Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No Mails in Mail Manager since Update 9.706-9

HI,

in most cases SPAM  mails get sorted into the Mailmanager for a human ceck.

since update 9.706-9 there are no mails in the mail manager.

what happend ?



This thread was automatically locked due to age.
Parents Reply Children
  • Definitely from the complete SMTP log file Wolfgang.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Ok, here we go, if you need more let me know:

    2021:06:23-21:31:27 matrix exim-in[11289]: 2021-06-23 21:31:27 SMTP connection from [199.116.112.134]:56350 (TCP/IP connection count = 1)
    2021:06:23-21:31:29 matrix exim-in[1441]: 2021-06-23 21:31:29 H=srv5.sevaa.com [199.116.112.134]:56350 Warning: Exception matched: Skipping greylisting for this message
    2021:06:23-21:31:29 matrix exim-in[1441]: 2021-06-23 21:31:29 H=srv5.sevaa.com [199.116.112.134]:56350 Warning: domain.net profile excludes SANDBOX scan
    2021:06:23-21:31:29 matrix exim-in[1441]: 2021-06-23 21:31:29 [199.116.112.134] F=<julianhernandez@onemoresponsor.com> R=<mail@goes.here> Verifying recipient address with callout
    2021:06:23-21:31:30 matrix exim-in[1441]: 2021-06-23 21:31:30 1lw8av-0000NF-12 sasi reports probability: 0.109877, version: Antispam-Engine: 4.1.4, AntispamData: 2021.6.23.190316
    2021:06:23-21:31:30 matrix exim-in[1441]: 2021-06-23 21:31:30 1lw8av-0000NF-12 <= julianhernandez@onemoresponsor.com H=srv5.sevaa.com [199.116.112.134]:56350 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=4532 id=E1lw8ap-00Fent-Lm@srv5.sevaa.com
    2021:06:23-21:31:30 matrix exim-in[1441]: 2021-06-23 21:31:30 SMTP connection from srv5.sevaa.com [199.116.112.134]:56350 closed by QUIT
    2021:06:23-21:31:31 matrix smtpd[11283]: QMGR[11283]: 1lw8av-0000NF-12 moved to work queue
    2021:06:23-21:31:40 matrix smtpd[1459]: SCANNER[1459]: 1lw8b6-0000NX-5E <= julianhernandez@onemoresponsor.com R=1lw8av-0000NF-12 P=INPUT S=984
    2021:06:23-21:31:40 matrix smtpd[1459]: SCANNER[1459]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="199.116.112.134" from="julianhernandez@onemoresponsor.com" to="mail@goes.here" subject="Ein halb Steifer kommt sicher nicht gut an" queueid="1lw8b6-0000NX-5E" size="984"
    2021:06:23-21:31:40 matrix smtpd[1459]: SCANNER[1459]: 1lw8av-0000NF-12 => work R=SCANNER T=SCANNER
    2021:06:23-21:31:40 matrix smtpd[1459]: SCANNER[1459]: 1lw8av-0000NF-12 Completed
    2021:06:23-21:31:40 matrix exim-out[1462]: 2021-06-23 21:31:40 1lw8b6-0000NX-5E => mail@goes.here P=<julianhernandez@onemoresponsor.com> R=static_route_hostlist T=static_smtp H=000.000.000.000 [000.000.000.000]:25 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 2.0.0 Ok: queued as 55A2CF60353"
    2021:06:23-21:31:40 matrix exim-out[1462]: 2021-06-23 21:31:40 1lw8b6-0000NX-5E Completed

    next:

