MTA (postfix) is configured for high-resolution timestamps,
and the order of events is important.
Because puremessage rounds up/down to the nearest second, when we look at our aggregated logs,
the order of events that should be:
incoming mail to MTA
blocklist check
mail passed to puremessage
puremessage passes (non-spam) mail back out to MTA
MTA forwards mail on to next hop
Actually appears as this sequence of events:
incoming mail to MTA
blocklist check
puremessage passes (non-spam) mail back out to MTA
MTA forwards mail on to next hop
mail passed to puremessage

web security, application control schedule, much needed. I think it needs to be done immediately.

In the quarantined messages summary email that is sent to users, provide a configuration option to turn off the inclusion of the mailto: link alongside each quarantined message listed. The reason for this is that customers don’t have an email client configured on student computers and clicking the mailto link brings up the Outlook configuration wizard which we don’t want. We would prefer that the summary email simply informs the user and provides them with a link to the portal where they can decide if they want to release the message/s.

when working with sum/acc SSO its not possible to change the user preferences (tab is missing). its also missing when logging in as AD user which is not explicitly added to "Allowed Administrators" (e.g. when using AD-Groups).

i would like to set this preferences (items per page, browser title, ...) globally.

I see many services under "application control" > "file transfer", 110 actually, but besides services like YouSendIt I miss Wetransfer.

Can you please add it?

Customer's email:
Further to the feature request below to change the Admin Console port, is there any way that I can restrict the IP addresses that can connect to the Admin portal? This would give me the security required.

I do not see anything in the Web Interface that would allow me to restrict who is able to request the admin portal, but is there anything you can do 'under the hood' that would restrict which IP addresses can connect?

I simply cannot allow public machines to be able to request the Admin Console

SEC has an ability to check if the virus still presents in endpoint machines before attempting to clean up the virus from the console.

This feature will prevent clean up time out error in SEC.

These appliances currently use the "flexible" vmware network driver. This creates much greater latency than the vmxnet3 driver from VMware. Substituting these drivers is possible with your Sophos UTM product and it has greatly increased performance.

I'm missing the the conext menu for all listed computers on "Managed Computers" to group the into "Computer Groups". Would saving lot's of time.

When spooled incoming mails have not been sent to the mail server after a certain number of attempts, alert the administrator (by email) so he can download them if needed (for example with the current bug where the firewall do not send the end of certain emails to the mail server). Otherwise, there is no way to be alerted of such a pb.

Customer wants enterprise console to show that the scanning is happening on the endpoint machine.

For example if a customer forces a scan on the endpoint he wants to know if it is successfully running the scan, if its failing to run the scan

Need to protect against RDP attacks trying to exploit Terminal Servers. Should be able to recognize repeated attempts to login to an RDP session and failing. I see constant attacks from all over the eastern hemisphere and I have customers that actually have people that need to login from some countries there so GeoBlocking doesn't help...

RED would be connected to the remote network using only a single LAN connection. RED would DHCP an address on the network and use the single interface as a gateway for traffic to the UTM as well as to establish the tunnel between the RED and UTM. Allows a drop in RED device at remote location with no reconfiguration of the network required.

install the Sophos firewall without re-deploying Sophos endpoint security software as Sophos Patch agent