Sophos Central E-Mail - S/MIME signed emails are getting invalid

Hey Folks,

we are evaluating Sophos Central E-Mail and experiencing issues with incoming S/MIME signed e-Mails. The Signature is getting invalid, and our security appliance cannot validate the signature/certificate anymore. E-Mails not routet via E-Mail Central from same sender, dont have any issues.

We already created an exception in data control (forward incoming signed e-mails to new gateway) which always applies successfully, but there is still something happening or getting changed on the email.

Are there any issues known with signed e-mails? Or what else can we do?

Thx a lot in advance.



Edited tags
[edited by: Raphael Alganes at 2:28 AM (GMT -7) on 30 Jun 2023]
Parents Reply Children
  • There is no option for smartbanners at the moment. You have to disable them completely if you want to get rid of invalid signed emails.
    For TOC there is an option available.

    GES told us TODAY, after turning circles for month with support, there is a feature request open:

    Feature Request ID : CEMA-I-225
    Description of the Feature Request:
    When an incoming email is S/MIME signed and a banner from the email security end-user message is added then the signature is broken. Partner would like to be able to filter S/MIME signed message to apply to a policy without banners without disabling banners from the policy so it can apply for other emails

    We could have saved so much time, if someone told us earlier. instead, a lot of samples, testing, support sessions etc....  :-(

    But i still dont understand, why some signed mails dont get the smart banners and signature is still valid, and others are getting invalid.

  • We have the same problem. Any news about the feature request?

  • I'm having the team scope it out and give me an estimate of what it will take to implement. I will let you know.

    On your question - "i still dont understand, why some signed mails don't get the smart banners and signature is still valid, and others are getting invalid" previously we didn't banner plain text formatted messages. We enhanced the product to add information banners to plain text messages as well.