Today I had a problem that almost all incoming emails were being listed as rm blacklist by Sophos XG450 (SFOS 18.0.5 MR-5-Build586) in MTA mode, analyzing some were clearly wrong, like Gmail senders.Analyzing, I removed the use of the RBL "Standard RBL Services", I know that these can have false positives, but I've been using them for months and without major problems, but now I was, as I said, blocking practically everything, when removing, normalized the receipt.
I would like to know how to know in which blacklist sophos made that the sender's IP is listed, I tried some options, but without success, such as smtp DEBUG, it did not show the information I need.
For example in MTA with postfix that makes use of RBL, it informs which Blacklist was listed.
Is it possible to get this information? Because I want to know if any RBL used there is "bad" or Sophos not being able to make the query and avaba generating false-positive.
I found information about awarrensmtp.log but just how to make it populated by logs...
Hi Carlos,Sophos Firewall provides two RBL lists under the Email > Address Group: 1.) Standard RBL Services - dnsbl-1.uceprotect.net2.) Premium RBL Services - bl.spamcop.netSo you may not be able to list of IP addresses or domains from this databases, but you can at least know in which database this domains are flagged, with sites like mxtoolbox or DNSRBL..etcYou can add your customized address group, you can apply RBLs for spam protection. When Sophos Firewall finds a match for the connecting IP address, it applies the action specified in the SMTP policy.
Thanks & Regards,
Vivek Jagad | Technical Account Manager 3 | Cyber Security EvolvedSophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
You can check on IP reputation from Sophos Labs: https://www.sophos.com/en-us/labs