Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Verified Answer
  • Replies 2 replies
  • Subscribers 16 subscribers
  • Views 123 views
  • Users 0 members are here
Options
Suggested

Duplicate emails in O365 (or M365) message trace reports.

Slappy

Sorry in advance if this has already been asked/answered before.....

Current Sophos configuration:  we are using Sophos email flow rules for inbound and outbound email.  We are NOT relaying email through Sophos email server.

Everything is working as it should but when pulling message trace logs for users, I have noticed every email is duplicated in the message trace log.  Does not matter if the email is inbound or outbound.  Message trace logs only started doing this since only since we started using Sophos email protection.

Why would this be happening and is there any way to correct this?

Any help greatly appreciated.

Parents
  • +1

    This is correct and perfectly normal. If you are in MFR mailflow mode then when the message arrives at domain-com.protection.outlook.com Microsoft will pass the message to Sophos via a connector (message trace entry #1) for inspection. After Sophos has inspected the message it will return the message to M365 via another connector (message trace entry #2). I believe if you expand out the message trace log you will see this behavior.

Reply
  • +1

    This is correct and perfectly normal. If you are in MFR mailflow mode then when the message arrives at domain-com.protection.outlook.com Microsoft will pass the message to Sophos via a connector (message trace entry #1) for inspection. After Sophos has inspected the message it will return the message to M365 via another connector (message trace entry #2). I believe if you expand out the message trace log you will see this behavior.

Children
Unfiltered HTML