    21:06:23-20:23:43 matrix exim-in[24981]: 2021-06-23 20:23:43 [141.94.34.22] F=<return-dyn_mlid-dyncluster_iii20210623ca2027333-26817-426ab3=2@princeton.bounces.news.wahrmailler.de> R=<mail@goes.here> Verifying recipient address with callout
    2021:06:23-20:23:44 matrix exim-in[24981]: 2021-06-23 20:23:44 1lw7XM-0006Uv-02 sasi reports probability: 0.129995, version: Antispam-Engine: 4.1.4, AntispamData: 2021.6.23.174216
    2021:06:23-20:23:44 matrix exim-in[24981]: 2021-06-23 20:23:44 1lw7XM-0006Uv-02 Greylisting: Greylisted 141.94.34.22
    2021:06:23-20:23:44 matrix exim-in[24981]: [1\72] 2021-06-23 20:23:44 1lw7XM-0006Uv-02 H=smtp117-023.beyond-mta.de [141.94.34.22]:54833 X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<return-dyn_mlid-dyncluster_iii20210623ca2027333-26817-426ab3=2@princeton.bounces.news.wahrmailler.de> temporarily rejected after DATA: Temporary local problem, please try again!
    2021:06:23-20:23:44 matrix exim-in[24981]: [2\72] Envelope-from: <return-dyn_mlid-dyncluster_iii20210623ca2027333-26817-426ab3=2@princeton.bounces.news.wahrmailler.de>
    2021:06:23-20:23:44 matrix exim-in[24981]: [3\72] Envelope-to: <mail@goes.here>
    2021:06:23-20:23:44 matrix exim-in[24981]: [4\72] P Received: from smtp117-023.beyond-mta.de ([141.94.34.22]:54833)
    2021:06:23-20:23:44 matrix exim-in[24981]: [5\72] by domain.here.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    2021:06:23-20:23:44 matrix exim-in[24981]: [6\72] (Exim 4.94.2)
    2021:06:23-20:23:44 matrix exim-in[24981]: [7\72] (envelope-from <return-dyn_mlid-dyncluster_iii20210623ca2027333-26817-426ab3=2@princeton.bounces.news.wahrmailler.de>)
    2021:06:23-20:23:44 matrix exim-in[24981]: [8\72] id 1lw7XM-0006Uv-02
    2021:06:23-20:23:44 matrix exim-in[24981]: [9\72] for mail@goes.here; Wed, 23 Jun 2021 20:23:44 +0200
    2021:06:23-20:23:44 matrix exim-in[24981]: [10\72] X-SASI-Hits: BODYTEXTH_SIZE_3000_MORE 0.000000, BODY_SIZE_10000_PLUS 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [11\72] CTYPE_JUST_HTML 0.847999, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [12\72] FONT_STYLE_0PT 0.000000, FROM_NAME_PHRASE 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [13\72] HREF_LABEL_TEXT_NO_URI 0.000000, HTML_90_100 0.100000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [14\72] HTML_FONT_INVISIBLE 0.100000, IMGSPAM_TABLE_1 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [15\72] KNOWN_MTA_TFX 0.000000, LINK_TO_IMAGE 0.000000, LIST_HEADER 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [16\72] MIME_LOWER_CASE 0.050000, OBFUSCATION 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [17\72] REPLYTO_FROM_DIFF_ADDY 0.100000, SENDER_NO_AUTH 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [18\72] STYLE_RATWARE_REF 0.000000, SXL_IP_TFX_WM 0.000000, URI_ENDS_IN_PHP 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [19\72] URI_WITH_PATH_ONLY 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [20\72] __BODY_TEXT_X4 0.000000, __CP_MEDIA_BODY 0.000000, __CP_URI_IN_BODY 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [21\72] __CT 0.000000, __CTE 0.000000, __CTYPE_HTML 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [22\72] __CTYPE_IS_HTML 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [23\72] __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [24\72] __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_LIST_HEADER 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [25\72] __HAS_LIST_UNSUBSCRIBE 0.000000, __HAS_MSGID 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [26\72] __HAS_REPLYTO 0.000000, __HIDDEN_HTML_CONTENT 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [27\72] __HREF_LABEL_IMG 0.000000, __HREF_LABEL_TEXT 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [28\72] __HTML_AHREF_TAG 0.000000, __HTML_BAD_END 0.000000, __HTML_BOLD 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [29\72] __HTML_HREF_TAG_X2 0.000000, __HTML_TAG_CENTER 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [30\72] __HTML_TAG_DIV 0.000000, __HTML_TAG_TABLE 0.000000, __HTTPS_URI 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [31\72] __HTTP_IMAGE_TAG 0.000000, __IMGSPAM_TABLE_1 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [32\72] __IMG_THEN_TEXT 0.000000, __LEGIT_LIST_HEADER 0.000000, __MIME_HTML 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [33\72] __MIME_HTML_ONLY 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [34\72] __MIME_VERSION 0.000000, __MULTIPLE_URI_HTML 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [35\72] __MULTIPLE_URI_TEXT 0.000000, __SANE_MSGID 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [36\72] __STOCK_PHRASE_7 0.000000, __STYLE_RATWARE 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [37\72] __STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [38\72] __TAG_EXISTS_HTML 0.000000, __TO_MALFORMED_2 0.000000, __TO_NO_NAME 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [39\72] __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [40\72] __URI_NOT_IMG 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_WWW 0.000000,
    2021:06:23-20:23:44 matrix exim-in[24981]: [41\72] __URI_NS 0.000000, __URI_WITH_PATH 0.000000
    2021:06:23-20:23:44 matrix exim-in[24981]: [42\72] X-SASI-Probability: 13%
    2021:06:23-20:23:44 matrix exim-in[24981]: [43\72] X-SASI-RCODE: 200
    2021:06:23-20:23:44 matrix exim-in[24981]: [44\72] X-SASI-Version: Antispam-Engine: 4.1.4, AntispamData: 2021.6.23.174216
    2021:06:23-20:23:44 matrix exim-in[24981]: [45\72] DKIM-Signature: a=rsa-sha256; bh=a2FwY5Lw3tK8wENUE60iMKz39ODWd+Vu8jradbkAcKo=;
    2021:06:23-20:23:44 matrix exim-in[24981]: [46\72] c=relaxed/relaxed; d=news.wahrmailler.de;
    2021:06:23-20:23:44 matrix exim-in[24981]: [47\72] h=X-Mailer-Info:Mime-Version:X-Skip:Reply-To:Content-Type:X-Rclientid:X-Groupid:X-Providerid:X-Clientid:X-Brm-Dtag:From:Date:X-Campaignid:X-Rpcampaign:Message-Id:Subject:To:Content-Transfer-Encoding:List-Unsubscribe:X-Messageid:X-Memberid;
    2021:06:23-20:23:44 matrix exim-in[24981]: [48\72] s=as; t=1624472623; v=1;
    2021:06:23-20:23:44 matrix exim-in[24981]: [49\72] b=MnsvEgHfr04nieMXTSTUyWM0HvadUXJHcWklt724PdcdMehXK2m+cTsM53aiSRBM1G3k57kV
    2021:06:23-20:23:44 matrix exim-in[24981]: [50\72] kplIEx86w+bp6/jBgeaAWMcd3368mYU1GTKxLRvAP2bYY8g8Tuler+R7f+GhYarKc9MMxL73FIG
    2021:06:23-20:23:44 matrix exim-in[24981]: [51\72] i0pJezWeq0pETMI8YV15A8nA=
    2021:06:23-20:23:44 matrix exim-in[24981]: [52\72] X-Mailer-Info: 3.QWeu9VbslGZ.AZ552YsV3c0VmcflWapJDMyEDM2IzMjFmMwIzNzMzM.09mczRXZuB0cjhmch1Wbl5mLuVGd.Imct1yYsFmch1iMwIDN30SMyUTOzkzMyMDOtEDO1UDO1MTLyAjM3MzMz0SM
    2021:06:23-20:23:44 matrix exim-in[24981]: [53\72] Mime-Version: 1.0
    2021:06:23-20:23:44 matrix exim-in[24981]: [54\72] X-Skip: 0
    2021:06:23-20:23:44 matrix exim-in[24981]: [55\72] R Reply-To: reply@inflamesense.de
    2021:06:23-20:23:44 matrix exim-in[24981]: [56\72] Content-Type: text/html; charset=utf-8
    2021:06:23-20:23:44 matrix exim-in[24981]: [57\72] X-Rclientid: 1000
    2021:06:23-20:23:44 matrix exim-in[24981]: [58\72] X-Groupid: 999
    2021:06:23-20:23:44 matrix exim-in[24981]: [59\72] X-Providerid: 999
    2021:06:23-20:23:44 matrix exim-in[24981]: [60\72] X-Clientid: 20247
    2021:06:23-20:23:44 matrix exim-in[24981]: [61\72] X-Brm-Dtag:
    2021:06:23-20:23:44 matrix exim-in[24981]: [62\72] F From: "Top-Verkaufspreise in Ihrer Region" <mail@news.wahrmailler.de>
    2021:06:23-20:23:44 matrix exim-in[24981]: [63\72] Date: Wed, 23 Jun 2021 20:23:43 +0200
    2021:06:23-20:23:44 matrix exim-in[24981]: [64\72] X-Campaignid: 2027333
    2021:06:23-20:23:44 matrix exim-in[24981]: [65\72] X-Rpcampaign: brm_2027333
    2021:06:23-20:23:44 matrix exim-in[24981]: [66\72] I Message-Id: <1624471915-2027333-1259393238-d3a14955a15e8d6b05ad37b7f48a439a-7dd230@bounces.news.wahrmailler.de>
    2021:06:23-20:23:44 matrix exim-in[24981]: [67\72] Subject: Immobilienverkauf: Ist jetzt der richtige Zeitpunkt?
    2021:06:23-20:23:44 matrix exim-in[24981]: [68\72] T To: mail@goes.here
    2021:06:23-20:23:44 matrix exim-in[24981]: [69\72] Content-Transfer-Encoding: quoted-printable
    2021:06:23-20:23:44 matrix exim-in[24981]: [70\72] List-Unsubscribe: <mailto:mail+5-1000-2027333-1259393238-55d2e3c3412eb305c28a184d00525b09@unsubscribe.news.wahrmailler.de>, <news.wahrmailler.de/unsubscribe
    2021:06:23-20:23:44 matrix exim-in[24981]: [71\72] X-Messageid: 1855853
    2021:06:23-20:23:44 matrix exim-in[24981]: [72/72] X-Memberid: 1259393238
    2021:06:23-20:23:44 matrix exim-in[24981]: 2021-06-23 20:23:44 SMTP connection from smtp117-023.beyond-mta.de [141.94.34.22]:54833 closed by QUIT

    2021:06:23-20:37:43 matrix exim-in[26157]: 2021-06-23 20:37:43 H=smtp117-105.beyond-mta.de [141.94.34.104]:50015 Warning: domain.net profile excludes SANDBOX scan
    2021:06:23-20:37:43 matrix exim-in[26157]: 2021-06-23 20:37:43 [141.94.34.104] F=<return-dyn_mlid-dyncluster_iii20210623ca2027333-26817-426ab3=2@princeton.bounces.news.wahrmailler.de> R=<mail@goes.here> Verifying recipient address with callout
    2021:06:23-20:37:44 matrix exim-in[26157]: 2021-06-23 20:37:44 1lw7kt-0006nt-2v sasi reports probability: 0.129995, version: Antispam-Engine: 4.1.4, AntispamData: 2021.6.23.180016
    2021:06:23-20:37:44 matrix exim-in[26157]: 2021-06-23 20:37:44 1lw7kt-0006nt-2v Greylisting: Successful greylist retry from 141.94.34.104 (original host was 141.94.34.22/32)
    2021:06:23-20:37:44 matrix exim-in[26157]: 2021-06-23 20:37:44 1lw7kt-0006nt-2v <= return-dyn_mlid-dyncluster_iii20210623ca2027333-26817-426ab3=2@princeton.bounces.news.wahrmailler.de H=smtp117-105.beyond-mta.de [141.94.34.104]:50015 P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=25566 DKIM=news.wahrmailler.de id=1624471915-2027333-1259393238-d3a14955a15e8d6b05ad37b7f48a439a-7dd230@bounces.news.wahrmailler.de
    2021:06:23-20:37:44 matrix exim-in[26157]: 2021-06-23 20:37:44 SMTP connection from smtp117-105.beyond-mta.de [141.94.34.104]:50015 closed by QUIT

