We are currently running into some issues with emails containing malicious payloads making it through the Sophos Email Protection system and are hitting our edge firewall. Since our edge firewall is a next gen, its catching the malicious payload and not allowing the message to be delivered.

The issue is that we have no way of stopping the email once it has hit Sophos, so we have to wait for the email to go through its many retries, subsequent failures, and then eventually time out for it to be removed from the email queue. This is obviously a little frustrating, and does cause our edge device to kick out an alert email to our technical staff each time one of these messages is blocked.

I would love to have the ability to delete items from the email queue directly from the Sophos console if at all possible. If I'm running into this, I'm assuming others in the world are running into some similar issues.

Sophos- More than happy to discuss further if you need more details!

Using the on premise email appliance members of distribution groups used to receive quarantine email digest summaries and could access, view, and release quarantined email that was sent to those distribution group email addresses. Using the cloud appliance this is no longer an option. Members of distribution groups can no longer access, view, or release incoming mail that has been quarantined. Members of distribution groups are totally unaware when emails may be missing because they are quarantined without their knowledge. The only suggestion from support is to convert our distribution groups to mailboxes, or to create role based accounts to allow users to log directly into the cloud firewall to check for missing mail and have them release the emails themselves. With over 200+ distribution groups in our organization this is not feasible. Not only would this increase licensing cost, but it would be an administrative nightmare to move forward with that "solution." BRING BACK THE QUARANTINE DIGEST SUMMARY TO MEMBERS OF EMAIL DISTRIBUTION GROUPS FOR QUARANTINED MAIL THAT WAS SENT TO THE EMAIL DISTRIBUTION GROUP ADDRESS.

Emergency Mailbox access is only useful if the user can reach its mailbox to set up his/her Emergency Mailbox access log on credentials. If the user can't reach his/her mailbox due to email service interruption (servers offline), then the user can't use the Emergency Mailbox.

case 1:

Today, admins only have the option to send the "welcome to sophos" links to the users mailbox. That is fine as long as the user can see that message, but in the event the user can't retrieve his/her mail, they won't be able to use the Emergency Mailbox in SSP.

In theory, all users should have their SSP access setup before an email outage, but when they don't, they run into this wall.

case 2:

User already has SSP access but forgot his/her password and his/her email server is down. User won't get the reset password email because email server is down, which means, user won't have access to SSP.

Sophos Central could add a couple of options to admins

a) Send SSP Link to alternate email address for the user
b) Set/Reset/Resind SSP credentials within Central

That could fix the issue.

I'm testing DLP settings for email Gateway: Email Gateway > Policies > Base Policy - Data Loss Prevention > Settings > Inbound > Attachment file type > Quarantine > use custom list. I made my test list of different file types I'd like to block and saved my settings.
Now I found that some pictures (jpg) and documents (docx) are being blocked. I had previously allowed those file types.
If I look Qurantine > Message Details > I can see that blocking reason was "image" for email with jpg attachment. Why? jpg filetype was allowed. So I had to contact with support and they finally said to allow also jpeg, jpe, jfif,jfi and jif file formats. Made those changes and finally my file wasn't blocked anymore. Good! So Sophos found that file type was spomething else than jpg, but it didn't tell me what it was.

Problem was, that "Message details" view in Quarantine folder gave too few information about why the file was blocked. It says that file type "image" was blocked. I need to know also what Sophos though about attachment file type: was it jpg or actually jfif?

Please put more detailed information for troubleshooting to "Message details" view so I would need to make a support ticket to troubleshoot those kind of easy to solve problems.