Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 17 subscribers
  • Views 5328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Header Anomaly - two different mailserver - same domain

Speedfish

is there a way to verify a 2nd mailserver as trusted without getting header anomaly triggered?

We got an external mail service (Amazon SES) for sending mail batches for newsletter etc.
Some of those mails will be send towards internal which tiggers a header anomaly in sophos central caused by the same domain and two different mailservers.

Our goal is that we wanna harden our mail base policy and send these mails header anomaly into quarantine.

Internal Mailserver: @abc123.com
External Mailserver: newsletter@abc123.com

We configured DKIM aswell but it won't get rid of header anomaly internally.

Any ideas how to solve or improve our settings?

Thanks for your input



This thread was automatically locked due to age.
Parents
  • 0

    There are a number of ways to handle this. Easiest and the way I would recommend is create a separate Email Security policy where the sender is newletter@abc123.com in the External tab and turn off Header Anomaly for that policy. The only time that policy will match is when the sender is newsletter@abc123.com.

Reply
  • 0

    There are a number of ways to handle this. Easiest and the way I would recommend is create a separate Email Security policy where the sender is newletter@abc123.com in the External tab and turn off Header Anomaly for that policy. The only time that policy will match is when the sender is newsletter@abc123.com.

Children
Unfiltered HTML