Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • Replies 17 replies
  • Answers 3 answers
  • Subscribers 20 subscribers
  • Views 14024 views
  • Users 0 members are here
Options
Suggested

Sophos Central E-Mail - S/MIME signed emails are getting invalid

Peter Riederer

Hey Folks,

we are evaluating Sophos Central E-Mail and experiencing issues with incoming S/MIME signed e-Mails. The Signature is getting invalid, and our security appliance cannot validate the signature/certificate anymore. E-Mails not routet via E-Mail Central from same sender, dont have any issues.

We already created an exception in data control (forward incoming signed e-mails to new gateway) which always applies successfully, but there is still something happening or getting changed on the email.

Are there any issues known with signed e-mails? Or what else can we do?

Thx a lot in advance.

Regards

Peter



Edited tags
[edited by: Raphael Alganes at 2:28 AM (GMT -7) on 30 Jun 2023]
Parents
  • 0

    Hi,

    we have the same problem with smart banners and Time-of-Click Protection enabled...

    Peter

  • 0 in reply to Peter Geiger

    There is no option for smartbanners at the moment. You have to disable them completely if you want to get rid of invalid signed emails.
    For TOC there is an option available.

    GES told us TODAY, after turning circles for month with support, there is a feature request open:

    Feature Request ID : CEMA-I-225
    Description of the Feature Request:
    When an incoming email is S/MIME signed and a banner from the email security end-user message is added then the signature is broken. Partner would like to be able to filter S/MIME signed message to apply to a policy without banners without disabling banners from the policy so it can apply for other emails

    We could have saved so much time, if someone told us earlier. instead, a lot of samples, testing, support sessions etc....  :-(

    But i still dont understand, why some signed mails dont get the smart banners and signature is still valid, and others are getting invalid.

Reply
  • 0 in reply to Peter Geiger

    There is no option for smartbanners at the moment. You have to disable them completely if you want to get rid of invalid signed emails.
    For TOC there is an option available.

    GES told us TODAY, after turning circles for month with support, there is a feature request open:

    Feature Request ID : CEMA-I-225
    Description of the Feature Request:
    When an incoming email is S/MIME signed and a banner from the email security end-user message is added then the signature is broken. Partner would like to be able to filter S/MIME signed message to apply to a policy without banners without disabling banners from the policy so it can apply for other emails

    We could have saved so much time, if someone told us earlier. instead, a lot of samples, testing, support sessions etc....  :-(

    But i still dont understand, why some signed mails dont get the smart banners and signature is still valid, and others are getting invalid.

Children
Unfiltered HTML