Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 29 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 18831 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why Sophos UTM not sending emails out

Mohamed Hassan

Hello Guys. Few days ago I had an issue with my internet resulted in changing my static IP. No since I've received a new IP I've updated my external DNS. 

However since my IP has changed I no longer able to send out emails from my UTM. I have mailenable which is relaying to UTM. From logs I can see UTM accepts relaying from my mailenable server but emails get spooled and see this in the logs:

 

2019:02:28-22:14:00 sukafun-utm smtpd[5343]: MASTER[5343]: Action: Forcing delivery process for 1gzMQI-000BCR-0t
2019:02:28-22:15:00 sukafun-utm exim-out[43216]: 2019-02-28 22:15:00 Start queue run: pid=43216
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SSL_write: (from [192.168.7.77]:999) syscall: Connection timed out
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SSL_write error 5
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SMTP timeout while connected to mail-tester.com [94.23.206.89] after sending data block (25910 bytes written): Connection timed out
2019:02:28-22:16:19 sukafun-utm exim-out[41491]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl == test-3tjbp@mail-tester.com R=dnslookup T=remote_smtp defer (110): Connection timed out: SMTP timeout while connected to mail-tester.com [94.23.206.89] after sending data block (25910 bytes written)
2019:02:28-22:16:20 sukafun-utm exim-out[43418]: 2019-02-28 22:16:20 1gzKXM-0008JN-HK == test-37cxi@mail-tester.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2019:02:28-22:16:20 sukafun-utm exim-out[43422]: 2019-02-28 22:16:20 1gzKP8-00083Z-Gr == test-37cxi@mail-tester.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2019:02:28-22:16:20 sukafun-utm exim-out[40075]: 2019-02-28 22:16:20 End queue run: pid=40075
 
 
It lets me send emails out to some domains like gmail but most of other domains not. I confirm that my ISP not blocking port 25. My UTM is connected to internet. My external DNS is correct. Tried enabling smarthost from UTM but same issue. What else should I look for? 
I receive emails fine.
 
 
Cheers
Mo


This thread was automatically locked due to age.
Parents
  • 0

    I would assume that your ISP told you wrong.

    1. Test DNS.   Can you do an MX Lookup on example.com using UTM as your recursive dns server?   Can you do a lookup on those mail server names and obtain an IP address.
    2. Test with PING and TRACERT to see if you can get through the network to those devices.   No guarantee that they respond to ping, but I expect most of them will.
    3. Test SMTP Connectivity.   Use the Microsoft Telnet client and try to "telnet mail.example.com 25".   If you do not get any response, you are getting blocked.   If you use Wireshark to monitor your test traffic, you may even see a reply packet that says "administratively blocked"

    Of course, once you get connectivity solved, you have to get past the spam filters at the receiving end.   Have you updated your MX record in DNS?  Have you checked your domain and IP reputation using MXToolbox.com ?

  • 0 in reply to DouglasFoster

    Hey Douglas. Thanks for your response.

    For 1, 2, 3 I've no issues. Already tested but have not tried wireshark yet.

    For my external DNS has been updated. My mx record points to mail.mydomain.com.

    If my ISP blocking port 25 I wouldn't be able to email out anything but some emails go through.

     

    Any ideas what else could it be?

  • 0 in reply to Mohamed Hassan

    You mnetioned you could send to gmail, but not hotmail, 365 etc

    When you did your test (without the UTM) did mail get to hotmail, 365 as opposed to when it's going via the UTM, it can't get to them?

  • 0 in reply to Mohamed Hassan

    When you IP changed did you delete and recreate the WAN interface or just edit it?

    Respectfully, 

     

    Badrobot

     

  • 0 in reply to Louis-M

    Yes email goes out directly from my mailenable mail server if using UTM it doesn't

  • 0 in reply to Badrobot

    Did not edit the WAN interface even. It's set to PPPoE and dynamically getting an IP from my ISP.

    What I've done is I created a new interface using another physical card using PPPoE and same results. 

    But

    When I used WAN to be an ethernet hooked up to a 4G modem so different IP and connection obviously it did work. Any idea why UTM doesn't like my normal VDSL connection when sending out emails where sending without UTM is fine. 

  • 0 in reply to Mohamed Hassan

    Obviously, you are at the point that you need someone to lay eyes on your configuration.   

    Since you are running a mail server, I am assuming that you are not a home user.   Do you have access to support?

  • 0 in reply to DouglasFoster

    My configuration is correct as it was working before and it did work when I switched to 4G interface.

