Determine Outgoing Mails not only through sender domain (Problem with Spoofing Mails)
Currently the Sophos XG and UTM Mailfilter seem to make a difference on Outgoing and Incoming Mails.
An incoming Mail seems to be determined by checking the protected Domains. All Domains that are not protected Domains are incoming Mails.
An outgoing Mail seems to be dtermined by checking the protected Domains. All Protected domains are incoming Mails.
That could lead to several problems, because only the Domains are taken into account in this decision.
1. In my opinion when "Scan outgoing mails" is not checked there is no check on "outgoing" mails. That could lead to problems with spoofing mails not being scanned by anti virus. (Please correct me if I'm wrong)
2. No SPF Check is carried out on "Internal Domains" even if the mail is a spoofing mail from a foreign server (for example when sende rand recipient are the same)
Other Checks like RDNS / Greylisting / Strict RDNS can filter out some of those spoofing mails but not all. On all other Domains SPF is working fine but not on internal domains which I think is a severe flaw.
So it would imho be necessary to not only determine a outgoing mail by it's domain and by other factors (for example additionally through a list of hosts that may send outgoing mails)
This is absolutely necessary to prevent furhter confusion and make the spam filter more secure and like anyone would expect it to work.