This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All mobile outlook devices just went down

All Microsoft Outlook mobile clients went down and report 403 or 502.

We are getting this error:

2019:12:01-15:53:31 firewall httpd: id="0299" srcip="40.101.68.21" localip="[redacted]" size="2535" user="-" host="40.101.68.21" method="OPTIONS" statuscode="403" reason="dnsrbl" extra="Client is listed on DNSRBL black.rbl.ctipd.astaro.local" exceptions="SkipURLHardening" time="1835" url="/Microsoft-Server-ActiveSync" server="[redacted]" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="[redacted]"

As you can see, Cyren is suddenly announcing ALL of Microsoft as High Risk.

First thing I did was uncheck "Use recommened RBL".  I thought that would stop this check, it didn't.

Next I added the Microsoft Outlook subnets to the SMTP RBL exceptions table.  That ALSO had no effect.

I'm at a loss now.



This thread was automatically locked due to age.
Parents
  • I have access now, I had to remove the check at the WAF level.  I forgot that.

    But I still don't understand why Cyren is suddenly announcing all these subnets as high risk.

  • I don't know that this will work for WAF, so let us know if it helps:

    /var/mdw/scripts/ctasd_inbound stop
    /var/mdw/scripts/ctasd_outbound stop
    mv /var/cache/ctasd /var/cache/ctasd.old
    /var/mdw/scripts/ctasd_inbound start
    /var/mdw/scripts/ctasd_outbound start

    Cheers - Bob
    PS Should I move this thread from the Email Protection forum to the Web Server Security forum?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I don't know that this will work for WAF, so let us know if it helps:

    /var/mdw/scripts/ctasd_inbound stop
    /var/mdw/scripts/ctasd_outbound stop
    mv /var/cache/ctasd /var/cache/ctasd.old
    /var/mdw/scripts/ctasd_inbound start
    /var/mdw/scripts/ctasd_outbound start

    Cheers - Bob
    PS Should I move this thread from the Email Protection forum to the Web Server Security forum?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data