Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central E-Mail - S/MIME signed emails are getting invalid

Hey Folks,

we are evaluating Sophos Central E-Mail and experiencing issues with incoming S/MIME signed e-Mails. The Signature is getting invalid, and our security appliance cannot validate the signature/certificate anymore. E-Mails not routet via E-Mail Central from same sender, dont have any issues.

We already created an exception in data control (forward incoming signed e-mails to new gateway) which always applies successfully, but there is still something happening or getting changed on the email.

Are there any issues known with signed e-mails? Or what else can we do?

Thx a lot in advance.

Regards

Peter



This thread was automatically locked due to age.
Parents
  • Hi,

    we have the same problem with smart banners and Time-of-Click Protection enabled...

    Peter

  • There is no option for smartbanners at the moment. You have to disable them completely if you want to get rid of invalid signed emails.
    For TOC there is an option available.

    GES told us TODAY, after turning circles for month with support, there is a feature request open:

    Feature Request ID : CEMA-I-225
    Description of the Feature Request:
    When an incoming email is S/MIME signed and a banner from the email security end-user message is added then the signature is broken. Partner would like to be able to filter S/MIME signed message to apply to a policy without banners without disabling banners from the policy so it can apply for other emails

    We could have saved so much time, if someone told us earlier. instead, a lot of samples, testing, support sessions etc....  :-(

    But i still dont understand, why some signed mails dont get the smart banners and signature is still valid, and others are getting invalid.

Reply
  • There is no option for smartbanners at the moment. You have to disable them completely if you want to get rid of invalid signed emails.
    For TOC there is an option available.

    GES told us TODAY, after turning circles for month with support, there is a feature request open:

    Feature Request ID : CEMA-I-225
    Description of the Feature Request:
    When an incoming email is S/MIME signed and a banner from the email security end-user message is added then the signature is broken. Partner would like to be able to filter S/MIME signed message to apply to a policy without banners without disabling banners from the policy so it can apply for other emails

    We could have saved so much time, if someone told us earlier. instead, a lot of samples, testing, support sessions etc....  :-(

    But i still dont understand, why some signed mails dont get the smart banners and signature is still valid, and others are getting invalid.

Children