I would like to have the UTM generating reports by grabbing the emails sent as aggragate reports so you would not have to setup agari or such

If users in absence receive e-mail which will be blocked / quarantined by spam engine, sender will not informed about the absence by out of office reply since no incoming e-Mail will trigger the send out of the reply. Would be great to have a solution for that issue.

Outlook add-in so users can add senders to their blacklist on the local XG. (somebody has previously suggested an add-in for reporting spam to Sophos, however this would be a more immediate solution so the users are confident they won't see that spam item again)

Provide support for newest version of Outlook 2016.

allow local ssh to EMA

Allow to configure exceptions for extension blocking for single extensions.

Actually it is only possible to create an exception and disable extension blocking at all. For special recipients it would be helpful to allow for example exe-attachments, but still block all other extensions.

Furthermore it should be possible to create exceptions and combine sender AND recipient address. Actually it is only possible to filter for sender OR recipient address.

If I change an existing Certificate to a new one we're loosing the ability to decode received mails for a longer time. Many Business Partners have the old one and are using this for encryption. The UTM is no longer able to decode until an Key exchange took place.

Implement an IMAP proxy for UTM/SG 9. Provides filtering and scanning functionality for those that use this type of mail retrieval.
IMAP becomes more and more important for mail clients. The use of POP3 declines. On the other hand, threads caused by malicious mail attachments like crypto trojans or macro viruses are more dangerous than ever. By not implementing sufficient security for IMAP protocol Sophos leaves an increasing part of UTM/SG customers alone.

Right now users are only notified of inbound quarantined mails through the quarantine digest. If an outbound mail gets quarantined (e.g. because the attachment is unscannable) no one, not the sender, not the recipient, not the administrator gets notified about this. The mail therefor sits silently in the queue until it is pruned according to the quarantine settings. Such mails should at least be included in the quarantine reports, if not in even in separate notifications.

There should be a Feature added to Block the emails with email body Containing some repeatedly words. As for example, on of our client receives email with different ip's, different subject but always the body contains the letters "Canadian-Pills" and he always asks us to block it. When contacted Support, they asked us to either block Domain, IP from where they are receiving.

It can be very convenient to have option Open\Review file on Sophos UTM /SG side before download to computer and review file.For example you received a file and customer not sure if there some mail-ware to another threads, he can actually review file directly in Sophos UTM\SG or file will be transferred to Sophos LAB and reviewed there by a same user.Just Emulation of OS where you able to review files
Is not Sandstorm it actually emulation on files

only be able to either turn of antivirus check or manually sifting through unscannable attachments is a pain either way

Hi all actually the decode function to understand the original encoded URL is under Configuration --> Network --> Network Connectivity tab and it's accessible only by System Administrator role on the appliance.
It could be helpful to give access to that functionality also to Helpdesk administrator role like in Sophos Management Appliance it's already running that way under "Diagnostic Tools" tab.
Regards.

Increase the number of available Email Quarantine Report scheduled times or have the F/W email users as their messages are quarantined.
Having the quarantine report emailed twice daily causes issues with time critical emails, if they are stopped as false positive.

Whereas is very easy to report a false positive for spam detection, it is incredibly convoluted to report a false negative (https://community.sophos.com/kb/en-en/115670). Please add the option to report false negatives from the Mail Manager as well.

If incoming Mails are blocked because of the file-extension,
the external Users should get a Non-delivery report.

possibility to redirect quarantine reports for e.g. ticketing system to administrator (to not create tickets for quarantine reports)