This topic explains how to set up Microsoft Office 365 to route email through Sophos Email.
Add your domain and verify ownership
Sophos Email on Sophos Central: Setup instructions for Exchange (Outbound) KB-000038101 03 6, 2020 0 people found this article helpful. Sophos has published an analysis of samples of DearCry ransomware: DearCry attacks exploit Exchange server vulnerabilities. The article outlines some new and interesting discoveries about its encryption behaviour and more. Sophos Email is integrated into Sophos Central, the intuitive cloud-based console for managing all your Sophos products. Only Sophos Central lets you build and manage multiple lines of defense from email-borne threats, allowing you to respond to threats faster. This includes secure email, cybersecurity a. PureMessage 4.0.4 can be used with Microsoft Exchange 2013 and 2016. Mar 06, 2019 Currently, our mx records point to our Sophos UTM, which is a SMTP proxy, that relays to our Exchange Server. I still want to have all email routed via our Sophos UTM, whether cloud O365 mailboxes or on premise, to take advantage of all scanning/filtering etc.
You need to add your domain.
NoteSophos For Exchange
You will need to provide the following information when configuringSophos Exchange 2019
Sophos Email to process and deliver email for your domain:- Your email domain name
- Your mail delivery destination host as a Fully Qualified Domain Name (FQDN) or IP address
- The port number used to listen for SMTP traffic on the mail delivery destination host
To find your FQDN for Office 365:
- Log into the Office portal.
- Select Domains.
- Copy the value displayed for the expected MX record.Note The format is normally
<yourdomain-com>.mail.protection.outlook.com
To add a domain in Sophos Central, do as follows:
- Click Email Gateway > Settings.
- Click Domain Settings/Status.
- Click Add Domain.
- Enter your email domain details, the direction of traffic, and delivery destination details.
- Next, click Verify Domain Ownership.
- Copy the TXT value presented in the Verify Domain Ownership dialog.
- Create a TXT DNS record in the root level of the domain name you entered earlier and paste the TXT value that you copied earlier.You can give it the same TXT name as shown or use @. If you're not sure how to do this, contact the organization that registered your domain name.
- Once the new TXT DNS record entry is saved, click Verify.
Once the DNS update with the correct TXT value is propagated, a message is returned indicating that domain verification was successful.
If the DNS update has not yet propagated, or if the value entered is incorrect, a failure message is returned. Confirm that the value entered is correct.
Hello Michael, It's been a couple of years since my last organization migrated in a Hybrid scenario to Office 365. We had a Cisco Ironport device that handled email content similar to the Sophos UTM. We set up send and receive connectors to the Cisco Ironport that was in-between Office 365 and our on-Premise Exchange servers. Eventually we phased out the Ironport and had all filtering done by Office 365.
I can say that when we configured our email to go through Office 365 we HAD to change the MX records to point to their servers. Not sure you can set up your Sophos UTM as the main MX and then route through Office 365. You may get errors in Office 365 when it checks for your domain's DNS settings.
I would keep the MX pointed to Office 365, set up send and receive connectors back to your Sophos device as a middle-man.
The link below has some good guidance.
Mail flow best practices for Exchange Online and Office 365 (overview)
That's my take.
Hope it sheds some light .