    For now I'm going to try Sophos XG and see what it has got for mail protection as well as web. Do you recommend it?

  • 0 in reply to Mohamed Hassan

    Just a comment here (and not pointing the finger at the actual issue) but I would imagine you would have issues with sending mail from a mail server via 4G. I'm not aware of any providers who actually give out static IP's on 4G networks (in the UK at least). Mail servers coming from dynamic IP ranges will suffer from connectivity issues with regards to mail.

    You may also be suffering from the reputation of the IP address you are sending from and this may need built up over time. you can check here:

    https://www.senderscore.org/

  • 0 in reply to Louis-M

    Let me rephrase. My VDSL connection which has static IP is having the issue with sending out emails. When I connect my 4G test router to Sophos through ethernet emails go out. I'm talking about outgoing not incoming emails.

    If I don't relay on Sophos and send out from my mail server directly emails go out fine (on VDSL connection).

    I'm not relaying to Sophos now and will give it some time for reputation to build up on new IP address then will try relaying to Sophos. I guess that's my only option. 

  • 0 in reply to Mohamed Hassan

    There has to be a configuration error.   The timeout indicates a delivery problem, not a traffic rejection problem.   The delivery problem implies a routing problem or a traffic filter.   If it was a rejection problem, the sending hardware would not matter.

    Does UTM connect directly to the Internet, or is there a home router in the configuration?   If you have another firewall, maybe there is a configuration problem on it.

    Reboot your UTM.  That step has fixed a variety of strange unexplained problems for other users in this forum.

    Check all of your SNAT/NAT/DNAT rules, there may be one that was not updated for the new IP address.

    Disable Country Blocking, to see if that has an effect.

    Check ALL (30 or so) of your UTM logs, looking for clues.

  • 0 in reply to DouglasFoster

    No router or firewall before UTM other than a modem which is on bridged mode. Firewall is disabled on it though. Modem firmware is on latest. UTM is on latest firmware. UTM is virtualized on Hyper-V. 

     

    I've couple of DNAT rules for my plex and my RDS portal. 

    In my firewall currently I'm allowing any to any and putting rule in top. Country filtering isn't configured.

     

     

    What UTM logs to check other than mail logs? As you can see I've done two tests, one is sending to my work email and one to my personal email.

     

    To my work email which went through:

    2019:03:03-13:43:17 sukafun-utm exim-in[5505]: 2019-03-03 13:43:17 SMTP connection from [192.168.7.77]:56087 (TCP/IP connection count = 1)
    2019:03:03-13:43:17 sukafun-utm exim-in[12644]: 2019-03-03 13:43:17 [192.168.7.77] F=<mo@sukafun.com> R=<mhassan@ahg.com.au> Accepted: from relay
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B spam acl condition: cannot parse spamd output
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B H=mail.sukafun.com [192.168.7.77]:56087 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56087 P=esmtp S=25438 id=001e01d4d1c6$f71ade50$e5509af0$@sukafun.com
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 SMTP connection from mail.sukafun.com [192.168.7.77]:56087 closed by QUIT
    2019:03:03-13:43:29 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Ju9-0003Hw-0B moved to work queue
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0JuM-0003I5-CI <= mo@sukafun.com R=1h0Ju9-0003Hw-0B P=INPUT S=24705
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="mhassan@ahg.com.au" subject="to my work email" queueid="1h0JuM-0003I5-CI" size="24705"
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B => work R=SCANNER T=SCANNER
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B Completed
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI => mhassan@ahg.com.au P=<prvs=096549b862=mo@sukafun.com> R=dnslookup T=remote_smtp H=mx1.ahg.com.au [103.44.101.111]:25 C="250 ok: Message 95638830 accepted"
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI Completed
     
     
     
    To my personal email which got spooled:
     
    2019:03:03-13:45:49 sukafun-utm exim-in[12799]: 2019-03-03 13:45:49 [192.168.7.77] F=<mo@sukafun.com> R=<sukafun@hotmail.com> Accepted: from relay
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 spam acl condition: cannot parse spamd output
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 H=mail.sukafun.com [192.168.7.77]:56204 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56204 P=esmtp S=25444 id=002d01d4d1c7$5216f3c0$f644db40$@sukafun.com
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 SMTP connection from mail.sukafun.com [192.168.7.77]:56204 closed by QUIT
    2019:03:03-13:46:02 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Jwb-0003KR-32 moved to work queue
    2019:03:03-13:46:10 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jww-0003L1-I7 <= mo@sukafun.com R=1h0Jwb-0003KR-32 P=INPUT S=24705
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="sukafun@hotmail.com" subject="to my personal email" queueid="1h0Jww-0003L1-I7" size="24705"
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 => work R=SCANNER T=SCANNER
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 Completed
    2019:03:03-13:46:41 sukafun-utm smtpd[12835]: SCANNER[12835]: Nothing to do, exiting.

