Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Emails being blocked by hydra.sophos.com

We host web and email services on a VPS for our clients in the UK.

We have recently discovered an issue with sending emails from our server to anyone whose email is on hydra.sophos.com.

Such emails are blocked with a “connection refused” message. Here’s an example:

LOG: MAIN
  cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1olqdj-0005dp-Fi
delivering 1olqdj-0005dp-Fi
LOG: MAIN
  Sender identification U=exampleuser D=example.com S=user@example.com
Connecting to mx-01-eu-west-1.prod.hydra.sophos.com [54.154.243.143]:25 ...  failed: Connection refused
LOG: MAIN
  H=mx-01-eu-west-1.prod.hydra.sophos.com [54.154.243.143] Connection refused
Connecting to mx-01-eu-west-1.prod.hydra.sophos.com [52.19.208.181]:25 ...  failed: Connection refused
LOG: MAIN
  H=mx-01-eu-west-1.prod.hydra.sophos.com [52.19.208.181] Connection refused
Connecting to mx-01-eu-west-1.prod.hydra.sophos.com [52.210.37.46]:25 ...  failed: Connection refused
LOG: MAIN
  H=mx-01-eu-west-1.prod.hydra.sophos.com [52.210.37.46] Connection refused
LOG: MAIN
  == person@recipientdomain.com <person@recipientdomain.com> R=dkim_lookuphost T=dkim_remote_smtp defer (111): Connection refused
LOG: MAIN
  cwd=/var/spool/exim 8 args: /usr/sbin/exim -v -t -oem -oi -f <> -E1olqdj-0005dp-Fi
LOG: MAIN

We have checked our IP with the SophosLabs IP Address Classification Lookup tool at https://www.sophos.com/en-us/threat-center/ip-lookup which shows that our IP address:

"is not currently classified by SophosLabs as a potential spam source. If you received a reject message with a link to this page, your IP address may have subsequently been removed from our list."

However, despite this, it still appears that our IP is being blocked by Sophos somewhere.

We know of no reason why this should be: we have a good reputation, we are not on any blocklists (as confirmed by MXToolbox and VirusTotal) and we are not having any issues with any other email hosts.

How do we get our IP address removed from any blocklists used by Sophos?



Added tags
[edited by: Raphael Alganes at 2:05 AM (GMT -7) on 7 Jun 2023]