This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bounced test emails to both Yahoo and gmail accounts: "Email has been accepted by Device and queued for scanning."

Hi all. I have been testing the XG 19.5 GA and 19.0 MR release and so far have run into a few problems. After I setup email alerts for system notification, the XG was able to send out out a few test emails that was successfully sent (according to the email log, to my Yahoo email account. Then for whatever reason, now all emails are not sent and instead is stuck in the queue, and the Email>Mail logs indicate that the test emails have bounced.

I have followed the advice of other users who say to switch the email mode from MTA to legacy mode and the emails still get stuck in "QUEUED"

The email log states: Email has been accepted by Device and queued for scanning

2023-01-28 23:16:03Emailusergpid="0" messageid="18035" log_type="Anti-Spam" log_component="SMTP" log_subtype="Allowed" status="" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" user="" policy_name="None" sender="email@XXXXXX.com" recipient=XXXXXX@gmail.com" subject="Test Mail" message_id="1pLz6p-0003fM-1A-1674965763" email_size="934" action="QUEUED" reason="Email has been accepted by Device and queued for scanning." host="sophosxg.com" domain="" src_ip="127.0.0.1" src_country="R1" dst_ip="" dst_country="" protocol="TCP" src_port="55188" dst_port="0" bytes_sent="0" bytes_received="0" quarantine_reason="Other" src_zone="" dst_zone="" app_name=""

I had email alerts working with no issue on the UTM to the same email address but I cannot figure out where the issue is on the XG.

I performed a complete reinstall of the XG using mostly the default firewall configuration. There are no IPS/web filtering logs to see.

There's a few tutorials on setting the email notifications to use gmail with an App password. I could try that instead but am just  wondering  what is causing these emails to bounce. 



This thread was automatically locked due to age.
Parents Reply Children
  • Yes - i remember, why UTM does actually work in this scenario.

    UTM uses per default a old DNS entry, which is not configured. This means, the pre defined Email Address is not a domain, which is registered and therefore you "could" send Emails from this domain, if the other peer does not check for the entries.

    Now you started on SFOS to send emails from sophosxg.com, which you are likely not the owner. https://mxtoolbox.com/SuperTool.aspx?action=mx%3asophosxg.com&run=toolpage 
    Yahoo noticed this spoofing and list you on blacklists. 

    UTM uses this domain: do-not-reply@fw-notify.net which is not registered. So basically if you would use the same email address to send notifications, it should work (based you can get your IP from the spam list). 

    __________________________________________________________________________________________________________________

  • LuCar I did not consider that. No wonder why I am on the email blacklists. Also I disabled the limitations for the amount of emails sent from the XG, and from the TCPDUMP it looks like the XG is attempting to send them multiple times, and the emails that were successfully sent were sent to my spam folder on top of it. I basically know very little about SMTP but in the SMTP field I was not sure what to put, but several sites recommended using smtp.mail.yahoo.com

    My DDNS subdomian is also on a few blacklists with sorbs and spamhaus. I'm looking into it right now. I think the best case is wait for my IP address to change then create a new DDNS subdomain, or try to have the DDNS removed from the blacklist.

  • I don't know if this something I am doing wrong, but what is happening is that the XG is somehow able to send emails to my Yahoo account on it's own, but not if I use the "test" option.

    Example, the XG sent out an email to my Yahoo account right now when it booted up telling me the interface was back up. In the email log it shows it was Queued, then sent 30 seconds later. then when I "Test", it bounces. even when using "do-not-reply@fw-notify.net"

    I created a whole new email account at mail.com, and was able to send emails from various email test sites on the internet. So far so good, but when I again "test" the email in the XG, I receive a bounce message with the error "IP address is block listed. Your emails have been rejected because the sending server's IP address was listed on a Spamhaus.org blocklist. Exceptions are not possible.

    On further investigation, it seems that my ISP is not fond of users running their own mail servers and sends entire blocks of user IP addresses to these blocklists.

    You can read for yourself how ridiculous this is:

    Outbound Email policy of Charter Communications for this IP range

    It is the policy of Time Warner Cable/Road Runner to share with other entities lists of our dynamic IP address space. While Time Warner Cable/Road Runner does not currently forbid customers from sending out mail directly from such space, it recognizes that others may wish to refuse mail from such space, and so Time Warner Cable/Road Runner makes that space known to others to facilitate their enforcement of their policies.

    Customers finding their mail refused by others due to a PBL listing should send their outbound mail through the outbound mail server designated for them; please refer to your provider's support for help with this.

    Removal procedure

    Removal of IP addresses within this range from the PBL is not allowed by the netblock owner's policy.

  • I gave up on using the XG as the mail server (ISP "hard blocks" dynamic IP addresses apparently) and followed the steps for sending the emails using gmail's SMTP. After a few minutes it began working and sent out all the emails that were queued to my email.com address successfully.

    One step closer to migrating from UTM to XG. Also the DDNS updater in the XG seems to be  more reliable compared to the UTM which is known to have issues with DDNS updates, since many people have reported the "no update has been attempted" bug.