds/thousands of  "address on the fly" (AOTF) addresses and no more smarthost send connectors to port 587.

1) The AOTF addresses can be imported but with no quick and easy method to add aliases, how are users handling this?  When you adopted AOTF as a method of account protection, where every company you deal with has their unique alias, so if they get hacked, that email/account is no good anywhere else, no more AOTF is a very significant loss and headache.  I personally have over 1500 aliases and REALLY don't want to give my root address out as a sign on..  This means I have to enter my account, my pw, my 2FA, drill into my account for email, drill into the mailbox, drill into the aliases, then add the new alias.  This is a HUGE amount of work compared to what we used to have at Reflexion.  

How have you and your clients handled this change?  Are there any faster methods than what I described to create aliases with Sophos?

2) How are you handling port 25 being blocked by ISPs for clients that have home offices and host their own mail server?  Sophos doesn't support 587 or 465; only 25.  I've asked and they won't do a firewall redirect/forwarding of 587 to 25.  I'm starting to look at hosted VPN as a possible solution but not sure if this is the best solution.




This thread was automatically locked due to age.
  • Let me check but port 587 was being opened last week. I need to see if that got completed. Today was US holiday will check tonight/tomorrow and update.

  • I can't tell you how glad this would make me.  If you have access to tickets, check out 85098.  Last Saturday (2/18), I was told Sophos (correctly) only supports 25 and no hint of 587 being a possibility.  Only to put in a feature request (for the 2nd time).

    So looking forward to your update.


  • Starting Friday of this week it will have been deployed globally so port 587 will be available for use.

  • On the AOTF, Microsoft and Google both support + addressing by default now. Sophos Central Email also supports Plus (+) addresses. There is no need to create an alias with Plus addressing.


    Thank you!

  • This is great news, too, provided sites will take a "+" during sign-up.  Time will tell.

    I really appreciate you and your information.

  • Please test and let me know if it is working for you. I can see port 587 open in my region US-West so it is likely open now globally.

  • I can confirm that I am connecting on 587, now.  I can also send email successfully. 

    My only remaining issue is sporatic email receiption such at that  "some" domains have always been able to deliver while "other" domains cannot.  I have a different case (06212872) open about this with a mention of the number of aliases (over 1,500) in use.  Perhaps an export/import error (non-printable character kind of thing) causing issue.  But to combat this thought, the amount of mail I usually get doesn't show in the dashboard logs for disposition.  MX record propagation would have long completed by now.

    I'm estatic about 587 working, though!!!

  • We have users who have hundreds of AOTF addresses. The + addressing does not help with this, as they would have to change all of these. Adding them as aliases in Exchange will allow delivery but they still get stuck in the spam filter. Is it possible for Sophos to support this feature as Reflexion did?

  • I had (have) the same issue and what I ended up doing as a "temporary workaround" to be able to function in business is to create 10 Exchange Distribution Groups (DG) to fit all my AOTF aliases in the E-MAIL ADDRESSES tab and put my real email address in the MEMBERS tab.

    How I populated the distribution groups (DG):

    1. I created multiple CSV files with a single line as shown below.  It think I limited myself to about 140 email aliases per line as each DG has a limited number and I wanted to be able to manually add a few to each DG I created if needed.  So I had several such CSV files holding all my AOTF aliases.

    Example AOTF_10.csv file: 
    Set-DistributionGroup “Mailbox_Aliases_DG10” -emailaddresses @{Add='','',''}

    2. I found the below PS script and I would repeat the below for each CSV file I created.

    PowerShell to import above AOTF_10.csv file:
    Import-Csv C:\temp\AOTF_10.csv | ForEach-Object{
    $name = $_.Name
    $proxy = $_.ProxyAddresses -split ';'
    Set-ADGroup -Identity $name -Add @{proxyAddresses= $proxy}

    3. In Exchange Management Console, I added my root email address under MEMBERS for each DG created.

    I want to stress that this is not a good solution but will allow you to receive emails for the AOTF addresses.  You will no longer see which email alias the email came in through because the "TO:" address in Outlook will only show the DG name.  This is huge because if you're dealing with a spammy email alias, you have no quick means to identify and block it like we had with Reflexion as the footer control panel is gone.