This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Increasing Traffic - solved

Hi anybody!



Since the update from 9.705-3 to 9.706-8 the traffic to Sophos is increasing and the Spamfilter isn't working good.

Normaly i have about 40 GB on data in a week and know i have about 450 to 940 GB in one week!!!

A few days ago i have updated to 9.707-5 but there is no change.
If i chance the update (pattern and firmware) to manuel there is only the normal traffic.

Can anybody help me?

regards Peter



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember 3 months ago

    Hi ,

    Thank you for reaching out to the Community! 

    I'd suggest opening a support case with the sample spam emails and smtp logs for further investigation. Would you mind providing the support case via personal message?

    Also, did you mean that the system traffic count has increased after the firmware update? 

    Thanks,

  • I have found entrys in the smtp-log - that may log the problem:

    2021:07:08-02:26:29 mail exim-in[16946]: 2021-07-08 02:26:29 H=mail2.tchibo.de [194.115.167.42]:3202 Warning: xxxx.xxxx profile excludes greylisting: Skipping greylisting for this message
    2021:07:08-02:26:29 mail exim-in[16946]: 2021-07-08 02:26:29 H=mail2.tchibo.de [194.115.167.42]:3202 Warning: xxxx.xxxx profile excludes SANDBOX scan
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 spam acl condition: spamd: failed to connect to any address for 127.0.0.1: Connection refused
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 spam acl condition: all spamd servers failed
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 H=mail2.tchibo.de [194.115.167.42]:3202 Warning: ACL "warn" statement skipped: condition test deferred
    2021:07:08-02:26:50 mail exim-in[16946]: 2021-07-08 02:26:50 1m1Hs5-0004PK-32 <= prvs=8161b01c6=service@eduscho.at H=mail2.tchibo.de [194.115.167.42]:3202 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=24119
  • As per the other thread on this, I don't see anything in our SMTP protection that is misbehaving or anything unusual in the SMTP logs. But I did change the TLS cert for inbound SMTP around the time this started happening. However, I can't find any indication that's misbehaving either.

    Very baffling.

    Paul

  • I have found this community-entry:

    Please take a look at this KB article.

    Email Catchrate issue on UTM 9.706 (sophos.com)

    The issue seems to be limited to devices running on old hardware or on KVM/QEMU environments that are configured to suppress advanced processor features.

    I have change my virtuel cpu to have sss3 - maybe this is the solution.

    regards peter

  • after 8 hours running with the sss3 enabled cpu - the update is working corektly.

Reply Children
No Data