This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why Sophos UTM not sending emails out

Hello Guys. Few days ago I had an issue with my internet resulted in changing my static IP. No since I've received a new IP I've updated my external DNS. 

However since my IP has changed I no longer able to send out emails from my UTM. I have mailenable which is relaying to UTM. From logs I can see UTM accepts relaying from my mailenable server but emails get spooled and see this in the logs:

 

2019:02:28-22:14:00 sukafun-utm smtpd[5343]: MASTER[5343]: Action: Forcing delivery process for 1gzMQI-000BCR-0t
2019:02:28-22:15:00 sukafun-utm exim-out[43216]: 2019-02-28 22:15:00 Start queue run: pid=43216
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SSL_write: (from [192.168.7.77]:999) syscall: Connection timed out
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SSL_write error 5
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SMTP timeout while connected to mail-tester.com [94.23.206.89] after sending data block (25910 bytes written): Connection timed out
2019:02:28-22:16:19 sukafun-utm exim-out[41491]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl == test-3tjbp@mail-tester.com R=dnslookup T=remote_smtp defer (110): Connection timed out: SMTP timeout while connected to mail-tester.com [94.23.206.89] after sending data block (25910 bytes written)
2019:02:28-22:16:20 sukafun-utm exim-out[43418]: 2019-02-28 22:16:20 1gzKXM-0008JN-HK == test-37cxi@mail-tester.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2019:02:28-22:16:20 sukafun-utm exim-out[43422]: 2019-02-28 22:16:20 1gzKP8-00083Z-Gr == test-37cxi@mail-tester.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2019:02:28-22:16:20 sukafun-utm exim-out[40075]: 2019-02-28 22:16:20 End queue run: pid=40075
 
 
It lets me send emails out to some domains like gmail but most of other domains not. I confirm that my ISP not blocking port 25. My UTM is connected to internet. My external DNS is correct. Tried enabling smarthost from UTM but same issue. What else should I look for? 
I receive emails fine.
 
 
Cheers
Mo


This thread was automatically locked due to age.
Parents
  • I would assume that your ISP told you wrong.

    1. Test DNS.   Can you do an MX Lookup on example.com using UTM as your recursive dns server?   Can you do a lookup on those mail server names and obtain an IP address.
    2. Test with PING and TRACERT to see if you can get through the network to those devices.   No guarantee that they respond to ping, but I expect most of them will.
    3. Test SMTP Connectivity.   Use the Microsoft Telnet client and try to "telnet mail.example.com 25".   If you do not get any response, you are getting blocked.   If you use Wireshark to monitor your test traffic, you may even see a reply packet that says "administratively blocked"

    Of course, once you get connectivity solved, you have to get past the spam filters at the receiving end.   Have you updated your MX record in DNS?  Have you checked your domain and IP reputation using MXToolbox.com ?

  • Hey Douglas. Thanks for your response.

    For 1, 2, 3 I've no issues. Already tested but have not tried wireshark yet.

    For my external DNS has been updated. My mx record points to mail.mydomain.com.

    If my ISP blocking port 25 I wouldn't be able to email out anything but some emails go through.

     

    Any ideas what else could it be?

  • There has to be a configuration error.   The timeout indicates a delivery problem, not a traffic rejection problem.   The delivery problem implies a routing problem or a traffic filter.   If it was a rejection problem, the sending hardware would not matter.

    Does UTM connect directly to the Internet, or is there a home router in the configuration?   If you have another firewall, maybe there is a configuration problem on it.

    Reboot your UTM.  That step has fixed a variety of strange unexplained problems for other users in this forum.

    Check all of your SNAT/NAT/DNAT rules, there may be one that was not updated for the new IP address.

    Disable Country Blocking, to see if that has an effect.

    Check ALL (30 or so) of your UTM logs, looking for clues.

  • No router or firewall before UTM other than a modem which is on bridged mode. Firewall is disabled on it though. Modem firmware is on latest. UTM is on latest firmware. UTM is virtualized on Hyper-V. 

     

    I've couple of DNAT rules for my plex and my RDS portal. 

    In my firewall currently I'm allowing any to any and putting rule in top. Country filtering isn't configured.

     

     

    What UTM logs to check other than mail logs? As you can see I've done two tests, one is sending to my work email and one to my personal email.

     

    To my work email which went through:

    2019:03:03-13:43:17 sukafun-utm exim-in[5505]: 2019-03-03 13:43:17 SMTP connection from [192.168.7.77]:56087 (TCP/IP connection count = 1)
    2019:03:03-13:43:17 sukafun-utm exim-in[12644]: 2019-03-03 13:43:17 [192.168.7.77] F=<mo@sukafun.com> R=<mhassan@ahg.com.au> Accepted: from relay
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B spam acl condition: cannot parse spamd output
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B H=mail.sukafun.com [192.168.7.77]:56087 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56087 P=esmtp S=25438 id=001e01d4d1c6$f71ade50$e5509af0$@sukafun.com
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 SMTP connection from mail.sukafun.com [192.168.7.77]:56087 closed by QUIT
    2019:03:03-13:43:29 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Ju9-0003Hw-0B moved to work queue
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0JuM-0003I5-CI <= mo@sukafun.com R=1h0Ju9-0003Hw-0B P=INPUT S=24705
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="mhassan@ahg.com.au" subject="to my work email" queueid="1h0JuM-0003I5-CI" size="24705"
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B => work R=SCANNER T=SCANNER
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B Completed
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI => mhassan@ahg.com.au P=<prvs=096549b862=mo@sukafun.com> R=dnslookup T=remote_smtp H=mx1.ahg.com.au [103.44.101.111]:25 C="250 ok: Message 95638830 accepted"
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI Completed
     
     
     
    To my personal email which got spooled:
     
    2019:03:03-13:45:49 sukafun-utm exim-in[12799]: 2019-03-03 13:45:49 [192.168.7.77] F=<mo@sukafun.com> R=<sukafun@hotmail.com> Accepted: from relay
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 spam acl condition: cannot parse spamd output
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 H=mail.sukafun.com [192.168.7.77]:56204 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56204 P=esmtp S=25444 id=002d01d4d1c7$5216f3c0$f644db40$@sukafun.com
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 SMTP connection from mail.sukafun.com [192.168.7.77]:56204 closed by QUIT
    2019:03:03-13:46:02 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Jwb-0003KR-32 moved to work queue
    2019:03:03-13:46:10 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jww-0003L1-I7 <= mo@sukafun.com R=1h0Jwb-0003KR-32 P=INPUT S=24705
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="sukafun@hotmail.com" subject="to my personal email" queueid="1h0Jww-0003L1-I7" size="24705"
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 => work R=SCANNER T=SCANNER
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 Completed
    2019:03:03-13:46:41 sukafun-utm smtpd[12835]: SCANNER[12835]: Nothing to do, exiting.

     

    Then from mail manager I retried to send email then I get this:

    2019:03:03-13:48:40 sukafun-utm smtpd[5426]: MASTER[5426]: Action: Forcing delivery process for 1h0Jww-0003L1-I7
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write: (from [192.168.7.77]:999) syscall: Broken pipe
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write error 5
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 hotmail-com.olc.protection.outlook.com [104.47.34.33]: Broken pipe

     

  • I've rebooted UTM already multiply times. Even restored previous back of previous UTM version thinking it's something to do with latest firmware which got released few days ago.

    I de configured mail protection fully and reconfigured it.

     

    Nothing worked.

  • Ok,

    in the last 2 tabs of the mail setup - relaying & advanced, is there anything special in there?

    Under relaying - try turning off "scan outgoing messages" and see what happens.

    I'm still not convinced that the issue lies there though due to some mail getting through.

  • in the routing tab nothing configured other than allowed hosts relay which is my mail server.

    In advanced tab nothing configured and I'm using TLS v1 or higher

     

    Unticking scan outgoing emails did not make any difference.

    I'm on simple mode email protection.

  • I also wonder about an MTU problem, although I would expect it to cause slow performance rather than timeout.    See this issue and its responses:

    https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/80230/how-to-ignore-my-isps-dhcp-mtu-of-only-576

  • Interesting..

    But isn't the MTU size under the WAN interface overrides whatever value comes from the ISP? If I go interface advanced settings I see MTU set to 1492.

    But don't you think even if the MTU is not correct then I wouldn't be able to send emails out at all?

  • Finally I've figured out why my UTM is not working!

  • C'mon then.... spill the beans...

  • After thinking outside the box I fixed it!

    I plugged in a different modem which is on bridged mode my UTM sent out emails fine. Of course I factory reset the bad modem put it back into bridged mode and it started to work ^ ^

    Just another strange one.

Reply Children
No Data