MS exchange delivery reports get caught by SG125 as BATV REJECTED

Question

Hi everyone 
 One of our costumers has an SG125 sophos, everything works brilliant. But from since a few days we cannot receive delivery reports to any emails we send. 
 I was checking the mail quarantine and the SMTP log tab states that the "delivered" notification messages are getting Rejected: BATV. 
 I'm in the 9.411-3 firmware now. 
 How can I overcome this issue? 
 Thanks in advance.

Vels · Accepted Answer

Not sure I completely understand the scenario or where the reports originate from, but there is a couple of "rule of thumb" in regard to batv and smtp proxy: 
 
 As far as I recall, if BATV is set to ON but Transparent Mode is OFF, any autorespond messages will get: "Rejected: BATV (Missing, invalid or expired BATV signature)" 
 Don't think you can overcome this unless you configure antispam exceptions for emails originating from the mail server generating the reports, which is almost impossible if they are originating from customers email servers. 
 It's default for most email servers to replace the users email with <null> when talking about out of office and delivery report including NDR's, meaning the message cannot be signed. 
 
 So either this is caused by a change in the email server configuration for delivery reports ( the null thing ) or someone made a change to the smtp proxy making it intercept all internal emails instead of just those outgoing from your mailserver. 
 
 That's the best I can think of at the moment.

BAlfson · Answer

Hi, Nuno, and welcome to the UTM Community! 
 There is a situation where I recommend deselecting 'Use BATV' on the 'Antispam' tab: 
 
 Incoming mail is received by the SMTP Proxy. 
 Outgoing mail is not sent through the SMTP Proxy. This is often the case with externally-hosted email. 
 
 Cheers - Bob