This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Probleme mit Email Protection mit der Version 9.603-1 ?

Hallo zusammen,

 

ich habe am 05.06. die Firmware auf 9.603-1 aktualisiert und seit zwei Wochen bekomme ich als Rückmeldungen, das manchmal E-Mails von Kunden nicht ankommen.

Der Kunde schickt z.B eine E-Mail an drei Empfänger (drei Abteilungen bei uns). Zwei kommen an, die dritte E-Mail fehlt. Laut SMTP Log nur zwei E-Mails empfangen... wo ist die dritte?

Hat jemand auch das Problem mit der neuen Version oder ist das jetzt nur ein zufall und das Problem liegt wo anders?

 

Kann ich irgendwie die Firmware downgraden?

Vielen Dank!



This thread was automatically locked due to age.
Parents
  • Es wurde wieder eine E-Mail geblockt.

    Unter E-Mail Protection -> Mail Manager taucht die E-Mail nicht auf.

    Aber diesmal habe ich was im Log gefunden: Loggin & Reporting -> View Log Files -> SMTP Proxy.

    So wie ich die Log-Datei Verstehe, ist Greylisting schuld.... Hier ein Ausschnitt. Die IP vom Absender war immer gleich, nur der Empfänger hat sich geändert.

     

    2019:06:26-11:07:04 UTM exim-in[7699]: 2019-06-26 11:07:04 SMTP connection from [80.149.153.xxx]:60926 (TCP/IP connection count = 1)
    2019:06:26-11:07:04 UTM exim-in[16641]: 2019-06-26 11:07:04 H=... (...) [80.149.153.xxx]:60926 Warning: domain.de profile excludes SANDBOX scan
    2019:06:26-11:07:04 UTM exim-in[16641]: 2019-06-26 11:07:04 [80.149.153.xxx] F=<...> R=<m.muster@domain.de> Verifying recipient address with callout
    2019:06:26-11:07:06 UTM exim-in[16641]: 2019-06-26 11:07:06 1hg3tQ-0004KP-2e ctasd reports 'Unknown' RefID:str=0001.0A0B020C.5D1335BA.000C:SCFSTAT11730999,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2019:06:26-11:07:06 UTM exim-in[16641]: 2019-06-26 11:07:06 1hg3tQ-0004KP-2e Greylisting: Greylisted 80.149.153.xxx
    2019:06:26-11:07:06 UTM exim-in[16641]: [1\35] 2019-06-26 11:07:06 1hg3tQ-0004KP-2e H=... (...) [80.149.153.xxx]:60926 F=<...> temporarily rejected after DATA: Temporary local problem, please try again!

    2019:06:26-11:15:49 UTM exim-in[7699]: 2019-06-26 11:15:49 SMTP connection from [80.149.153.xxx]:35070 (TCP/IP connection count = 2)
    2019:06:26-11:15:49 UTM exim-in[19123]: 2019-06-26 11:15:49 H=... (...) [80.149.153.xxx]:35070 Warning: domain.de profile excludes SANDBOX scan
    2019:06:26-11:15:49 UTM exim-in[19123]: 2019-06-26 11:15:49 [80.149.153.xxx] F=<...> R=<info@domain.de> Verifying recipient address with callout
    2019:06:26-11:15:50 UTM exim-in[19123]: 2019-06-26 11:15:50 1hg41t-0004yR-0t ctasd reports 'Unknown' RefID:str=0001.0A0B0207.5D1337C6.0012:SCFSTAT11730999,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 2019:06:26-11:15:50 UTM exim-in[19123]: 2019-06-26 11:15:50 1hg41t-0004yR-0t Greylisting: Greylisted 80.149.153.xxx 2019:06:26-11:15:50 UTM exim-in[19123]: [1\37] 2019-06-26 11:15:50 1hg41t-0004yR-0t H=... (...) [80.149.153.xxx]:35070 F=<...> temporarily rejected after DATA: Temporary local problem, please try again!

    Weitere E-Mails kamen nicht an.
    Verstehe ich das jetzt richtig, dass durch Greylisting die E-Mails abgelehnt wurde und dann auf eine erneute E-Mail gewartet wird?
    Muss der Kunde die erneut schicken oder passiert das automatisch durch die E-Mailserver?

  • Hallo Toliik,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    You are correct that greylisting causes a temporary delay and that the resend is automatic.  I haven't recommend greylisting for years, but others whom I respect do, so I'm experimenting with it again.  I saw a 2018 study where roughly 2/3 of greylisted emails were finally delivered, with 1/3 not retried - one assumes those were from spammers.  One of my clients that uses greylisting saw only 56% retried successfully so far in June.

    I had thought that the SMTP Proxy used only the triad of sending IP, sender and recipient, but I realize now that it also uses the subject.  This means that greylisting occurs after DATA, so that's after rejections for RBL, rDNS/HELO, local Blacklists, Recipient verification and SPF.  I also see ctasd reports 'unknown' in the line above the greylisted message, so we know that the temporary rejection occurs after the anti-spam tests that would result in rejection have been passed.  The advantage is that malware scans, which are expensive, are skipped unless the message is resent and accepted.

    There are situations where Exceptions for greylisting should be made such as addresses to which orders are sent where there's a cut-off time.  Also, mailing services like Constant Contact will use a different IP virtually every time a greylisted email is resent. 

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Toliik,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    You are correct that greylisting causes a temporary delay and that the resend is automatic.  I haven't recommend greylisting for years, but others whom I respect do, so I'm experimenting with it again.  I saw a 2018 study where roughly 2/3 of greylisted emails were finally delivered, with 1/3 not retried - one assumes those were from spammers.  One of my clients that uses greylisting saw only 56% retried successfully so far in June.

    I had thought that the SMTP Proxy used only the triad of sending IP, sender and recipient, but I realize now that it also uses the subject.  This means that greylisting occurs after DATA, so that's after rejections for RBL, rDNS/HELO, local Blacklists, Recipient verification and SPF.  I also see ctasd reports 'unknown' in the line above the greylisted message, so we know that the temporary rejection occurs after the anti-spam tests that would result in rejection have been passed.  The advantage is that malware scans, which are expensive, are skipped unless the message is resent and accepted.

    There are situations where Exceptions for greylisting should be made such as addresses to which orders are sent where there's a cut-off time.  Also, mailing services like Constant Contact will use a different IP virtually every time a greylisted email is resent. 

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data