Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 38 subscribers
  • Views 3234 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bounced test emails to both Yahoo and gmail accounts: "Email has been accepted by Device and queued for scanning."

alan weir

Hi all. I have been testing the XG 19.5 GA and 19.0 MR release and so far have run into a few problems. After I setup email alerts for system notification, the XG was able to send out out a few test emails that was successfully sent (according to the email log, to my Yahoo email account. Then for whatever reason, now all emails are not sent and instead is stuck in the queue, and the Email>Mail logs indicate that the test emails have bounced.

I have followed the advice of other users who say to switch the email mode from MTA to legacy mode and the emails still get stuck in "QUEUED"

The email log states: Email has been accepted by Device and queued for scanning

2023-01-28 23:16:03Emailusergpid="0" messageid="18035" log_type="Anti-Spam" log_component="SMTP" log_subtype="Allowed" status="" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" user="" policy_name="None" sender="email@XXXXXX.com" recipient=XXXXXX@gmail.com" subject="Test Mail" message_id="1pLz6p-0003fM-1A-1674965763" email_size="934" action="QUEUED" reason="Email has been accepted by Device and queued for scanning." host="sophosxg.com" domain="" src_ip="127.0.0.1" src_country="R1" dst_ip="" dst_country="" protocol="TCP" src_port="55188" dst_port="0" bytes_sent="0" bytes_received="0" quarantine_reason="Other" src_zone="" dst_zone="" app_name=""

I had email alerts working with no issue on the UTM to the same email address but I cannot figure out where the issue is on the XG.

I performed a complete reinstall of the XG using mostly the default firewall configuration. There are no IPS/web filtering logs to see.

There's a few tutorials on setting the email notifications to use gmail with an App password. I could try that instead but am just  wondering  what is causing these emails to bounce. 



This thread was automatically locked due to age.
  • 0

    Check the tcpdump / packet filter on port 25. You are using the MTA for sending emails. This can cause issues, if the yahoo is not accepting this email. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks... I will try purely with legacy mode. I popped my other hard drive back in and am using the UTM now. I have both UTM/XG set to the same default gateway so all my devices operate with the same IP address when switching back and forth for troubleshooting.

    It looks like the "default_Network" firewall  rule is configured to allow "any service" outgoing. I will try tomorrow when I switch back to the XG drive.

  • 0 in reply to LuCar Toni

    I have tried sending the test email with legacy mode, I am still receiving the same error. Queued for scanning, and bounced. I'm sure setting up email alerts with gmail following the tutorial using the app password will work but want to avoid having to input app passwords into the firewall.

  • 0 in reply to alan weir

    The point is: Using MTA Mode, the firewall will interact as a MTA to Yahoo. It will build up a Port25 connection and try to send the email to Yahoo. Most likely your firewall does not have any kind of correct configuration setup for an MTA (SPF record, hello, ehlo etc.). So likely the peer (yahoo) will deny the email. 

    Check the tcpdump for information about the connection on port 25. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Can you explain the difference between why sending emails when using the UTM "just works" and why doing the same on the XG is so difficult and requires a TCP dump?

  • 0 in reply to alan weir

    Essentially it should work. Hence you should investigate why it does not. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Ok, I will switch back to the XG and do some more testing , I'm doing it little by little until I can be sure I can migrate completely with everything in working order.

  • 0 in reply to alan weir

    I performed a tcpdump while sending the test email. I hovered over the alert and this is what it says

    The error codes "553 5.7.2 (TSS09) suggest that my IP address is on a blocklist.

  • 0 in reply to alan weir

    Yep, my IP is blacklisted by Spamhaus. 

  • 0 in reply to alan weir

    Yes - i remember, why UTM does actually work in this scenario.

    UTM uses per default a old DNS entry, which is not configured. This means, the pre defined Email Address is not a domain, which is registered and therefore you "could" send Emails from this domain, if the other peer does not check for the entries.

    Now you started on SFOS to send emails from sophosxg.com, which you are likely not the owner. https://mxtoolbox.com/SuperTool.aspx?action=mx%3asophosxg.com&run=toolpage 
    Yahoo noticed this spoofing and list you on blacklists. 

    UTM uses this domain: do-not-reply@fw-notify.net which is not registered. So basically if you would use the same email address to send notifications, it should work (based you can get your IP from the spam list). 

    __________________________________________________________________________________________________________________

Unfiltered HTML