Please update / revise "new" public subnet mask for EU-Central (German Zone) [Sophos Central Email: New delivery IP addresses]

Dear Product Documentation Dpt.,

We've been having some strange SPF issues with hydra outbound emails from a Central Email Tenant in the EU-Central/Germany Region and it took us a while to find out the culprit.

After a lot of troubleshooting we noticed that Sophos Central Email outbound server public IP address (94.140.18.227) was OUT of the scoupe the suggested NEW ip address subnet, according to the documentation: "94.140.18.128/26"

If you grab a subnet calculator 94.140.18.128/26 gives a usable host range from 94.140.18.128 to 94.140.18.190

Here's an excerpt of the message headers showing how hydra is presenting itself out of the documented ip range:

Received: from mfod-euc1.prod.hydra.sophos.com (94.140.18.227) by
 VI1EUR06FT010.mail.protection.outlook.com (10.13.6.179)

We have solved the problem increasing the subnet scope by changing the mask to "/25", which NOW includes a usable host range from .129 to .254).

I guess this issue must be happening to other confused customers and it is not that easy to notice if you don't think about pulling out a subnet calculator.

Documentation containing the errata that we have found so far:

https://support.sophos.com/support/s/article/KB-000043861

and also:

https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/EmailSecurity/SophosGateway/ExternalServices/EmailDomainInfo/index.html?x-clickref=1011lvW7u8zZ&affiliate=111l748#EmailGatewayIPs

This errata might be in other places too (?)

Kind Regards,

Félix Salmones / ADISTALIA SL

FelixSalmones

Parents

DominicRemigio over 2 years ago

Hi FelixSalmones,

There seems a confusion over different CIDR ranges. The new IP ranges listed in the article and documentation X.X.X.128/26 are the list of IPs allocated to deliver INBOUND Emails to customers (Customer-delivery/customer-xdelivery). This range has 64 usable IPs to deliver inbound emails to customers.

The next block X.X.X.192/26 (e.g 94.140.18.192/26) is allocated for the MF (MailFlow) Inbound/outbound delivery. So the IP 94.140.18.227 is not an out-of-scope IP. This IP is part of the MFOD IP ranges 94.140.18.192/26.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

DominicRemigio over 2 years ago

Hi FelixSalmones,

There seems a confusion over different CIDR ranges. The new IP ranges listed in the article and documentation X.X.X.128/26 are the list of IPs allocated to deliver INBOUND Emails to customers (Customer-delivery/customer-xdelivery). This range has 64 usable IPs to deliver inbound emails to customers.

The next block X.X.X.192/26 (e.g 94.140.18.192/26) is allocated for the MF (MailFlow) Inbound/outbound delivery. So the IP 94.140.18.227 is not an out-of-scope IP. This IP is part of the MFOD IP ranges 94.140.18.192/26.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

FelixSalmones over 2 years ago in reply to DominicRemigio

Hi Dominic,

Sorry, I wasn't aware there were also separate outbound MFOD ranges, that makes sense.

Following your advice I found this link:

https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/EmailSecurity/SophosMailflow/EmailMFDomainInfo/index.html

There the subnet appears always as /27:

Germany MailFlow inbound: 94.140.18.192/27 / outbound: 94.140.18.224/27

So the question now is which is the correct mask: /27 as in the documention OR /26 as you stated in your reply?

Thanks in advance for your help!
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel