Emergency Mailbox access is only useful if the user can reach its mailbox to set up his/her Emergency Mailbox access log on credentials. If the user can't reach his/her mailbox due to email service interruption (servers offline), then the user can't use the Emergency Mailbox.

case 1:

Today, admins only have the option to send the "welcome to sophos" links to the users mailbox. That is fine as long as the user can see that message, but in the event the user can't retrieve his/her mail, they won't be able to use the Emergency Mailbox in SSP.

In theory, all users should have their SSP access setup before an email outage, but when they don't, they run into this wall.

case 2:

User already has SSP access but forgot his/her password and his/her email server is down. User won't get the reset password email because email server is down, which means, user won't have access to SSP.

Sophos Central could add a couple of options to admins

a) Send SSP Link to alternate email address for the user
b) Set/Reset/Resind SSP credentials within Central

That could fix the issue.

I'm testing DLP settings for email Gateway: Email Gateway > Policies > Base Policy - Data Loss Prevention > Settings > Inbound > Attachment file type > Quarantine > use custom list. I made my test list of different file types I'd like to block and saved my settings.
Now I found that some pictures (jpg) and documents (docx) are being blocked. I had previously allowed those file types.
If I look Qurantine > Message Details > I can see that blocking reason was "image" for email with jpg attachment. Why? jpg filetype was allowed. So I had to contact with support and they finally said to allow also jpeg, jpe, jfif,jfi and jif file formats. Made those changes and finally my file wasn't blocked anymore. Good! So Sophos found that file type was spomething else than jpg, but it didn't tell me what it was.

Problem was, that "Message details" view in Quarantine folder gave too few information about why the file was blocked. It says that file type "image" was blocked. I need to know also what Sophos though about attachment file type: was it jpg or actually jfif?

Please put more detailed information for troubleshooting to "Message details" view so I would need to make a support ticket to troubleshoot those kind of easy to solve problems.

On this server customer is running SPLUNK through which they connect to various vendor software, in our case Sophos Central to interrogate the data.

Python version 2.7.5 is what is running on the server
This runs some scripts to connect to the Central API to fetch logs from Central gateway & store on the Linux server.
This is then used to create reports.

Customer has other applications that run on this server

AWS, Forcepoint, Imprva

These applications download a newer version of Python 2.7.9+ that allows their integration script to run.

Following our KB, we do not supply the same thing, just the script.

Customer environment does not allow them to upgrade to 2.7.9+ from their current version.

-----------------------------------------
Article ID: 125169
Title: Sophos Central APIs: How to send alert and event data to your SIEM
URL: https://sophos.com/kb/125169
-----------------------------------------

The error they get is;

PFB logs:
04-16-2019 13:17:28.065 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sopho_central_alerts.py" ERRORHTTPSConnectionPool(host='api3.central.sophos.com', port=443): Max retries exceeded with url: /gateway/siem/v1/alerts/?limit=1000&from_date=1555416748 (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',)))

Customer would like a feature request so that a supported version of Python is supplied with the script, as the other applications do.

"Is it possible to develop Sophos add-on by adding a python package through it can connect to Sophos Gateway, like Splunk AWS add-on?"

Can Sophos develop the script to include a version of Python that would be supported with their script, like Python 2.7.9+, as per the KB above?
Documentation too.