Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 17 subscribers
  • Views 436 views
  • Users 0 members are here
Options
Suggested

Emails Delayed between hops.

Nathan Glassburner

I've been currently trying to figure out why some emails that are being sent out from our ERP system are taking an upwards of 7-10 minutes to be delivered to our companies' mailboxes.  I analyzed one of the last email traces and looked at the time it takes and noticed there are some significant delays between the time its released by mf-inbound-us-west-2.prod.hydra.sophos.com and before it finally hits mail.protection.outlook.com.  Now I'm no mailflow/exchange expert at all, but can anyone explain why there is such a delay between some of the hops for this email to be delivered?  We haven't changed anything, we've set up DKIM, SPF and DMARC with the ERP company (it's the first hop) so those three are passing when I look at the email through Message History.

  1. 08:11:35 -0500 (CDT): Email sent from outbound.dmsi.com.
  2. 13:11:36 +0000 (UTC): Received by DS2PEPF00003443.mail.protection.outlook.com.
  3. 13:11:36 +0000 (UTC): Received by DS7PR03CA0113.outlook.office365.com.
  4. 13:11:36 +0000 (UTC): Received by LV8PR14MB7597.namprd14.prod.outlook.com.
  5. 13:11:40 +0000 (UTC): Received by us2-emailsignatures-cloud.codetwo.com.
  6. 13:11:41 +0000 (UTC): Received by CY4PEPF0000EE30.mail.protection.outlook.com.
  7. 13:11:42 +0000 (UTC): Received by DS7P222CA0010.outlook.office365.com.
  8. 13:11:42 +0000 (UTC): Received by MN6PR14MB7220.namprd14.prod.outlook.com.
  9. 13:11:47 +0000 (UTC): Received by mf-inbound-us-west-2.prod.hydra.sophos.com.
  10. 13:15:05 +0000 (UTC): Received by SJ1PEPF00001CE4.mail.protection.outlook.com.
  11. 13:15:05 +0000 (UTC): Received by BYAPR21CA0012.outlook.office365.com.
  12. 13:15:06 +0000 (UTC): Received by DS0PR14MB5736.namprd14.prod.outlook.com.
  13. 13:18:39 +0000 (UTC): Received by CH3PR14MB6372.namprd14.prod.outlook.com.


Edited TAGs
[edited by: Raphael Alganes at 1:53 PM (GMT -7) on 24 Oct 2024]
Parents Reply Children
  • 0 in reply to Tom Foucha

    Afternoon Tom - The ERP system has been in our company for 20 years, and when we first implemented Sophos, emails were already part of the mail flow.  That's nice to know about the Delay Queue, but I think maybe unrelated to this current issue.  I work with an MSP, and they just updated our mallow rule connects to the new Certificate Based configuration.  I'm still getting user reports telling me it takes anywhere to 3-8 minutes when they request a document through the ERP to be sent via email, until it's delivered to their inbox. Feels like trying to find a needle..

  • 0 in reply to Nathan Glassburner

    Send me a direct email tom[.]foucha[@]sophos[.]com with your domain name and some message headers that I can have someone look into our backend logs. Certificate Based only applies to outbound messages from the domain not inbound. Obviously i can't troubleshoot the ERP SMTP system from time of request but I can look into when we received the message to when we deliver it. One thing I would ask you to inspect is the placement of CodeTwo, that creates loops if not in the correct place in mail rules. Is CodeTwo required for internal emails?

  • 0 in reply to Tom Foucha

    https://www.codetwo.com/userguide/email-signatures-for-office-365/smart-hosts.htm

     If you use a smart host service (such as Barracuda, Proofpoint, Reflexion or Mimecast) for security, archiving or anti-spam protection in your organization, you can integrate it with CodeTwo Email Signatures 365. All you need to do is configure your mail flow so that messages are routed through CodeTwo cloud services (located in Microsoft Azure datacenters) before they reach your smart host.

  • 0 in reply to Tom Foucha

    Tom - will send you a direct email and some message headers here shortly.  As for CodeTwo - we use Sophos with our MS365 only - so not sure if this qualifies as a smart host service besides what would be normal.  Our Code Two Cloud Service gets auto configured during their connection process so I'm assuming that is configured how they wanted (Through he CodeTwo Admin Console its doe the connection with MS365 and builds the mail flow connection and rules)

Unfiltered HTML