Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-gateway

Set up Sophos Gateway

Use Sophos Gateway to integrate Sophos Central with third-party mail services.

For instructions on using Sophos Mailflow to connect with Microsoft 365 domains, see Set up Sophos Mailflow.

Note

To avoid problems, don't configure both email processing modes, Sophos Mailflow and Sophos Gateway, for the same domain. When switching between modes for a domain, remove the previous mode's settings after configuring the new mode.

To set up Sophos Gateway, do as follows:

  • Add mailboxes you want to protect.
  • Add email domains you want to protect.
  • Configure Policies and Settings.

Add mailboxes

You can add mailboxes to Sophos Email Security.

You can add mailboxes in the following ways:

  1. Automatically, using a directory service. You can use either AD sync or Microsoft Entra ID sync. For more information and instructions on how to set up a directory service, see Directory service.
  2. Manually, using the UI.
  3. Manually, using a CSV file.

Domains Settings/Status

Configure and manage email domains protected by Sophos Gateway.

Go to My Products > General Settings > Domain Settings / Status.

Add a domain

Tip

Instructions on how to set up your domain for common providers are available online. Example: Office 365.

To view the instructions:

  1. Expand Configure External Dependencies.
  2. Under Inbound Settings, click the link for your chosen provider.

  3. Use the information to help you configure your email domain.

    Click Outbound Settings to view your outbound relay host.

To add a domain:

  1. Click Add Domain.

  2. In the Email Domain text field, enter your email domain. Example: example.com.

    Domain ownership must be verified before email will be delivered through Sophos Central. To verify domain ownership, you need to add a TXT record to your domain. Adding this record will not affect your email or other services.

  3. Click Verify Domain Ownership.

  4. Use the details given in Verify Domain Ownership to add the TXT record to your Domain Name Server (DNS).

    Note

    This can take up to ten minutes to take effect.

  5. Click Verify.

    Warning

    You can't save an unverified domain. You must correct any issues with the domain ownership verification.

  6. Select the direction you want to configure the domain for. If you select Inbound and Outbound you will need to select an outbound gateway from the drop-down list. If you select Custom Gateway, at least one IP/CIDR (subnet range) is required. Enter the IP and CIDR and click Add. You can add multiple IP addresses/ranges.

    Note

    You can configure your mail server or service to send messages to Sophos on port 25 or 587.

  7. Select whether you wish to use a mail host or a mail exchange (MX) record in the Inbound destination drop-down list.

    Note

    You must use a mail exchange record if you want to use multiple destinations.

    1. If you selected Mail Host enter an IP address or a fully-qualified domain name (FQDN) in the IP/FQDN text field. Example: 111.111.11.111 or example.com.
    2. If you selected MX enter an FQDN in the MX text field. Example: example.com.

  8. In the Port text field enter the port information for your email domain.

  9. Expand Information to configure External Dependencies.

    The Mail Routing Settings tab shows the Sophos delivery IP addresses and MX record values used for configuring mail flow for your region.

    1. Make a note of the appropriate settings so that you know where to allow SMTP traffic from.
    2. Ensure that you configure your mail flow for Email Security.
    3. Click Save to validate your settings.

  10. Click the Base Policy link to configure spam protection.

Note

Spam protection applies to all protected mailboxes by default. You must review the settings to check that they are appropriate.

You can add extra domains at any time.

Delete a domain

To delete a domain, click on the gray cross to the right of the domain you wish to remove.

Edit a domain

To edit a domain, click on the domain name in the list, change the settings and click Save.

Managing Microsoft 365 domains

If you've added Microsoft 365 (formerly Office 365) tenant domains, Super Admins can do the following:

  • Connect your tenant domain to allow Microsoft 365 Security to run.
  • Disconnect your tenant domain.
  • Click Configure M365 Security to turn on Auto search and remediate for your Microsoft 365 users.

To find out how to set up Auto search and remediate, see Post delivery protection.

Auto search and remediate removes malicious emails from your users' inboxes. You can look at emails, and delete or release them, from Quarantined Messages.

Policies and Settings

Configure policies and settings.

Go to My Products > Email Protection > Policies to configure, edit, or delete Email Security and Data control policies.

Go to My Products > General Settings to configure, edit, or delete Email Security settings.

More resources

This video explains how to set up Sophos Gateway to integrate your third-party email service with Sophos Central.

You can also view this video on the Sophos Techvids page. See Sophos Email: Get Started with Sophos Email.

We also have other videos that take you through setting up Sophos Email Security.