Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 3060 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam filter not working, incoming e-mails not in SMTP log

0xDECAFBAD

I'm not sure when, but a couple-ish weeks ago I noticed a lot of spam e-mails coming in. I checked the SMTP logs and I don't see any incoming e-mails being logged even though the UTM seems to be relaying them to the internal e-mail server. I see random connections from addresses such as:

019:06:14-09:50:56 utm exim-in[5528]: 2019-06-14 09:50:56 SMTP connection from [107.170.202.224]:34776 (TCP/IP connection count = 1) 2019:06:14-09:51:00 utm exim-out[25083]: 2019-06-14 09:51:00 Start queue run: pid=25083 2019:06:14-09:51:00 utm exim-out[25083]: 2019-06-14 09:51:00 End queue run: pid=25083 2019:06:14-09:51:06 utm exim-in[25079]: 2019-06-14 09:51:06 TLS error on connection from [107.170.202.224]:34776 (SSL_accept): error:00000000:lib(0):func(0):reason(0) 2019:06:14-09:51:06 utm exim-in[25079]: 2019-06-14 09:51:06 TLS client disconnected cleanly (rejected our certificate?)

And I see outgoing e-mails being relayed but incoming e-mails aren't showing up in the log. Any ideas why this would be?



This thread was automatically locked due to age.
Parents
  • 0

    It sounds like you have activated a DNAT that forwards the inbound traffic.  See #2 in Rulz (last updated 2019-04-17).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I didn't touch my DNAT rules before the spam filter stopped working. I've gone through my DNAT rules a bunch of times and the only e-mail related rules are for IMAP. I don't remember making any changes recently to my UTM configuration. I just started getting a lot of penis pill e-mails and went to investigate and it looks like incoming e-mails just randomly stopped getting inspected May 15th. Is there a config file I can look at though SSH to make sure the web interface isn't lying to me about my DNAT rules?

Reply
  • 0 in reply to BAlfson

    I didn't touch my DNAT rules before the spam filter stopped working. I've gone through my DNAT rules a bunch of times and the only e-mail related rules are for IMAP. I don't remember making any changes recently to my UTM configuration. I just started getting a lot of penis pill e-mails and went to investigate and it looks like incoming e-mails just randomly stopped getting inspected May 15th. Is there a config file I can look at though SSH to make sure the web interface isn't lying to me about my DNAT rules?

Children
No Data
Unfiltered HTML