This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"550 Administrative prohibition" issues due to confirmed spam

Hi there,

today incoming messages from 2 customer domains have been rejected to "550 Administrative prohibition". #hostname #5.2.0 SMTP; 550 Administrative prohibition> #SMTP#. A couple of minutes later new messages are delivered successfully again. Sophos 'Mail Manager' marked them as confirmed spam.

Both sender addresses are NOT blacklisted, SPF record are set up correctly and Cyren marks them with 'No Risk'. How can I debug reason="as" extra="confirmed" and ctasd reports 'Confirmed'? Why does Sophos UTM blocks those messages? Firmware version: 9.510-5

Logfile excerpt:
2018:10:01-14:59:29 utm exim-in[5956]: 2018-10-01 14:59:29 SMTP connection from [SERVERIP]:37133 (TCP/IP connection count = 1)
2018:10:01-14:59:29 utm exim-in[21173]: 2018-10-01 14:59:29 [SERVERIP] F=<client@domain.com> R=<user@ourdomain.com> Verifying recipient address with callout
2018:10:01-14:59:34 utm exim-in[21173]: 2018-10-01 14:59:34 1g6xnN-0005VV-2y ctasd reports 'Confirmed'
2018:10:01-14:59:34 utm exim-in[21173]: 2018-10-01 14:59:34 1g6xnN-0005VV-2y id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="SERVERIP" from="client@domain.com" to="user@ourdomain.com" subject="WG: XXXX H\303\266" queueid="1g6xnN-0005VV-2y" size="19171841" reason="as" extra="confirmed"



This thread was automatically locked due to age.
Parents Reply Children
No Data