Getting "Spam filter cannot query"

In the past the issue was a Sophos side, not my side.  Is this true again?  I can still browse so the firewall can get out port 80 just fine.

 

"

The spam filter daemon is unable to reach the database servers via HTTP. Please make sure that the device is able to send HTTP (TCP port 80) requests to the Internet. You may have to allow such traffic on upstream devices.

--"

 

https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/101402/warn-129-spam-filter-cannot-query-database-servers

  • Did have these notifications today too. So we’re two at least.

    Best regards

    Alex

  • Same issue here so that is 3

  • I can confirm this too. I receive the error message at a few customer UTMs...

     

  • Getting hammered by multiple customer servers. What's going on?

  • Getting the same issue here too, flooded since 19:30 GMT+10 yesterday, lots of SPAM getting through too

  • In reply to ChrisBailey:

    same problem here in Germany.

    System Version     : Sophos UTM 9.604-2

    First E-Mail:  Fr. 09.08.19 - 13:04 Uhr

     

    Update Firewall Fr. 09.08.19 - 23:00 Uhr

    the problem ist still there:

    The spam filter daemon is unable to reach the database servers via HTTP. Please make sure that the device is able to send HTTP (TCP port 80) requests to the Internet. You may have to allow such traffic on upstream devices.

    --

    System Uptime      : 0 days 9 hours 43 minutes

    System Load        : 0.10

    System Version     : Sophos UTM 9.605-1

     

    Please refer to the manual for detailed instructions.

  • I can only add +1 (and it also began on Friday afternoon, German time).

  • Ports and URLs used by UTM:

    https://community.sophos.com/kb/en-us/126576

    Commtouch AS iprep%d.t.ctmail.com
    resolver%d.ast.ctmail.com
    80, 443  Anti Spam Scanner

    Commtouch is Cyren.

    Cyren, the external Anti SPAM Provider messed up with their DNS.

    https://status.cyren.com

    "an incorrect NS record for the domain ctmail.com started to propagate to DNS servers worldwide"

     

    Suggested action: Flush Sophos UTM DNS Cache

    Webadmin: Network Service / DNS click FlushResolverCache

     

    Our customers UTMs having problems again since 10.08.2019 03:00 again. Probably Cyren reversed some DNS manipulations again. That causes DNS Cache trouble on the UTMs again.

    I don't like that the UTM has problems with changing DNS registrations that it does not take notice of because it relies on it's old cached DNS entries....

  • In reply to SWeissflog:

    Same here.. getting these the whole day..

  • In reply to LUHEZ:

    Thanks for the update, but still no joy after the flush, guess I'm just going to have to wait for the DNS to propagate

  • In reply to ChrisBailey:

    This only hit one of my clients in the USA.  The last such message from their UTM came in 8 hours after the last post above mine here, so perhaps all is now well...

    Cheers - Bob