Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central E-Mail - S/MIME signed emails are getting invalid

Hey Folks,

we are evaluating Sophos Central E-Mail and experiencing issues with incoming S/MIME signed e-Mails. The Signature is getting invalid, and our security appliance cannot validate the signature/certificate anymore. E-Mails not routet via E-Mail Central from same sender, dont have any issues.

We already created an exception in data control (forward incoming signed e-mails to new gateway) which always applies successfully, but there is still something happening or getting changed on the email.

Are there any issues known with signed e-mails? Or what else can we do?

Thx a lot in advance.

Regards

Peter



This thread was automatically locked due to age.
Parents
  • Same problem at our end with enabled Smart Banners and Time-of-Click Protection. Will probably always be the case as soon as Sophos changes anything in the content of the email. It could be possible that the last mile to the email client has to be re-signed. Just like the firewall does with SSL connections.

Reply
  • Same problem at our end with enabled Smart Banners and Time-of-Click Protection. Will probably always be the case as soon as Sophos changes anything in the content of the email. It could be possible that the last mile to the email client has to be re-signed. Just like the firewall does with SSL connections.

Children
  • Time-Of-Click Protection is a good point, as well. Didnt thought about that.

    nevertheless, i dont get it why there are some emails which are valid and neither smartbanners and TOC-Protection are applied, and others not. Sophos just needs to apply a rule in the backend, that signed emails will never get touched and stay unchanged. i dont want to create an exception again for senders which send signed emails.

  • there is an option for disabling the rewriting - totally overseen this:

    There should be an additional info that securely signed messages will get altered and getting an invalid signature.

    This Option should be available for SmartBanners too.