     

    Then from mail manager I retried to send email then I get this:

    2019:03:03-13:48:40 sukafun-utm smtpd[5426]: MASTER[5426]: Action: Forcing delivery process for 1h0Jww-0003L1-I7
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write: (from [192.168.7.77]:999) syscall: Broken pipe
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write error 5
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 hotmail-com.olc.protection.outlook.com [104.47.34.33]: Broken pipe

     

Reply
  • 0 in reply to DouglasFoster

    No router or firewall before UTM other than a modem which is on bridged mode. Firewall is disabled on it though. Modem firmware is on latest. UTM is on latest firmware. UTM is virtualized on Hyper-V. 

     

    I've couple of DNAT rules for my plex and my RDS portal. 

    In my firewall currently I'm allowing any to any and putting rule in top. Country filtering isn't configured.

     

     

    What UTM logs to check other than mail logs? As you can see I've done two tests, one is sending to my work email and one to my personal email.

     

    To my work email which went through:

    2019:03:03-13:43:17 sukafun-utm exim-in[5505]: 2019-03-03 13:43:17 SMTP connection from [192.168.7.77]:56087 (TCP/IP connection count = 1)
    2019:03:03-13:43:17 sukafun-utm exim-in[12644]: 2019-03-03 13:43:17 [192.168.7.77] F=<mo@sukafun.com> R=<mhassan@ahg.com.au> Accepted: from relay
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B spam acl condition: cannot parse spamd output
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B H=mail.sukafun.com [192.168.7.77]:56087 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56087 P=esmtp S=25438 id=001e01d4d1c6$f71ade50$e5509af0$@sukafun.com
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 SMTP connection from mail.sukafun.com [192.168.7.77]:56087 closed by QUIT
    2019:03:03-13:43:29 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Ju9-0003Hw-0B moved to work queue
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0JuM-0003I5-CI <= mo@sukafun.com R=1h0Ju9-0003Hw-0B P=INPUT S=24705
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="mhassan@ahg.com.au" subject="to my work email" queueid="1h0JuM-0003I5-CI" size="24705"
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B => work R=SCANNER T=SCANNER
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B Completed
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI => mhassan@ahg.com.au P=<prvs=096549b862=mo@sukafun.com> R=dnslookup T=remote_smtp H=mx1.ahg.com.au [103.44.101.111]:25 C="250 ok: Message 95638830 accepted"
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI Completed
     
     
     
    To my personal email which got spooled:
     
    2019:03:03-13:45:49 sukafun-utm exim-in[12799]: 2019-03-03 13:45:49 [192.168.7.77] F=<mo@sukafun.com> R=<sukafun@hotmail.com> Accepted: from relay
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 spam acl condition: cannot parse spamd output
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 H=mail.sukafun.com [192.168.7.77]:56204 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56204 P=esmtp S=25444 id=002d01d4d1c7$5216f3c0$f644db40$@sukafun.com
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 SMTP connection from mail.sukafun.com [192.168.7.77]:56204 closed by QUIT
    2019:03:03-13:46:02 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Jwb-0003KR-32 moved to work queue
    2019:03:03-13:46:10 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jww-0003L1-I7 <= mo@sukafun.com R=1h0Jwb-0003KR-32 P=INPUT S=24705
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="sukafun@hotmail.com" subject="to my personal email" queueid="1h0Jww-0003L1-I7" size="24705"
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 => work R=SCANNER T=SCANNER
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 Completed
    2019:03:03-13:46:41 sukafun-utm smtpd[12835]: SCANNER[12835]: Nothing to do, exiting.

     

    Then from mail manager I retried to send email then I get this:

    2019:03:03-13:48:40 sukafun-utm smtpd[5426]: MASTER[5426]: Action: Forcing delivery process for 1h0Jww-0003L1-I7
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write: (from [192.168.7.77]:999) syscall: Broken pipe
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write error 5
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 hotmail-com.olc.protection.outlook.com [104.47.34.33]: Broken pipe

     

Children
Unfiltered HTML