This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All mobile outlook devices just went down

All Microsoft Outlook mobile clients went down and report 403 or 502.

We are getting this error:

2019:12:01-15:53:31 firewall httpd: id="0299" srcip="40.101.68.21" localip="[redacted]" size="2535" user="-" host="40.101.68.21" method="OPTIONS" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1835" url="/Microsoft-Server-ActiveSync" server="[redacted]" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="[redacted]"

As you can see, Cyren is suddenly announcing ALL of Microsoft as High Risk.

First thing I did was uncheck "Use recommened RBL". I thought that would stop this check, it didn't.

Next I added the Microsoft Outlook subnets to the SMTP RBL exceptions table. That ALSO had no effect.

I'm at a loss now.

This thread was automatically locked due to age.

0 Remuflon over 4 years ago

I have access now, I had to remove the check at the WAF level. I forgot that.

But I still don't understand why Cyren is suddenly announcing all these subnets as high risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 4 years ago in reply to Remuflon

I don't know that this will work for WAF, so let us know if it helps:

/var/mdw/scripts/ctasd_inbound stop
/var/mdw/scripts/ctasd_outbound stop
mv /var/cache/ctasd /var/cache/ctasd.old
/var/mdw/scripts/ctasd_inbound start
/var/mdw/scripts/ctasd_outbound start

Cheers - Bob
PS Should I move this thread from the Email Protection forum to the Web Server Security forum?

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel