RBL working too well

Greetings, 

Yesterday morning I upgraded to firmware version 9.705-7. This morning at about 6:00 am the RBL feature has started rejecting well-known hosts. Shown here are oktax.state.ok and pharmacy.cvs.com. 

Checking pharmacy.cvs.com with www.anti-abuse.org I see that it's all green.

I have turned off the RBL checks in the SMTP Antispam page and those email addresses are now going through the mail server.
However, so are any 'bad-guy' sites that actually test as RBL failures. So, this is a workaround, not a fix.

Thoughts?

Parents
  • I am experiencing the same issue and installed version 9.707-5 on model SG430. This happens with zen.spamhaus and cbl.abuseat; we also had to disable the RBL in order receive emails that were not registered in those lists.

  • We are facing the same issue on two boxes on which we have installed version 9.707-5 two weeks ago. Yesterday evening the SMTP Proxy on both devices started to block several e-mail from different domains, which cannot be all at the same time on a blacklist. This happens with cbl.abuseat.org.

    Does anybody have a fix for this issue?

  • Hallo Alexander and welcome to the UTM Community!

    Did you try my suggestion above?  Also, a reboot?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes, we tried at first to restart the STMP-Service, which did not fix the issue and afterwards we rebooted the devices. Unfortunately this did no help also.We have disabled the RBL-Check for now and opened a ticket.

  • Since today we have the exact same Problem.

    We discovered this toda at 10 am around.

    Rebooting does not fix the Problem.

    The Mail Adresses and most of the IP's where blocked from one RBL, but if u navigate to the RBL Website and check them, they are Rosponding, everithing is OK....

    We have a Critical Case Opend at Sophos, if we get a Solution i will provide it here.

    Hope someone of u is a bit faster ^^

  • Hello Community,

    This is currently a known issue and is being investigated actively under NUTM-13047

    The current Work Around is:

    Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.

    Do not use cbl.abuseat.org as a custom RBL at present.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Thank you brainy posters about unchecking the box and not using abuseat.org.  Seems that issue keeps happening randomly every so often.  I also had the issue with zen.spamhaus.org a while back, with the same kind of issue it was blocking all kinds of legitimate domains.  it seems to be happy now though.

    I've been happy recently and long term with a list of paid ones, invaluement in particular is super and is budget friendly.

    b.barracudacentral.org, bl.spamcop.net and sbl.spamhaus.org get rid of a ton of crap when zen. is unhappy.  then add your regular ones you know and trust

    I'd love to know if anyone tested ctmail being added manually if you disable use recommended RBLs?

    Standing by, i hope you all have a good rest of the week out there.

    Mitchell

  • I had the same problem on a customer firewall a few hours ago ... so I've unchecked recommended and insert some custom RBL ... it would be great, if we can select unselect RBL from the recommended in the GUI

  • Hello Community,

    An additional Work Around has been provided by GES.

    Option 1:
    Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.
    Do not use cbl.abuseat.org as a custom RBL at present if you use public DNS.
    www.anti-abuse.org/.../ Contains a listing of common RBLs

    Option 2:
    Under Network Services>DNS>Request Routing add cbl.abuseat.org to the domain field and then either directly add the Spamhaus IP or an alternate DNS server to not forward this domain via public DNS.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Brilliant solution Emmanuel, I used to have to watch that like a hawk seeing which DNSBLs don't like going through DNS, finally a while back i dedicated another unit to just doing root server queries, with  no forward dns upstream, then have all the dnsbl queries go over to that box.  That works but is more than likely slower.  You rule sir.  Mitchell   PS, after a coffee I thought I'd tell people that are frustrated by poor spam filtering that here's the deal..... Some DNSBLs will NOT FILTER or respond if you use stupid google dns, 1111, cox, att, umbrella etc.  They never block any spams.  or they do, just up to a limit of 800,000 a day from the entire planet is whatone brain at a DNSBL told me a fewyears ago, so google dns 8888 will work and  you'll see some replies in your log until they get a million queries then the DNSBL doesnt listen to google dns 8888 anymore that day. sorry for typos, I type too fast sometimes.

  • We can confirm this issue yesterday - but there must be also any other reason than DNS - a colleague of me tried to send a newsletter to a customer and runs into this issue.

    But if I did send the newsletter from my e-mail address (same @domain and same outgoing mail-gateway) instead of my colleague it was working...

Reply
  • We can confirm this issue yesterday - but there must be also any other reason than DNS - a colleague of me tried to send a newsletter to a customer and runs into this issue.

    But if I did send the newsletter from my e-mail address (same @domain and same outgoing mail-gateway) instead of my colleague it was working...

Children
No Data