This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

email quarantined (considered as spam), but unclear why

Hi all,

a lot of outging messsages, originating from the internal mailserver are marked as spam, mostly autoreply on mailboxes. It is unclear why this problem started recently.

2019:08:05-17:02:36 utm-01-1 smtpd[12458]: SCANNER[12458]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="10.143.x.x" from="" to="replaced@gmail.com" subject="Automatisch antwoord: Ziek..." queueid="1hueVQ-0003Ew-CU" size="63346" reason="as" extra=""
2019:08:05-17:02:36 utm-01-1 smtpd[12458]: SCANNER[12458]: 1hueVO-0004bI-2A => work R=SCANNER T=SCANNERq
2019:08:05-17:02:36 utm-01-1 smtpd[12458]: SCANNER[12458]: 1hueVO-0004bI-2A Completed

This is an extract from the smtp.log, filtering ons queueid, pid, ... does not reveal more usefull information. Any idea how to identify the exact reason why these type of emails get quarantined? Are there other log files available? I tried working myself through the exim config file as well in order to understand how emails are processed, more specifically by the AV's (Sophos + Avira), but also this does not provide any insights.

Thx for your feedback on this.

Kr,

steven



This thread was automatically locked due to age.
Parents
  • Hoi Steven and welcome to the UTM Community!

    What version are you using?  This issue was fixed early in V9.0x, so if it's happening again, I would get a support ticket open with Sophos.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hoi Steven and welcome to the UTM Community!

    What version are you using?  This issue was fixed early in V9.0x, so if it's happening again, I would get a support ticket open with Sophos.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    the firewall has version 9.604-2 installed.

    There is already a ticket in parallel with Sophos support, but still didn't receive an answer.

     

    @all

    Thx for your input.

    Still, if anyone would be aware of a CLI tool to analyze email and get a detailed output, I'm happy to hear about this ;).

     

    Cheers,

    steven