This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 - Mails werden abgelehnt und gehen nicht in die Quarantäne

Hallo Ihr Lieben,

seit ein paar Wochen haben wir immer wieder Probleme mit Mails, die nicht überkommen. Aktuell haben wir ein paar Kunden, die von unserer Firewall abgelehnt werden (Abgeleht: Spam (confirmed). Der Kunde bekommt die Rückmeldung: 5.3.0 - Other mail system problem 550 - 'Administrative prohibition' (delivery attempts: 0)

Heute versucht die Kollegin eine Mail raus zu schicken und bekommt sie mit dem Hinweis:

 

Betreff: "Mail delivery failed : returning message to sender"

This message was created automatically by the SMTP relay on vpn.kroppstahl.com.

A message that you sent could not be delivered to all of its recipients.

The following address(es) failed:

   *@*.de

    SMTP error from remote mail server after end of data:

    host mail.*.de [000.000.000.00]: 550 Administrative prohibition ...

 

Die Sophos ist wie folgt eingestellt:

Während Übermittlung ablehnen: Bestätigter Spam (Aus hat beim versenden der Mail nicht geholfen)

Spam-Aktion: Quarantäne

Aktion b. bestätigtem Spam: Quarantäne

 

ich verstehe nicht, was da falsch eingestellt sein könnte. Hat jemand eine Idee, was ich in der Firewall einstellen muss?

 

Vielen DANK

 

Marco



This thread was automatically locked due to age.
Parents
  • vielen Dank für die schnellen Antworten :)

     

    Hier der Log, den ich mitgeschnitten habe:

     

    2018:12:12-12:19:02 vpn exim-in[5601]: 2018-12-12 12:19:02 SMTP connection from [192.205.205.5]:63857 (TCP/IP connection count = 1)

    2018:12:12-12:19:02 vpn exim-in[25654]: 2018-12-12 12:19:02 H=exchange.absender_firma-vreden.local [192.205.205.5]:63857 Warning: Exception matched: Skipping greylisting for this message

    2018:12:12-12:19:02 vpn exim-in[25654]: 2018-12-12 12:19:02 H=exchange.absender_firma-vreden.local [192.205.205.5]:63857 Warning: Exception matched: Skipping antispam for this message

    2018:12:12-12:19:02 vpn exim-in[25654]: 2018-12-12 12:19:02 [192.205.205.5] F=<name@absender_firma.com> R=<name@empf_firma-bau.de> Accepted: from relay

    2018:12:12-12:19:03 vpn exim-in[25654]: 2018-12-12 12:19:03 1gX2Xf-0006fm-0O <= name@absender_firma.com H=exchange.absender_firma-vreden.local [192.205.205.5]:63857 P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=1033714 id=5CABA0EFA4BA3440B3CE3FF7BB2AD3461E645968@Exchange.absender_firma-vreden.local

    2018:12:12-12:19:03 vpn exim-in[25654]: 2018-12-12 12:19:03 SMTP connection from exchange.absender_firma-vreden.local [192.205.205.5]:63857 closed by QUIT

    2018:12:12-12:19:05 vpn smtpd[5563]: QMGR[5563]: 1gX2Xf-0006fm-0O moved to work queue

    2018:12:12-12:19:10 vpn smtpd[25659]: SCANNER[25659]: 1gX2Xm-0006fr-5N <= name@absender_firma.com R=1gX2Xf-0006fm-0O P=INPUT S=1032608

    2018:12:12-12:19:10 vpn smtpd[25659]: SCANNER[25659]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.205.205.5" from="name@absender_firma.com" to="name@empf_firma-bau.de" subject="Lieferschein +Rechnug BV " queueid="1gX2Xm-0006fr-5N" size="1032608"

    2018:12:12-12:19:10 vpn smtpd[25659]: SCANNER[25659]: 1gX2Xf-0006fm-0O => work R=SCANNER T=SCANNER

    2018:12:12-12:19:10 vpn smtpd[25659]: SCANNER[25659]: 1gX2Xf-0006fm-0O Completed

    2018:12:12-12:19:11 vpn exim-out[25663]: 2018-12-12 12:19:11 1gX2Xm-0006fr-5N ** name@empf_firma-bau.de P=<name@absender_firma.com> R=dnslookup T=remote_smtp: SMTP error from remote mail server after end of data: host mail.empf_firma-bau.de [130.255.121.31]: 550 Administrative prohibition

    2018:12:12-12:19:11 vpn exim-out[25666]: 2018-12-12 12:19:11 1gX2Xn-0006fy-1K <= <> R=1gX2Xm-0006fr-5N U=exim P=local S=108670

    2018:12:12-12:19:11 vpn exim-out[25663]: 2018-12-12 12:19:11 1gX2Xm-0006fr-5N Completed

  • Compare my successful message to your blocked message, particularly the R=<method> clause.   Both have been reformmated for reading.
    Why are you doing an MX lookup for your destination mail system, instead of doing a static route?   Are you sure that the MX lookup is resolving to a machine that is listening?

    Mine:

    2018:12:13-06:53:20 <devicename> exim-out[22654]: 2018-12-13 06:53:20
    1gXPYO-0005tL-2i => zielske@mycompany.com
    P=<bounce-lnkkngqhhdjrdwqmwgrmjddwzzhzzrpmlydppw@townhallmail.com>
    R=static_route_hostlist
    T=static_smtp
    H=192.168.1.49 [192.168.1.49]:25
    X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256
    C="250 OK"

    Yours

    2018: 12: 12-12: 19: 11 <devicename> exim-out [25663]: 2018-12-12 12:19:11
    1gX2Xm-0006fr-5N ** name@empf_firma-bau.de
    P = <name @ sender_company.
    R = dnslookup = remote_smtp: SMTP error from remote mail server after end of data: host mail.empf_firma-bau.de [130.255.121.31]: 550 Administrative prohibition

Reply
  • Compare my successful message to your blocked message, particularly the R=<method> clause.   Both have been reformmated for reading.
    Why are you doing an MX lookup for your destination mail system, instead of doing a static route?   Are you sure that the MX lookup is resolving to a machine that is listening?

    Mine:

    2018:12:13-06:53:20 <devicename> exim-out[22654]: 2018-12-13 06:53:20
    1gXPYO-0005tL-2i => zielske@mycompany.com
    P=<bounce-lnkkngqhhdjrdwqmwgrmjddwzzhzzrpmlydppw@townhallmail.com>
    R=static_route_hostlist
    T=static_smtp
    H=192.168.1.49 [192.168.1.49]:25
    X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256
    C="250 OK"

    Yours

    2018: 12: 12-12: 19: 11 <devicename> exim-out [25663]: 2018-12-12 12:19:11
    1gX2Xm-0006fr-5N ** name@empf_firma-bau.de
    P = <name @ sender_company.
    R = dnslookup = remote_smtp: SMTP error from remote mail server after end of data: host mail.empf_firma-bau.de [130.255.121.31]: 550 Administrative prohibition

Children
No Data