sophos dns protection breaks rbl - 5000 mails lost

Sophos22 7 days ago

used sophos dns protection as dns server in sophos firewall with mail security with rbl servers.

all mails are rejected because dns protection cannot handle rbl request.

well done sophos ... sorry ... that is ***.

0 LuCar Toni 6 days ago

Thats an odd statement. Do you mean, the DKIM break?
Rejected by what?

__________________________________________________________________________________________________________________
- 0 Sophos22 6 days ago in reply to LuCar Toni
  
  An RBL (remote block list or realtime blackhole list), also called a DNS-based blacklist or block list, is a spam-fighting tool.
  - 0 LuCar Toni 6 days ago in reply to Sophos22
    
    Ok: What RBL did you add to the product and failed with SFOS?
    
    __________________________________________________________________________________________________________________
  - 0 Sophos22 6 days ago in reply to LuCar Toni
    
    [accountid].zen.dq.spamhaus.net
  - 0 LuCar Toni 6 days ago in reply to Sophos22
    
    Can you send me your Account ID via PN?
    
    __________________________________________________________________________________________________________________
  - 0 LuCar Toni 6 days ago in reply to LuCar Toni
    
    We are looking into this.
    
    From an external view:
    
    From https://www.spamhaus.org/faqs/dnsbl-usage#your-dnsbl-blocks-the-whole-internet:
    
    Your DNSBL blocks the whole Internet!
    
    There can be several reasons why a DNSBL can appear to list all IPv4 addresses (when it really doesn’t):
    
    MOST COMMON: Using Amazon, Quad9, Google, Cloudflare or some other public/open DNS resolver – OR your network is querying our data using an IP that has generic, unattributable rDNS. READ THIS FIRST.
    
    Then following the READ THIS FIRST LINK (https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/):
    
    Additionally, as you use zen, it would be a "workaround"/"solution" to create a DNS request route to directly resolve Spamhaus and not query it via our service.
    
    https://www.spamhaus.org/blocklists/zen-blocklist/
    
    We had the same discussion a while ago via Sophos UTM: zen.spamhaus.org not working for me? RESULT: MAKE SURE NOT TO USE GOOGLE DNS!
    
    __________________________________________________________________________________________________________________
  - 0 Sophos22 6 days ago in reply to LuCar Toni
    
    Yes, situation is not clearly a problem of Sophos DNS Protection.
    
    As you see it can be a risky thing just replace public dns resolver.
  - 0 LuCar Toni 6 days ago in reply to Sophos22
    
    So - We have some kind of feeling, something went wrong here:
    
    Could you PN me your Support - Access ID of the Firewall?
    Because we have the feeling, the site (firewall WAN IP) was not maintained in Sophos Central DNS Protection.
    
    __________________________________________________________________________________________________________________
  - 0 Sophos22 3 days ago in reply to LuCar Toni
    
    All public ips are added and queries are visible in dashboard.