Increasing Traffic - solved

Hi anybody!



Since the update from 9.705-3 to 9.706-8 the traffic to Sophos is increasing and the Spamfilter isn't working good.

Normaly i have about 40 GB on data in a week and know i have about 450 to 940 GB in one week!!!

A few days ago i have updated to 9.707-5 but there is no change.
If i chance the update (pattern and firmware) to manuel there is only the normal traffic.

Can anybody help me?

regards Peter



solved
[bearbeitet von: PRad um 2:20 PM (GMT -7) am 21 Jul 2021]
  • FormerMember
    0 FormerMember 3 months ago

    Hi ,

    Thank you for reaching out to the Community! 

    I'd suggest opening a support case with the sample spam emails and smtp logs for further investigation. Would you mind providing the support case via personal message?

    Also, did you mean that the system traffic count has increased after the firmware update? 

    Thanks,

  • Hi Pantel!

    In this thread - there are also other person with the same isue.
    https://community.sophos.com/utm-firewall/f/hardware-installation-up2date-licensing/128498/excessive-up2date-traffic

    The biggest problem is the increasing of the traffic - this report is from 10:13 am yesterday

    On the SG 310 in my work there are only about 5 GB on traffic with the deploy.static.akamai...-server.
    So i am a home-lizenz-user and so far i could not open a support case.

    regards Peter

  • Today with firmware-update all 12 hours and pattern-update manuel I have only 1,0 GB Traffic at 07:40 am.
    I have tried yesterday to chance the antivirus from avira to sophos - but there is no change in update traffic.
    It's an other pattern file, that is loaded but no change in traffic.
    I think it's not the up2date-prozess itself, because the log only show the update all 2 hours or 4 hours - i have tried.

    May i can send the log-file with privat message.
    regards peter

  • I have found entrys in the smtp-log - that may log the problem:

    2021:07:08-02:26:29 mail exim-in[16946]: 2021-07-08 02:26:29 H=mail2.tchibo.de [194.115.167.42]:3202 Warning: xxxx.xxxx profile excludes greylisting: Skipping greylisting for this message
    2021:07:08-02:26:29 mail exim-in[16946]: 2021-07-08 02:26:29 H=mail2.tchibo.de [194.115.167.42]:3202 Warning: xxxx.xxxx profile excludes SANDBOX scan
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 spam acl condition: spamd: failed to connect to any address for 127.0.0.1: Connection refused
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 spam acl condition: all spamd servers failed
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 H=mail2.tchibo.de [194.115.167.42]:3202 Warning: ACL "warn" statement skipped: condition test deferred
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 <= prvs=8161b01c6=service@eduscho.at H=mail2.tchibo.de [194.115.167.42]:3202 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=24119
  • As per the other thread on this, I don't see anything in our SMTP protection that is misbehaving or anything unusual in the SMTP logs. But I did change the TLS cert for inbound SMTP around the time this started happening. However, I can't find any indication that's misbehaving either.

    Very baffling.

    Paul

  • I have found this community-entry:

    Please take a look at this KB article.

    Email Catchrate issue on UTM 9.706 (sophos.com)

    The issue seems to be limited to devices running on old hardware or on KVM/QEMU environments that are configured to suppress advanced processor features.

    I have change my virtuel cpu to have sss3 - maybe this is the solution.

    regards peter

  • after 8 hours running with the sss3 enabled cpu - the update is working corektly.