How to find out which RBl IP is listed

HI

Today I had a problem that almost all incoming emails were being listed as rm blacklist by Sophos XG450 (SFOS 18.0.5 MR-5-Build586) in MTA mode, analyzing some were clearly wrong, like Gmail senders.
Analyzing, I removed the use of the RBL "Standard RBL Services", I know that these can have false positives, but I've been using them for months and without major problems, but now I was, as I said, blocking practically everything, when removing, normalized the receipt.

I would like to know how to know in which blacklist sophos made that the sender's IP is listed, I tried some options, but without success, such as smtp DEBUG, it did not show the information I need.

For example in MTA with postfix that makes use of RBL, it informs which Blacklist was listed.

Is it possible to get this information? Because I want to know if any RBL used there is "bad" or Sophos not being able to make the query and avaba generating false-positive.

I found information about awarrensmtp.log but just how to make it populated by logs...

Thanks.

Regards;



Edited TAGs
[edited by: emmosophos at 6:10 PM (GMT -7) on 12 May 2022]
Parents
  • Hi Carlos,

    Sophos Firewall provides two RBL lists under the Email > Address Group: 

    1.) Standard RBL Services - dnsbl-1.uceprotect.net
    2.) Premium RBL Services - bl.spamcop.net

    So you may not be able to list of IP addresses or domains from this databases, but you can at least know in which database this domains are flagged, with sites like mxtoolbox or DNSRBL..etc

    You can add your customized address group, you can apply RBLs for spam protection. When Sophos Firewall finds a match for the connecting IP address, it applies the action specified in the SMTP policy.

    Thanks & Regards,

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi Carlos,

    Sophos Firewall provides two RBL lists under the Email > Address Group: 

    1.) Standard RBL Services - dnsbl-1.uceprotect.net
    2.) Premium RBL Services - bl.spamcop.net

    So you may not be able to list of IP addresses or domains from this databases, but you can at least know in which database this domains are flagged, with sites like mxtoolbox or DNSRBL..etc

    You can add your customized address group, you can apply RBLs for spam protection. When Sophos Firewall finds a match for the connecting IP address, it applies the action specified in the SMTP policy.

    Thanks & Regards,

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children