  • The one from  [199.116.112.134] shows "Exception matched" - can you see which Exception might have matched that?

    In the past, did the SMTP Proxy quarantine emails from news.wahrmailler.de?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    The expextion was greylisting for the recipient e-mail.

    Exception matched: Skipping greylisting for this message. The skipped greylisting should no issue at all.

    No, the proxy never quarantined mail from news.wahrmailler.de. so as workarround i put a blocklist in my postfix mailserver.

    But that should not be the solution either...

    cheers

  • How about this, Wolfgang - Show the lines from the log file for similar emails where one before the Up2Date was quarantined and one after the update was not quarantined.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I can't , because i also switched to complete new hardware, because the support told me anti spam does not work anymore with my old hardware.

    you can find my post related to that toppic under: spamd not working

  • I remember that, Wolfgang.  If you still have the old unit, the log files should be accessible.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • No i don't have the old unit, because i needed the SSD and some othr parts from it. 

    so i made a new install without saving any logfiles, because my idea was, with all new my problems are gone.

    well...

  • Well, round about 700 views of this and no one with the same issue ?

    Am i the only one who get's no emails in the mail manger quaratine ?

  • The first email in your log doesn't appear to have been scanned by anti-spam, Wolfgang, so there must be another Exception that applied.  The second one was scanned and wasn't spam.  There may be an issue with a bad pattern.  If just rebooting didn't solve this, I'd be tempted to re-image from ISO and restore a backup.  Any luck?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA