Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos email filter blocking certain email attachments, unable to allow through

I currently am trying to allow a URL attached to an email through the filter that is set in my Sophos Central application.  Does anyone have any ideas of where to Allow certain attachments or URLs written in an email? The URL being blocked is the domain creator.zohopublic.com. I am leaving out part of the full URL for security reasons.  I have added the domain creator.zohopublic.com with multiple wildcard (*) placements to the Allow/Block list in Sophos Central, to no avail. 

On a side note: the creator.zohopublic.com domain may have an outdated SPF record, but I am not positive about that. 

Any help is greatly appreciated. 



This thread was automatically locked due to age.
Parents
  • Hello Matt

    Good day and thanks for reaching out to Sophos Community

    Does the said domain's DMARC and DKIM also outdated? If you suspect all of their DNS checks - DMARC, DKIM, SPF records are outdated or they only use one check which is SPF and could be outdated as well. Could you uncheck setting "Enforce Sender Authentication" on the Inbound Allow/Block and see if email would pass through? 

    Many thanks for your time and patience and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hey Raphael,

    Thank you for the response. We were able to update to uncheck the "Enforce Sender Authentication" setting, however, that did not help. We've updated SPF/DMARC/DKIM records on our end to verify that the DNS is not the issue. I've sent an email out to the owner of the domain (Zoho) to seek help, so hopefully they will have some explanation.

    Is there any way to check the logs in Sophos for an answer as to why we are getting the Blocked message notification?

    Or perhaps, is there a place to alter settings so URLs can be sent in an email besides the Inbound Allow/Block?

    Thanks again for your help.

Reply
  • Hey Raphael,

    Thank you for the response. We were able to update to uncheck the "Enforce Sender Authentication" setting, however, that did not help. We've updated SPF/DMARC/DKIM records on our end to verify that the DNS is not the issue. I've sent an email out to the owner of the domain (Zoho) to seek help, so hopefully they will have some explanation.

    Is there any way to check the logs in Sophos for an answer as to why we are getting the Blocked message notification?

    Or perhaps, is there a place to alter settings so URLs can be sent in an email besides the Inbound Allow/Block?

    Thanks again for your help.

Children