Currently, even if an email fails DKIM verification it is delivered. There should be, at the very least, an option to quarantine emails that aren't successfully verified. Also see https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/112950/dkim-verification/.

It would be interesting some blocking method for e-mail sended from a same address in a small space of time.
Eg: the address bruno@sophos.com sends 1000 email to the protected domain on UTM in 2 seconds.

Remembering that this would not apply to the whole domain but to an speciffy address.

This would be interesting when an email box is hacked and used to send many spams.

It would be nice if it were possible to customize the Spam Report. E.G. to add Blacklist and Delete Buttons.

SOPHOS UTM Mail Protection gives the option for crating exceptions on Email Address / Domain, IP or recipient.

The Email Address which is used for white listening is the ENVELOPE header in the email.

We have the problem, that we have an service, which use Amazon AWS for sending mails. This mails run into the quarantine.
To whitelist, we need to whitelist die AMAZON AWS Envelope domain, which are for all AWS services the same.

Please create an option to choose the header flag – ENVELOPE or FROM field.

Thanks

Change "Encrypt" button in outlook to show when an email is encrypted. Currently it does not give any confirmation when the "Encrypt" button is clicked!

Please make it possible to send a quarantine report directly after receiving a new (blocked) e-mail.

Sometimes it is very important to answer an e-mail as fast as possible. We can't do that, if the Quarantine Report will be sent hours later or even the next day.

With current exim configuration, the "Out Of Office" replies getting rejected by the BATV due to the null return address in the reply. Please add a feature to handle these messages pass through the BATV feature.

Firmware version: 9.601-5

unscannable / encrypted content and file Extension filtering is quarantine only unfortunately.
Please add an option to bounce emails by file extension (e.g. bounce old office formats like .doc, .xls etc.) and to bounce unscannable / encrypted content.

Multiple customers have asked if it's possible that they have a single internal mailbox that requires/forces TLS, so that it denies emails if the recipient doesn't support TLS.
There's already the option for entire domains, but they only want a specific account for the purpose of "secure emails".

I wish to get more information about which RBL or SPAM list has given a positive to tell the senders why they have been rejected.

Not sure if this is in right category. For SPX, currently only the plain text portion of an email is processed and sent as a PDF. The result is an encrypted PDF that looks very much like it was sent in 1990 vs. the formatting provided by HTML. SPX should process HTML portion if it is present then process plain text. Case number is 8594977. Synaman (http://web.synametrics.com/SynaMan.htm) processes the HTML portion and it looks great.

It should be possible to create an exception for encrypted attachments without having to disable the malware scan.

Would like the option to have the quarrantine report weekly, as some users get lot of mailing list type spam, and it gets a bit annoying having the report emailed every day.

Office documents e.G. Word habe specific MIME Types - old .doc documents (application/msword) or new with Macro .docm (application/vnd.ms-word.document.macroEnabled.12) can have Macro, new type .docx (application/vnd.openxmlformats-officedocument.wordprocessingml.document) can not have Macros and are secure!

Sophos Mail Filter makes no difference and send every File in Quarantine.

It would be perfect, if the dangeres Files (.doc and .docm) can go to Quarantine and the safe Files (.docx) send direct to the User.

With Version 9.510-5 there are two Options for SMTP TLS
"Require TLS negotiation/hosts/nets"
"Require TLS negotiation sender domains".

Please add the option to Require TLS negotiation for recipient Domains

I want to appoint the format of the isolation report email from Sophos UTM.
In the case of an HTML form, I am garbled.
I want the format conversion function of the isolation report email.
=========================
Sophos UTMからの隔離レポートメールのフォーマットを指定できるようにしてほしい。
HTML形式の場合、文字化けする。
隔離レポートメールのフォーマット変換機能が欲しい。

I want to appoint an origin of transmission address of the isolation report email from Sophos UTM.
=========================
Sophos UTMからの隔離レポートメールの送信元アドレスを指定できるようにしてほしい。

Dear Sophos Team,

please add an TLS Version selector to the Email Protection settings, like it's already done in "Webserver Protection > WAF > Advanced".

In addition, please add an Ciphersuite Selector, so advanced users can specify further down which ciphersuite ( ECDH-* / DHE-*/ AES-*/ .. / ) they want to use.

When accepting mail messages, the sender mail addresses, the domain part, are not checked for existence. No queries are made as to whether the domain holds an MX record, for example. This should apply to both address fields, envelope and header.
In this way, fake addresses of stations could be avoided.

Kindly provide an official way to close port 25, 467 and 587 to WAN side of UTM aside from creating DNAT blackhole and disabling SMTP proxy (since customer is using this feature for outbound mail only)