Better logging in email gateway
I recently ran into an issue where all emails from gmail.com were being deleted. I could not figure out what was going on. I called support and they helped me solve the issue which turned out to be a wayward rule. My issue is the logging is so obtuse in Email Gateway that you can't really tell why something was deleted. There should be a simple note on the message as to why it was deleted. Was it an advanced threat, triggered by a block rule, malware, etc. There should also be verbose logging that lets you see the message the entire way through the Sophos system. This would save countless hours and support calls. Even the support Engineer did not have access to better logs. He just made a few guesses and we eventually found it. In the meantime, he was getting the case ready to send up to development which seems ridiculous. Please provide better logging and clear explanations in Sophos Central as a whole as to why something is happening.
Jim Little commented
The logging is as terrible as anything I have seen. It may cause us to use another system. It is slow and way too generic. I would prefer the advanced logs and filter the information myself.
Logs for Rejected items (Auth fail due to no mailbox, SPF reject, RBL reject) would be wonderful and should be there to allow proper troubleshooting and insight.