This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recipient verification failing

We've had several problems receiving mails from different domains lately (all delivered to our UTM (primary MX-record) and all to be routed to another host (mostly Office365)).

Today I went for a more thorough search and found out that whenever I have Recipient verification (with callout) selected, which has always been selected in the past, it fails with a lot of addresses (all valid) hence the mail is simply rejected.

Here's what is shown in the logfile (masked real mailaddresses):

2018:07:12-23:18:48 utm-2 exim-in[26983]: 2018-07-12 23:18:48 [209.85.161.171] F=<***@gmail.com> R=<***@p***.**> Verifying recipient address with callout
2018:07:12-23:18:48 utm-2 exim-in[26983]: 2018-07-12 23:18:48 TLS error on connection from mail-yw0-f171.google.com [209.85.161.171]:34565 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

 

When I set to No verification, mails are allowed and routed to the external mailbox correctly.

The fail is also seen when using https://www.checktls.com/TestReceiver for sending to a mailaddress. Once no verificiation is setup this site also gets a "OK".

Is there some reason verification is failing? 



This thread was automatically locked due to age.
Parents
  • Seems that your mail server is handled by google servers. The verification process is UTM-Google.  

    Try to search here in forum or Google to make "google smtp less secure" or even trust your UTM IP by Google

  • No, this was a gmail account sending mail to my mailaddress behind UTM (which is from the UTM again forwarded to Office365).

    In the past there was no problem in recpient verification, but it seems right now there is a problem. Strange thing is this problem doesn't occur from every source, gmail is just one of the sources that doesn't work, but there are others also not working. When it fails it always seems to fail on recipient lookup and then when no positive lookup occurs, no mail is accepted and the sending party gets a message that delivery is postponed (however in case of gmail, this message appears hours after the mail was sent).

    For now I have just disabled recipient lookup and everything seems fine, but there is of course a reason that this is not recommended.....


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Just curious - what is the benefit of using the SMTP Proxy with Office 365?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
  • BAlfson said:

    Just curious - what is the benefit of using the SMTP Proxy with Office 365?

    Cheers - Bob

     

    Whenever UTM is the MX record for the domain, I get all checks (spam, malware, sandstorm) before sending it to O365. Also users get a daily quarantine mail from UTM and they can easily click in this mail for releasing mails from quanrantine. In O365 is this a lot harder (for the end user).


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.