Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anti Spam logs?

I am trying to find any log information as a result of "The Sophos Anti Spam Engine has blocked this Email because the sender IP Address is blacklisted" pop-over message that I see in the GUI when I hover over a REJECTED status in the mail logs. I tried the ctasd.log file as described on https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogFileDetails/index.html but nothing useful in there and certainly not a log of the anti-spam processes as they are whacking email from important contacts. I used WinSCP to access the log files directly and I have been going through them and haven't found anything that helps me. I need to know the failed sender ip address, the sender fqdn, and the blacklist that generated the failure. When important contacts start getting this error I need to be able to let them know why their messages are failing to get through so their network admins can fix the problem. I know I can whitelist around the rbl checks but I prefer to be a good citizen and let people know they have an issue that needs to be addressed. It also helps when explaining to my users what is happening.

I started using WinSCP to access the logs because the tools at the command line on my box don't work as described in  https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/index.html or https://support.sophos.com/support/s/article/KB-000035834?language=en_US. I am running XG210 (SFOS 18.5.2 MR-2-Build380). I also can't stand vi as a file editor/viewer. I just don't all moist and throbbing when firing up vi like true geeks do. I would much prefer to have nano as an option.



This thread was automatically locked due to age.
  • I found the log that shows the blacklisted errors, it is SMTPD_reject.log. I was being through off and searching the anti spam logs because the error message in the gui said anti spam, not smtp reject. A clearer description of where we can find the details would have been more helpful.

    On the upside I found that using WinSCP is the fastest way to gain useful access to the logs. The command line is an undocumented swamp.