This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

additional Mail addresses/ Old, but noch exist User/ Blacklist Button

Hello, everyone,

I’m having now  a Sophos SG230 in operation. However, I’m having still few questions:

 

  1. Some users have several e-mail addresses with us.

    givenname.surname@domain.com
    surname.givenname@domain.com
    Dr.surname.givenname@domain.com

    I have noticed that from time to time a mail from Dr.surname.givenname@domain.com ends up in the quarantine report.
    For additional email addresses, all email addresses are entered (comes through AD authentication) However, as soon as the user logs in, the optional email address dr.surname.givenname@domain.com disappears from the Webadmin Portal Additional Emailaddress. 
    After a prefetch, the e-mail address can be found again under Additional Mail Address.
    Is anyone aware of this problem?

     

  2. old employees appear in the Mail Manager who no longer exist in the AD.
    They are still receiving emails from Sophos, although these mail addresses are no longer present in Exchange.
    Verified by the following Powershell script: 

    get-recipient -results unlimited | where {$_.emailaddresses -match "user@domain.com"} | select name,emailaddresses,recipienttype  

    Sophos will then try to deliver the mail to the old employee and Exchange will send a mail to do-not-reply@fw-notify.net

    The error Message is  "Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found'"

    Telnet : 

    MAIL FROM: existuser@***x.com

    250 sender ok

    RCPT TO: notexistuser@***.com

    550 5.1.1 user unknown

    I have also encountered the following link: 

    https://community.sophos.com/products/unified-threat-management/f/general-discussion/21138/quarantine-report-to-old-non-existent-email-users 

    Unfortunately I cannot find a solution here.
    Can anyone help me with that?

 

 

       3. my users also want a button for blacklist and a button to delete in the quarantine report.

           Is there a function that I overlooked in the meantime?

 



This thread was automatically locked due to age.
  • Nobody have any ideas?

    Best regards

    Patrick Ebert

  • Hallo Patrick and welcome to the UTM Community!

    3. There's a 'Blacklist' tab in the User Portal.

    I've moved your thread to the Mail Protection forum.  Please ask your other questions in separate, appropriately titled threads in that forum (one topic per thread).  Also, a picture of what you're seeing would help us to understand precisely what issues you're having.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I don't know UTM internals, but the cause seems pretty evident.

    • You have UTM local user accounts that are linked to backend Active Directory accounts
    • You manually add the alias information into UTM.
    • The user login causes UTM to resync with Active Directory, which does not contain the secondary addresses.
    • UTM overwrites the local user record with the information obtained from Active Directory.

    Based on this scenario, the solution is to add the additional names into Exchange as additional SMTP addresses.

  • BAlfson said:

    Hallo Patrick and welcome to the UTM Community!

    3. There's a 'Blacklist' tab in the User Portal.

    I've moved your thread to the Mail Protection forum.  Please ask your other questions in separate, appropriately titled threads in that forum (one topic per thread).  Also, a picture of what you're seeing would help us to understand precisely what issues you're having.

    Cheers - Bob

     

     

    yes you are right, but our users are too lazy to log in to the user portal and would like to have the buttons in the Sophos quarantine report mail.

    I have replied to this question under the following link:

    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/109721/blacklist-und-delete-button-in-mail-quarantane-report

  • DouglasFoster said:

    I don't know UTM internals, but the cause seems pretty evident.

    • You have UTM local user accounts that are linked to backend Active Directory accounts
    • You manually add the alias information into UTM.
    • The user login causes UTM to resync with Active Directory, which does not contain the secondary addresses.
    • UTM overwrites the local user record with the information obtained from Active Directory.

    Based on this scenario, the solution is to add the additional names into Exchange as additional SMTP addresses.

     

     

    No, that's not quite right.
    I have the users synchronized via the Active Directory.
    I have opened a new post with pictures for this question.

    The Follwing Link describe this problem:

    community.sophos.com/.../additional-mail-addresses