Here's some further information from the built-in help that applies: As an additional antispam feature, the SMTP proxy tacitly checks each recipient address it receives with your backend mail server(s) before accepting mail for this address. Emails for invalid recipient addresses will not be accepted. In order for this function to work, your backend mail server(s) must reject mails for unknown recipients at the SMTP stage. The general rule is that if your backend server rejects a message, the SMTP proxy will reject it, too. Note, however, that recipient verification is not done for trusted (authenticated) or relay hosts, because some user agents may encounter problems when recipients get rejected in the SMTP transaction. In the usual scenario (backend mail server rejects unknown recipients in the SMTP transaction), Sophos UTM will only generate bounces in the following cases: When a trusted or relay source sends a message to an undeliverable recipient. When the backend mail server has been down so that Sophos UTM was not able to verify the recipient. However, Sophos UTM does not prevent your backend mail server(s) from sending non-delivery reports (NDRs) or bounces. In addition, Sophos UTM caches positive callout replies from the mail server for 24 hours, and negative ones for two hours.
↧