Some isp's offer multidrop pop3 accounts. Basically one acount downloads all the messages from the pop3 server

Using a special marker mail should be disallowed if encryption/signature are not possible.
This should result in an NDR - "mail not send - encryption not possible"

In my opinion its useful to receive a Non Delivery report for outgoing sended emails. Blocked file extensions like .exe or .bat will block ANY directions of mails (extern to intern and also intern to extern).

These messages will be quarantined however internal users will not receive any information about that like an NDR. He belief, that the mail was delivered correctly.

It's important to have a chance in big customers the chance to route authentication process in base of domain name. it would an improvement about what there is already available. Example: users@gabriele.com will be authenticated by radius on server1; if authentication fail, users@gabriele.com will be authenticated by Active directory on server2. ecc.

Very efficient in big environment.

Can we have an English GB setting in this version please, so that the dates in the reports are shown the correct way round and words are spelled correctly like Organisational.

(I know there are more yanks out there than us brits, but we did invent the english language)

Currently Email Relay checks for allowed users and Host based, in both cases the user name or IP address can be spoofed or hijacked by a spambot, it would be great to have more granular checks such as that the user allowed to relay should send with the same account and as well limit maximum number of emails per sender.

Implement a Dropbox (https://www.dropbox.com/ and similar) filtering and scanning functionality for those that use this type of exchanging files.

Current SMTP database log only allows 30 days retention. Many organizations will have a one-year retention policy.

to be able to do basic troubleshooting on RED devices it would be fine to include CLI access and some basic commands like:
tcpdump
traceroute
ping
telnet (for Port checks)
...

this would be fine, if something fails between remote location and central device. It would be nice to be able to prove functionality for other involved parties.

The default as of now (v7.502) is that the service definitions all use port-range 1:65535 as standard. Most of them actually only uses 1024:65535. I think 1024:65535 would be much better and correct.

Normally you can only check username and password (in extension a certificate ) during remote access authentication. There is no ability for checking the environment of the user, f.e. what device is he using, AV running and up-to-date, Firewall on, not using special applications, etc. .
There must be a applet used during clientless SSL-VPN access for checking the user environment against important security functions and after checking the user has to match into a security zone. Depending on which zone the user lands, there are different rules working for access the internal site.

i need a ftp proxy profile mode where i can set different profiles for different networks.

To prevent Intellectual Property Data-Loss, it would be much better,
if there are 2 separate Filter Lists - one for Incoming and one for Outgoing Extension Blocking.
Via Extension Blocking we want to prevent, that e.g. DWG-File Attachments are sent to customers by the Engineering department without approval.
After approval, the secretary should be able to release the outgoing blocked Mail.

Please add the ability to specify more than 2 time times for sending the quarantine report.

Currently the max retention of on-box reporting is 6 months, please allow us to retain reports for an entire year.

Admin should be able to add/manage POP3 account for prefetch. Login in to the enduser portal is cumbersome as password of all users must be obtained first.

I recently ran into some trouble trying to figure out if a specific traffic was being blocked or is allowed to pass through.
IT would make things much easier If I had a search-option to put in a source and/or destination IP and port and let the Astaro check if there is a rule covering this IP/Port or not.

I need, for example, to block exe files. however, the problem with ASG is that if files with blocked extensions are zipped - even without password protect the archive - they pass, because apparently Astaro only checks the zip file extension (rar, zip) and not the extensions of the files inside the archive, which means that you can bypass the blocking of any files by zipping them first. My only option now is to block zipped files which is not so practical as they may contain legitimate content that I don't want to block.