Since V9.6, the SMTP Proxy listen interface feature is reality. It would be nice if the configured listen interface not include automaticaly also the additional addresses of the selected interface. This is bad for security audits.
Thank you very much.2 votes
SOPHOS UTM Mail Protection gives the option for crating exceptions on Email Address / Domain, IP or recipient.
The Email Address which is used for white listening is the ENVELOPE header in the email.
We have the problem, that we have an service, which use Amazon AWS for sending mails. This mails run into the quarantine.
To whitelist, we need to whitelist die AMAZON AWS Envelope domain, which are for all AWS services the same.
Please create an option to choose the header flag – ENVELOPE or FROM field.
Emails that have blank "To:" field should be filtered.1 vote
I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.3 votes
Multiple customers have asked if it's possible that they have a single internal mailbox that requires/forces TLS, so that it denies emails if the recipient doesn't support TLS.
There's already the option for entire domains, but they only want a specific account for the purpose of "secure emails".2 votes
Office documents e.G. Word habe specific MIME Types - old .doc documents (application/msword) or new with Macro .docm (application/vnd.ms-word.document.macroEnabled.12) can have Macro, new type .docx (application/vnd.openxmlformats-officedocument.wordprocessingml.document) can not have Macros and are secure!
Sophos Mail Filter makes no difference and send every File in Quarantine.
It would be perfect, if the dangeres Files (.doc and .docm) can go to Quarantine and the safe Files (.docx) send direct to the User.3 votes
I want to appoint the format of the isolation report email from Sophos UTM.
In the case of an HTML form, I am garbled.
I want the format conversion function of the isolation report email.
Would like the option to have the quarrantine report weekly, as some users get lot of mailing list type spam, and it gets a bit annoying having the report emailed every day.2 votes
Not sure if this is in right category. For SPX, currently only the plain text portion of an email is processed and sent as a PDF. The result is an encrypted PDF that looks very much like it was sent in 1990 vs. the formatting provided by HTML. SPX should process HTML portion if it is present then process plain text. Case number is 8594977. Synaman (http://web.synametrics.com/SynaMan.htm) processes the HTML portion and it looks great.1 vote
With Version 9.510-5 there are two Options for SMTP TLS
"Require TLS negotiation/hosts/nets"
"Require TLS negotiation sender domains".
Please add the option to Require TLS negotiation for recipient Domains4 votes
Dear Sophos Team,
please add an TLS Version selector to the Email Protection settings, like it's already done in "Webserver Protection > WAF > Advanced".
In addition, please add an Ciphersuite Selector, so advanced users can specify further down which ciphersuite ( ECDH- / DHE-/ AES-*/ .. / ) they want to use.31 votes
We have at the moment customers they send your mails as zip which are password protected. We have the option "Quarantine unscannable and encrypted content" enabled and the mails are correctly moved to quarantine.
But the zip password are always the same. Can you implement a function that we can store the password in the utm and link it to a mail adress? If we receive a mail from *@customer.com so the utm can open the zip file with the stored password (because password is linked to the mail adress) and can scan the content in the zip.4 votes
I want to appoint an origin of transmission address of the isolation report email from Sophos UTM.
Sophos UTMからの隔離レポートメールの送信元アドレスを指定できるようにしてほしい。1 vote
Provide an official way to close port 25, 467 and 587 to WAN side of UTM aside from creating DNAT blackhole and disabling SMTP proxy
Kindly provide an official way to close port 25, 467 and 587 to WAN side of UTM aside from creating DNAT blackhole and disabling SMTP proxy (since customer is using this feature for outbound mail only)7 votes
The passwords of the registered recipients should be included in the backup. During a recovery, users must always re-register.10 votes
When accepting mail messages, the sender mail addresses, the domain part, are not checked for existence. No queries are made as to whether the domain holds an MX record, for example. This should apply to both address fields, envelope and header.
In this way, fake addresses of stations could be avoided.10 votes
Currently only the CLI offers the possibility to find out the reason for marking the mail as spam. Would be nice if this could also be seen in the Mail Manager. It would be even nicer if we were included in the mail header.5 votes
The mail gateway should have an option to append Hyperlink-URLs in brackets after the hyperlink-text so that it is obvious to anyone before
The mail gateway should have an option to modify email contents to append Hyperlink-URLs in brackets after the hyperlink-text so that it is obvious to recipients' before they click that it’s going somewhere dodgy, even on mobiles.4 votes
Currently the TLS certificate seems to only be used for incoming email. Many TLS partners have asked whether it would be possible to present the TLS certificate also for outgoing communication, which is more secure.4 votes
With the "File Extension Filter" in the Malware tab one can only block specific file types, although having a white and black list would be a major benefit from a security perspective. We'd like to see the ability to block all file extensions by default for incoming email in combination with a custom whitelist that let's us decide which file types we would want to allow passing through.3 votes
- Don't see your idea?