allow local ssh to EMA

If I change an existing Certificate to a new one we're loosing the ability to decode received mails for a longer time. Many Business Partners have the old one and are using this for encryption. The UTM is no longer able to decode until an Key exchange took place.

Implement an IMAP proxy for UTM/SG 9. Provides filtering and scanning functionality for those that use this type of mail retrieval.
IMAP becomes more and more important for mail clients. The use of POP3 declines. On the other hand, threads caused by malicious mail attachments like crypto trojans or macro viruses are more dangerous than ever. By not implementing sufficient security for IMAP protocol Sophos leaves an increasing part of UTM/SG customers alone.

Right now users are only notified of inbound quarantined mails through the quarantine digest. If an outbound mail gets quarantined (e.g. because the attachment is unscannable) no one, not the sender, not the recipient, not the administrator gets notified about this. The mail therefor sits silently in the queue until it is pruned according to the quarantine settings. Such mails should at least be included in the quarantine reports, if not in even in separate notifications.

There should be a Feature added to Block the emails with email body Containing some repeatedly words. As for example, on of our client receives email with different ip's, different subject but always the body contains the letters "Canadian-Pills" and he always asks us to block it. When contacted Support, they asked us to either block Domain, IP from where they are receiving.

It can be very convenient to have option Open\Review file on Sophos UTM /SG side before download to computer and review file.For example you received a file and customer not sure if there some mail-ware to another threads, he can actually review file directly in Sophos UTM\SG or file will be transferred to Sophos LAB and reviewed there by a same user.Just Emulation of OS where you able to review files
Is not Sandstorm it actually emulation on files

Allow to configure exceptions for extension blocking for single extensions.

Actually it is only possible to create an exception and disable extension blocking at all. For special recipients it would be helpful to allow for example exe-attachments, but still block all other extensions.

Furthermore it should be possible to create exceptions and combine sender AND recipient address. Actually it is only possible to filter for sender OR recipient address.

only be able to either turn of antivirus check or manually sifting through unscannable attachments is a pain either way

Increase the number of available Email Quarantine Report scheduled times or have the F/W email users as their messages are quarantined.
Having the quarantine report emailed twice daily causes issues with time critical emails, if they are stopped as false positive.

Whereas is very easy to report a false positive for spam detection, it is incredibly convoluted to report a false negative (https://community.sophos.com/kb/en-en/115670). Please add the option to report false negatives from the Mail Manager as well.

possibility to redirect quarantine reports for e.g. ticketing system to administrator (to not create tickets for quarantine reports)

I suggest you should add support for DBL check on SMTP Antispam Features.

We get phishing mail with faked sender!
Examples:

mastercard.com text = "v=spf1 include:spf.protection.outlook.com
include:deliverygateways.masercard.com include:external.mastercard.com include:ma.mastercard.com ~all"

paypal.com text = "v=spf1 include:pp._spf.paypal.com include:3ph1._spf.paypal.com
include 3ph2._spf.paypal.com include:3ph3._spf.paypal.com
include:3ph4._spf.paypal.com nclude:c._spf.ebay.com ~all"

The problem with this is ~all

The UTM marks the mail somewhere in the header and forwards it.
This is not good!

It would be better if you could adjust the response to such a mail:

reject this mail
accept this mail
treat this mail as SPAM (marked as SPAM)

It could thus enable a lot more control over such mails!

Instead of the actual crypto locker problems we block all office mime type mails and need a feature to send a quarantine report more often to users

It would be nice to have an Outlook plug-in to report SPAM or false positive SPAM directly in Outlook not only in daily reports.

i'd like to know if is possible analyzer doc file attached to an email and discover if it contain macro and if has it put the message in quarantine

Would like to be able to block all emails with senders from specific TLDs. Eg. *.win or *@*.win