This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RBL working too well

Greetings, 

Yesterday morning I upgraded to firmware version 9.705-7. This morning at about 6:00 am the RBL feature has started rejecting well-known hosts. Shown here are oktax.state.ok and pharmacy.cvs.com. 

Checking pharmacy.cvs.com with www.anti-abuse.org I see that it's all green.

I have turned off the RBL checks in the SMTP Antispam page and those email addresses are now going through the mail server.
However, so are any 'bad-guy' sites that actually test as RBL failures. So, this is a workaround, not a fix.

Thoughts?



This thread was automatically locked due to age.
Parents
  • I am experiencing the same issue and installed version 9.707-5 on model SG430. This happens with zen.spamhaus and cbl.abuseat; we also had to disable the RBL in order receive emails that were not registered in those lists.

  • We are facing the same issue on two boxes on which we have installed version 9.707-5 two weeks ago. Yesterday evening the SMTP Proxy on both devices started to block several e-mail from different domains, which cannot be all at the same time on a blacklist. This happens with cbl.abuseat.org.

    Does anybody have a fix for this issue?

  • Hallo Alexander and welcome to the UTM Community!

    Did you try my suggestion above?  Also, a reboot?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes, we tried at first to restart the STMP-Service, which did not fix the issue and afterwards we rebooted the devices. Unfortunately this did no help also.We have disabled the RBL-Check for now and opened a ticket.

  • Since today we have the exact same Problem.

    We discovered this toda at 10 am around.

    Rebooting does not fix the Problem.

    The Mail Adresses and most of the IP's where blocked from one RBL, but if u navigate to the RBL Website and check them, they are Rosponding, everithing is OK....

    We have a Critical Case Opend at Sophos, if we get a Solution i will provide it here.

    Hope someone of u is a bit faster ^^

  • Hello Community,

    This is currently a known issue and is being investigated actively under NUTM-13047

    The current Work Around is:

    Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.

    Do not use cbl.abuseat.org as a custom RBL at present.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Thank you brainy posters about unchecking the box and not using abuseat.org.  Seems that issue keeps happening randomly every so often.  I also had the issue with zen.spamhaus.org a while back, with the same kind of issue it was blocking all kinds of legitimate domains.  it seems to be happy now though.

    I've been happy recently and long term with a list of paid ones, invaluement in particular is super and is budget friendly.

    b.barracudacentral.org, bl.spamcop.net and sbl.spamhaus.org get rid of a ton of crap when zen. is unhappy.  then add your regular ones you know and trust

    I'd love to know if anyone tested ctmail being added manually if you disable use recommended RBLs?

    Standing by, i hope you all have a good rest of the week out there.

    Mitchell

  • I had the same problem on a customer firewall a few hours ago ... so I've unchecked recommended and insert some custom RBL ... it would be great, if we can select unselect RBL from the recommended in the GUI

Reply Children
No Data