Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 17 subscribers
  • Views 3282 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Licensing - Internal Rooms

Stuart James

Sophos licenses a mailbox when it receives an external email.

We have about 20 internal "rooms" in Exchange so it follows that they will only ever receive internal calendar/booking requests, however I found that Sophos had licenses all 20 of those rooms. When I went in and did a mail trace of all email received by the rooms over the past 30 days, this is the result.

So. Sophos sends a welcome email, then picks up that the mailbox has received an external email and then licenses the mailbox.



This thread was automatically locked due to age.
  • 0

     Hi  ,


    Thank you for posting into the Community page

    Please create a Support case and let us know the number.

    This looks like it needs further investigation especially with the License Usage Summary page.

    I would recommend enabling the remote assistance and giving us the UID within the case itself. Thanks!

    Regards,

    Jose

  • 0 in reply to josepalad

    Too late. This bug meant my license number was exceeded, so had to delete and remove all the accounts so the legitimate email accounts had SPAM filtering.

    You should be able to replicate this in your test environment. It's nothing on my side, or with my Sophos Central configuration. Sophos need to change their system so that emails coming from sophos.com don't trigger usage of a license.

  • 0

    So essentially: If a mailbox receive an Email, it will count as a license for 30 days until no Email is arriving anymore. Central itself (the platform) can send an invite code to a mailbox, which is an external email as well, therefore will count as a license.

    This should be given free, if the mailbox does not get any email anymore in the past 30 days. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes, agree with you, it should be given free, but at present Sophos sees that external email from Central and counts that as an external email and licenses the mailbox. This is where it caused a problem for us, because it used up all the licenses and de-licensed legitimate users.

    Worth noting that we are using Mailflow, not Gateway mode, so technically Central will see it as an external email.

    I guess there needs to be a patch to Central so that when it checks incoming email, it ignores licensing if the email comes from sophos.com

  • 0 in reply to Stuart James

    To be honest: You got this once for initial configuration - This should not be send to the Account anymore - Therefore it will disappear. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes, in 30 days. In the meantime I have a real user who doesn't have a license because this room mailbox is using one.

  • 0 in reply to Stuart James

    With the help of my disti, we found a way around this in case anyone else has this problem in the future.

    There is no way to remove a mailbox from Email Security. However, if you go to "People" on the tenant itself and delete all the people who you don't want to consume licenses and then wait up to four hours and Sophos will pick up the change.

    If you'd like to know the exact timing, go in to Email Security, Logs & Reports, Licensing Report and click on the time dropdown next to scan time and it will tell you when it's done scans. They are performed every four hours (within a few minutes)

    Of course, the downside is that that means you've deleted their Sophos Central account completely which may affect other products such as Endpoint Protection, Wireless etc. so be careful in using this approach.

Unfiltered HTML