Hello Community,in the meantime, we are receiving more and more complaints from our customers that too many emails are no longer arriving.I have noticed that many previously problem-free and unblocked emails are blocked by RBLs.After I removed the RBLs, all "correct" emails come through again.This problem first occurred about four weeks ago.I am wondering why the RBLs are suddenly sporadically rejecting emails that have been coming through flawlessly for years.Has anyone else here encountered such a problem?
Concerns various SOPHSO XG and XGS models.
Hello Michael Großmann,Thank you for reaching out to the community, so may we know were you using the pre-defined RBLs such as standard & premium RBLs OR you are using any custom ?> Address group: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/AddressGroup/index.html> Add an address group: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/AddressGroup/EmailAddressGroupAdd/index.html
Thanks & Regards,
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
we're using only the two pre-defined premium RBLs.
And have you checked if your ISP is not blacklisted ? mxtoolbox.com/blacklists.aspx
I checked the IP addresses of the sending email servers. None of them were blacklisted.Again for clarity:Customer-Email->via SMTP->Our Firewall (MTA)->Our Exchange Server.And we have three tenants, each with a policy in which the RBLs are entered.And please don't forget that the problem was reported to several customers of ours, as some important emails went through sometimes and sometimes not.The complaints went away immediately when I removed the RBLs, and I didn't see any more blocks in the SMTP log.
Overall, this is getting a bit annoying as customers are now complaining that so much crap is ending up in quarantine. And there is no preview at this point either (as I learned that this is only available with the UTM). All in all, it's a pity, since customers pay for the SMTP module. And switching customers to SOPHOS Central Email is not really an option at the moment.
Would request you to raise a sophos support request and get this further investigated !!
Please give me some more time, I have just re-integrated the RBLs and am running the log as you described.
Yes, of course I checked whether the blocked addresses were on a block list - which they were not.
I find it interesting that the same email senders sometimes went through and sometimes were blocked.
If that was due to the RBLs, then the whole world would have a problem with it.
Case #05589257 opened
I just found your request, since we have the same issue since 3 days.First, we tried to create exceptions with disabling IP Reputation and Greylisting. But that did not help.
Disabling SPAM-Protection works. But that is not the solution, it's only a fu%&$ workaround.We don't use the predefined RBLs "Premium RBL Services" or "Standard RBL Services". We use custom RBLs.
We also checked if all the senders are blacklisted, which they are not! We checked at our custom RBLs as well as mxtoolbox.com.
Do you have any new informations yet ?
I have unchecked "Reject based on RBL" in all policies under "Spam protection". Otherwise are still checked (active):- Check for inbound spam- Reject based on BATV- Reject based on SPF
So it seems to work without problems. However, now you get a lot more crap in the quarantine, which the customers don't find so funny either.
For the "bad" countries I have set up a country blocking anyway, so that the really bad crap doesn't arrive at all. ;)
Otherwise there is no news yet, SOPHOS support is working on it.
Hi Christian, Hi Michael
i have the same problem since 3 weeks. Many incoming E-Mails will be blocked by rbl. My exception list has more then 100 entries. Only one RBL is active: zen.spamhaus.org. The same email senders sometimes went through and sometimes were blocked.
I'm waiting for a responce of sophos support for over1 week.
Since we had the 3rd party RBLs running (cbl.abuseat.org and spamhaus.org), I changed them to "Premium RBL Services" and "Standard RBL Services". We'll investigate and give feedback tomorrow.
This is a hint from SOPHOS Support:
I removed Spamcop from Premium RBL and I will now observe what happens. :)
our attempt with changing the RBL-lists did not help. We switched from the old entries (cbl.abuseat.org and spamhaus.org) to new ones (Premium RBL Services and Standard RBL Services). Premium RBLs are defined with "bl.spamcop.net" and Standard RBLs are using "dnsbl-1.uceprotect.net".
In the night, new mails were blocked because of IP blacklisting.
I checked the IP and domain manually on the new RBLs and they are NOT LISTED.
so no new insights yet...
so far I have only "dnsbl-1.uceprotect.net" active on two of three policies (customers), the third policy (is critical if there emails do not arrive) I have just activated. So far I have not noticed any anomalies, but will monitor it closely.
I switched RBL from "xen.spamhaus.org" to "dnsbl-1.uceprotect.net" and the emails arrive now without any problems. I have only one RBL active. Unfortunately more SPAM is coming through at the moment. But everything is better than no mail at all.