Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Sophos Email: Migration from Gateway to Mailflow

Migrating from Central Email Gateway to Mailflow? Here are the documentations that will help:

Set up Sophos Mailflow (Note: Click on the "Existing user" link)

Fix conflicts with Microsoft 365 rules

Prevent duplicate scans

Testing and fixing Sophos Mailflow

If you have implemented Mailflow already, these are the expected entries within the 'Exchange admin center > Rules' page:

For the 'Exchange admin center > Connectors' page, these four entries should be there:

NOTE: if there are other rules on top of these Rules/Connectors, issues might come up. Remember all of these are created automatically by Mailflow mode so the names of the rules usually follow the same format as the above examples. Hence any entries that don't look similar to them, they are usually the culprit and is not of the Mailflow mode configuration.
Example error in NDR message: "5.7.51 TenantInboundAttribution. There is a partner connector configured that matched the message's recipient domain. The connector had either the RestrictDomainsToIPAddresses or RestrictDomainsToCertificate set..."

By the way...

Do not forget to change the MX record from the Sophos MX (mx-xx-xx-xxxx-x.prod.hydra.sophos.com) to the M365 one (for example, yourdomainexample-com.mail.protection.outlook.com) otherwise you might encounter double entries for inbound emails in the Message History or even message flow issues.



Added tags
[edited by: Raphael Alganes at 5:59 AM (GMT -7) on 7 Jun 2023]