Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

For those coming from Reflexion, how have you handled the following?

I am wanting to know how prior Reflexion.net users handled the migration to Sophos when they had to deal with hundreds/thousands of  "address on the fly" (AOTF) addresses and no more smarthost send connectors to port 587.

1) The AOTF addresses can be imported but with no quick and easy method to add aliases, how are users handling this?  When you adopted AOTF as a method of account protection, where every company you deal with has their unique alias, so if they get hacked, that email/account is no good anywhere else, no more AOTF is a very significant loss and headache.  I personally have over 1500 aliases and REALLY don't want to give my root address out as a sign on..  This means I have to enter my account, my pw, my 2FA, drill into my account for email, drill into the mailbox, drill into the aliases, then add the new alias.  This is a HUGE amount of work compared to what we used to have at Reflexion.  

How have you and your clients handled this change?  Are there any faster methods than what I described to create aliases with Sophos?

2) How are you handling port 25 being blocked by ISPs for clients that have home offices and host their own mail server?  Sophos doesn't support 587 or 465; only 25.  I've asked and they won't do a firewall redirect/forwarding of 587 to 25.  I'm starting to look at hosted VPN as a possible solution but not sure if this is the best solution.

Suggestions?

Thx,


-Travis



This thread was automatically locked due to age.
Parents
  • On the AOTF, Microsoft and Google both support + addressing by default now. Sophos Central Email also supports Plus (+) addresses. There is no need to create an alias with Plus addressing.

  • We have users who have hundreds of AOTF addresses. The + addressing does not help with this, as they would have to change all of these. Adding them as aliases in Exchange will allow delivery but they still get stuck in the spam filter. Is it possible for Sophos to support this feature as Reflexion did?

  • I had (have) the same issue and what I ended up doing as a "temporary workaround" to be able to function in business is to create 10 Exchange Distribution Groups (DG) to fit all my AOTF aliases in the E-MAIL ADDRESSES tab and put my real email address in the MEMBERS tab.

    How I populated the distribution groups (DG):

    1. I created multiple CSV files with a single line as shown below.  It think I limited myself to about 140 email aliases per line as each DG has a limited number and I wanted to be able to manually add a few to each DG I created if needed.  So I had several such CSV files holding all my AOTF aliases.

    Example AOTF_10.csv file: 
    Set-DistributionGroup “Mailbox_Aliases_DG10” -emailaddresses @{Add='YourMailbox.AOTF_1@yourdomain.com','YourMailbox.AOTF_2@yourdomain.com','YourMailbox.AOTF_###@yourdomain.com'}

    2. I found the below PS script and I would repeat the below for each CSV file I created.

    PowerShell to import above AOTF_10.csv file:
    Import-Csv C:\temp\AOTF_10.csv | ForEach-Object{
    $name = $_.Name
    $proxy = $_.ProxyAddresses -split ';'
    Set-ADGroup -Identity $name -Add @{proxyAddresses= $proxy}
    }


    3. In Exchange Management Console, I added my root email address under MEMBERS for each DG created.

    I want to stress that this is not a good solution but will allow you to receive emails for the AOTF addresses.  You will no longer see which email alias the email came in through because the "TO:" address in Outlook will only show the DG name.  This is huge because if you're dealing with a spammy email alias, you have no quick means to identify and block it like we had with Reflexion as the footer control panel is gone.  

  • Thanks, Travis - that's an interesting idea. I tried creating a distribution list manually using the admin portal, but I wasn't successful in getting mail delivered to the aliases of the distribution list. Is this something that can only be done through PS?

Reply Children
  • In Sophos portal, just import your alias list according to their template.

    As for Exchange, you can enter the aliases in the Exchange Console under the "EMAIL ADDRESSES" tab but it would be one at a time.  PS import  of a CSV is the way to go. 

    To generate your CSV, copy/paste from your AOTF list from Reflexion into Excel and NotePad++ and then manipulated (Search/Replace, etc.) as needed to export to CSV.