With current exim configuration, the "Out Of Office" replies getting rejected by the BATV due to the null return address in the reply. Please add a feature to handle these messages pass through the BATV feature.

Hello!

At this moment SEA and UTM support the limited number of Languages

https://docs.sophos.com/msg/sea/help/en-us/msg/sea/concepts/ConfigPolEncryptSPXMain.html?hl=spx%2Clanguage

We highly need the support of Russian and Azerbaijani languages in PDF, this need for tens of thousands users.
It's one of the killer features in SEA / UTM.

Dear Sophos Team,

please add an TLS Version selector to the Email Protection settings, like it's already done in "Webserver Protection > WAF > Advanced".

In addition, please add an Ciphersuite Selector, so advanced users can specify further down which ciphersuite ( ECDH-* / DHE-*/ AES-*/ .. / ) they want to use.

With Version 9.510-5 there are two Options for SMTP TLS
"Require TLS negotiation/hosts/nets"
"Require TLS negotiation sender domains".

Please add the option to Require TLS negotiation for recipient Domains

Would be nice when the quarantine report for blocked outgoing mails looks like the reports for blocked incoming mails.

Most users in my experience don't notice that plain text mails as important or will delete it immediately because it looks like spam.

Add export to Allow/Block list administration. Need an easy way to consolidate User level allow/block rules to Enterprise level. Reflexion can get confused when multiple records are defined at Enterprise/User level for domain and specific emails.

after acitvating SPX, the external mail adress should be automatically added to a whitelist, so that this user can reply to those mails directly and append also encrypted pdfs.
or/and: if the answer is encrypted with the same password, the system could even check the entire mail

Sofern eine Verifikation einer Signatur fehlschlägt sollte über einen Schalter der Empfang und Weiterbearbeitung dieser Mail abgelehnt werden können.
Der Empfänger kann dann über den Spamdienst benachrichtigt werden, dass eine verschlüsselte oder signierte Mail vorliegt, deren Echtheit nicht bestätigt werden kann.

SPX is breaking down mailformat in corporate design (html-body) and convert ordinary text to pdf.

WYSI NOT WYG!

With the "File Extension Filter" in the Malware tab one can only block specific file types, although having a white and black list would be a major benefit from a security perspective. We'd like to see the ability to block all file extensions by default for incoming email in combination with a custom whitelist that let's us decide which file types we would want to allow passing through.

Currently only the CLI offers the possibility to find out the reason for marking the mail as spam. Would be nice if this could also be seen in the Mail Manager. It would be even nicer if we were included in the mail header.

We have at the moment customers they send your mails as zip which are password protected. We have the option "Quarantine unscannable and encrypted content" enabled and the mails are correctly moved to quarantine.

But the zip password are always the same. Can you implement a function that we can store the password in the utm and link it to a mail adress? If we receive a mail from *@customer.com so the utm can open the zip file with the stored password (because password is linked to the mail adress) and can scan the content in the zip.

Kindly provide an official way to close port 25, 467 and 587 to WAN side of UTM aside from creating DNAT blackhole and disabling SMTP proxy (since customer is using this feature for outbound mail only)

The mail gateway should have an option to modify email contents to append Hyperlink-URLs in brackets after the hyperlink-text so that it is obvious to recipients' before they click that it’s going somewhere dodgy, even on mobiles.

Obviously the add-in registered a callback on the "onNewItem" event and save the new object to the draft-folder! If you save your closing mail or not has no effect - because it will be saved anyway. Sophos is storing the new mail immediately after creation in the draft-folder! Why? This is unnecessary blowing up my folder.

it would be nice that you integrate a function, tht admins will be informed when a SPX receiver has not finish the registration porcess. This will save a lot of time.

It will be great if there is a feature that allows admin to create an alert to alert him when there are differed messages queued.

the ability to schedule and export search results in the email appliance "search" section to excel or similar format AND send it via e-mail to an smtp address

When accepting mail messages, the sender mail addresses, the domain part, are not checked for existence. No queries are made as to whether the domain holds an MX record, for example. This should apply to both address fields, envelope and header.
In this way, fake addresses of stations could be avoided.

Currently the TLS certificate seems to only be used for incoming email. Many TLS partners have asked whether it would be possible to present the TLS certificate also for outgoing communication, which is more secure.