Mail Being blocked as SPAM

Hi,

We run a UTM9 (virtual appliance) and have many customers using hardware SG appliances.  This afternoon we have have many reports of email issues, with sending and receiving from a variety of company addresses and gmail.com / hotmail.com domains.

According to the mail manager all of the emails are being dropped as confirmed spam.  Is this a dodgy pattern update?

Internally we are currently on FW 9.601-5 and pattern 161467.

I have switched reject at smtp time to off and emails are now getting quarantined.  Have logged a support call with Sophos via email and am in the phone support queue.

Any one else experiencing this?

Rgds

Asim

  • Yes this is a known issue, dodgy pattern update as you suggested.

  • Hi

     

    I am having exact same problem at several customers with UTM(9)

    I have had to disable all spam options.

     

    Rgds

     

    Simon

  • In reply to JonathanMarsden:

    We're also experiencing this - 95% of emails are going down as confirmed spam due to "ctasd reports 'Confirmed" - having to manually release emails at the moment. Anyone any idea on a fix eta?

  • Thanks Guys,

    Just had an update to my ticket from Sophos that they are aware of it and working on it.  I will be sending them some sample emails.

    Have quite a few clients using these - not too keen on fully disabling antispam!

    Rgds

    Asim

  • In reply to cmyk_asim:

    Been on phone queue for last hour - now given up on the basis of this post.

     

    I've turned off my Reject at SMTP time: and turned my Spam action to off as it started trapping emails rather than reject them.

     

    Not the best, but lots of users shouting for emails

  • In reply to Graham Davey:

    Any updates on this? manually releasing emails is very tedious! not willing to turn off antispam.

  • In reply to Daniel Tye:

    Spent 50 mins waiting for Sophos support (it has to be the worst in the business and the hold music wants me to stab a fork in my head)

    End result is it’s an issue with a A third party Spam that they use. They have had an issue today with .co.uk domain as some servers went down.

    Issue is that I checked their status page and they say it’s all good.

    It’s on my wok machine but it was someone like Cyana?

  • In reply to PeterWeir:

    That’s them

    Do you get reason=“as” in the smtp log

  • In reply to Daniel Tye:

    Not really. On checking our mail flow this morning, it still seems to be a problem.

     

    I've now set a flag to say *Possible Spam* to give a warning to my users and it allows me to see what is being flagged as Spam

     

    We get too many mails for me to sit releasing them all day.

  • In reply to Graham Davey:

    According to their advisory:

    https://community.sophos.com/kb/en-us/134082

     

    the issue should be resolved now - but I'm not seeing it either.  All test messages still being causght as confirmed spam.

     

    Pattern version is showing as newer: 161486 but still problems by the looks of things.

  • In reply to cmyk_asim:

    We're on pattern 161487 and still seeing the issues.

  • In reply to Daniel Tye:

    Ditto with 161487

     

    Finally got through to tech support and they wanted to run the remote support software which I heard as 123.com. Unfotunately, the accent was very strong and this web page resulted in a page of Asian symbols.

     

    Tried booting up another machine and, after more difficulties in understanding, he "disappeared".

     

    I appreciate support must have been a touch busy since yesterday but I'm somewhat miffed.

  • In reply to Graham Davey:

    I had a response to my e-ticket a short while ago saying the issue is now resolved.  I have replied to let them know the issue is still occuring. 

    If anyone does manage to get a breakthrough/fix (other than disabling antispam) an update on here would be appreciated :)

  • In reply to Graham Davey:

    Same here, 161487 is still causing these errors for us

  • running pattern 161489 still getting the issue.

    issue has been only been on replies not initial emails coming in...