Regarding the MALWARE scan mechanism, many times we have complains from office users that emails are moved to Quarantined because some files in them fail to be scanned.

Can there be a discrimination on a future update, regarding the exact sub-reason of an attachment being unscannable ?

For example, due to an error differs fromfile being locked with a password or a modified pdf failed to open or do open but with a pop up error message that user can bypass and view/edit file.

To activate/deactivate above said parameters, based on specific Sender address / domain etc.

Currently we have to way to find out from which source ip a rejected or accepted mail is coming.
Also for Outgoing emails we dont know which remote server received our email.
Please add to columns to the SMTP Log showing the SRC and DST IP.

We need to have a better spam filter/content filtering in the XG Firewall. the SG Firewall has a better filtering/blocklist to prevent spam. the XG allows messages that were not allowed through on the SG. not sure if this was from one of the blocklist/RBL but we need that one back, the XG filter is fairly week. can you please put a better one in? also need better content filtering

This is to check whether the mail going outside the network be authenticated and none of the malicious user would be able to share the confidential information thru email to the outside network

We are using Sophos SXG310 and it is configured in transparent mode and for Mail, It is configured as MTA mode. So Mails which are been rejected based on RDNS or IP Address basis by Sophos, Neither recipients or Senders are aware of this failed delivery. So we want to export mail logs based on filter "rejected" for some specific time period from Sophos so that we can manually intimate the recipients regarding failure of Delivery.
Please consider this requirement in next release.

This is the only feature that is preventing me from migrating from UTM to XG

I use the POP3 prefetch mode heavily for mail hygeine, but it is not possible in XG, and as this is used at home, I cannot alter my MX records as my ISP's IP ranges are blacklisted

Allow wildcard domains for enforced TLS when sending email. e.g. Force TLS to all *.gov.uk domains.

If you have 2 email domains defined, xyz.com and xyzllc.com, and emails to both domains go to the same users, the quarantine digest is sent for xyz.com but not for xyzllc.com.

We have configured the system to quarantine emails with certain extensions.
However, the recipient then only sees the quarantine reason "File Extension" in the notification. It is urgently desired that he also sees directly which file extension it is. The admin only sees this in the mail manager.

We have quite a few shared mailboxes for the likes of HR, Finance and reception to name a few. Whilst I can send individuals a quarantine report to their mailbox there doesn't seem to be the ability to do this with shared mailboxes, or at least they do not show up in the list.

It has come to my attention that DLP on the XG only catches certain things like social security numbers and bank accounts if there are 10 or more listed in the email. Most my clients when sending emails are referring to a single account with one or maybe two social security numbers, so these would never get caught. Even one social security number or bank account not encrypted in an email is a big problem.

The UI functionality is there but it saves without any errors although it doesn't work at all.
This allows customers with a large number of backup MXs or those using commercial backup MXs (it won't pass the SPF checking normally unless you make an exception rule for every single one of them....) to bypass SPF or any other checking.

The quarantine report is only sended to users registered on the firewall (manually created or LDAP users that logged into the user portal for example)
If there is a mail quarantined for a user that hasn't logged into the user portal yet, no quarantine digest will be sended.
I request an option for quarantine digest to send the report based on the recepient-domain without the necessity to log in for the users (something like there was on the utm)

In the legacy mode of the e-mail protection module there are filter options of the e-mail headers, in the MTA mode there are no such options, as well as those of probable SPAM, probable virus, etc.

It would be very interesting to have these options.

Combine Mail Exeptions like Sender (and/or) Mailserver (and/or) receipient address to
make it more powerful and flexible.

In the current version (17.5.5) it is still not possible to define whole source networks in SMTP exceptions. It is only possible to select single ip hosts or fqdn hosts.
In a few cases you need to exclude whole /27 networks from greylisting, SPF and more. Very annoying to create single hosts to add.

Add Content Disarm and Reconstruction to XG-Firewalls Email Protection functionality.

It would be great to enable the XG firewall to use CDR when handling incoming emails (with the possibility to access original files for a certain time if neccessary)

Enable SFP email protection in transparent mode.. with the phishing these days, it only makes sense (not just MTA mode as not everyone can use this efficiently or if they have additional anti-spam measures on their own mailserver.