Is Sophos central Email blacklisted?

Hello, can be Sophos Central Email blacklisted? 

I was trying to send emails to my clients and i had the following error:

Message not delivered

Your message could not be delivered to one or more recipients. The details are attached below.

For further assistance, please contact your IT Administrator.

Message details

Failure reason:

<soporte@a*****l.com.py>: host mail.a****l.com.py[xx.xx.xx.xx] said: 550-Sophos Anti Spam Engine has blocked this Email because the sender IP 550 Address is blacklisted. (in reply to RCPT TO command)

From:

soporte@i****s.com.py

To:

soporte@a*****l.com.py

Subject:

solicitud nro. : ##5551## - re: [caution: suspect sender] fwd:

Sent:

2019-09-20T12:39:10.000Z

Is there the possibility that Central outbound IP is blacklisted? 

If anyone knows anything it will be appreciated..

PS.: my client has Sophos XG Firewall with Email protection.. funny, Sophos blocking sophos haha.. 

  • Hi  

    We're currently looking into this and I'll post further updates as soon as more information is available.

  • In reply to Jaydeep:

    We have the same issue with two of our clients now

    Message not delivered
    Your message could not be delivered to one or more recipients. The details are attached below.

    Failure reason: <recipeint@hotmail.com>: host hotmail-com.olc.protection.outlook.com[104.47.56.161] said: 451 4.7.650 The mail server [18.216.23.29] has been temporarily rate limited due to IP reputation. For e-mail delivery information, see https://postmaster.live.com (S775) [CLIENT.eop-nam11.prod.protection.outlook.com] (in reply to MAIL FROM command) -nam11.prod.protection.outlook.com] (in reply to MAIL FROM command)
    From: sender@myclient.com.au

    To: recipeint@hotmail.com

    Subject: re: SUBJECT
    Sent: 2019-11-10T05:19:44.000Z

    Sad face!!! Its been happening for 2 days now

  • In reply to Beau Murray:

    I have this exact same issue as well too Beau Murray.

    Sophos Support - any updates on this issue?

    Thanks!

  • In reply to Beau Murray:

    Hi  &

    I just checked the IP reputation for the IP 18.216.23.29 and it is clean. Rate limitation is something that depends on the recipient's email server as well. If you're still facing the issue, I'd recommend creating a case with Sophos Support and DM me the case number.

  • In reply to Jaydeep:

    I ended up contacting support and they said it was a bug which has been escalated to the dev team. Will post when I hear more

  • In reply to Beau Murray:

    Thanks for the information. Would you please DM me the case number? I'll track the progress of that issue.

  • In reply to Jaydeep:

    Here is the response from support.

    [#9418836] Central Email | Blocked due to ip reputation - live.com

    My apologies for the inconvenience this has caused you. As per checking on the log file you've send we verified that there is an existing case that is being handled by our dev team regarding sophos temporary blocked due to ip reputation. This is the case ID for the dev team SUPP-96719 and as discussed I will provide update when the issue has an update or if it is now resolved. With this you can also refer to this case and include SUPP-96719 in previous transactions. Thank you.

  • In reply to Beau Murray:

    Hi  

    I have a confirmation from our team that the issue has been completely resolved and post-incident observation did not indicate any further instances as such.

    Thanks for your co-operation.

  • In reply to Jaydeep:

    Fingers crossed. I got this yesterday with no news since. PS I had already implemented a connector to send direct and bypass Sphos email gateway.

    Hello,

    We will update you once the IP has been unblocked.

    In the meantime what you can do is create a send connector on the email server so that it will send emails directly to hotmail.com/live.com (only on the affected domains) instead of sending it through to Sophos Central.

    Regards,

  • In reply to Jaydeep:

    Hi Jaydeep,

    Thanks for letting us know that this has been resolved. Haven't received any of these notifications to me directly, but I'll ask my colleague to monitor since it originated from her mailbox.

    Cheers,
    Faith

  • In reply to Faith Wan:

    Hi  

    You're welcome. If you come across this issue again, please post it here or DM me the details and we can look into this further.

  • In reply to Jaydeep:

     Hi,

    We get this aswell.   

    host outlook-com.olc.protection.outlook.com[104.47.58.161] said: 550 5.7.1 Unfortunately, messages from [18.216.13.200] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [BN8NAM11FT044.eop-nam11.prod.protection.outlook.com] (in reply to MAIL FROM command)

  • In reply to Jason Mills:

    We are also seeing this today.

    A few users have already reported it, so it's being noticed.

  • In reply to Sophos User261:

    Yep its back for me too, I just created direct send connectors for hotmail, gmail etc. Pretty frustrating to have to go through this again.

  • In reply to Beau Murray:

    This issue has occurred again.

    Sophos - please fix this ASAP!!