I had an issue where I was unable to release quarantined emails with Legacy mode enabled for the Email Protection. The SMTP Scanning rules were working properly, but releasing messages, whether from the Quarantine Digest email, the admin web interface, or the User Portal, simply resulted in the message disappearing. The Log Viewer showed the message "Email has been accepted by Device and queued for scanning." The emails never made it to the inboxes.
I opened a Critical ticket and called support on 3/26 and the technician spent an hour an a half verifying what I said the issue was and then said he had to escalate the ticket. On 3/30 I heard from the level 2 engineer... and today on 3/31 I solved the problem myself.
In the advanced console I discovered that despite being in transparent proxy mode, the awarrenmta service is still being used -- for quarantine release... Looking at the awarrenmta.log I saw this message: "Failed to route through MX falling back to orig dst 1" I had found a Sophos community post about this (I think) but for the life of me, I can't find it now... Anyway, the solution was to add an MX record in our internal DNS to point to the mail server. About 30 minutes after adding that, the log showed messages being delivered and all of the released messages up to that point showed up in the appropriate mailboxes. Releasing as admin or the user (via digest or portal) now works.
Our internal domain and email domain are different and we use split DNS internally. On the XG I have both domains in the DNS Request Route going to our local DNS servers. I added the MX record in the forward lookup zone for our email/external domain and pointed it to the internal mail server, not the XG.
This thread was automatically locked due to age.
