Mail Protection rejecting SPAM for 30 Minutes

Hello,

i have currently a Problem with the UTM running on SG450. Every day there is twice a day an E-Mail delay of around 30 Minutes. In those 30 Minutes the UTM is only rejecting SPAM, and not delivering Mails. As soon as the SPAM rejection stops, the Mails are going in and out. Has anyone come across the same Problem or is this a normal behaviour? I opened countless Tickets at Sophos Support, they said to me that "everything is working fine".

What i have already done:

reimaged both nodes

did postgres rebuild ( UTM is working better since then )

created blackhole routes for failed SMTP auth attempts

Kind Regards

  • Hallo and welcome to the UTM COmmunity!

    What do you see in the SMTP log for an email that arrives in those 30 minutes but is not delivered?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    2021:07:26-11:12:30 fra-31-1 smtpd[19056]: SCANNER[19056]: 1m7wf0-0004xM-Bn <= xxxxxxxxx@gmx.de R=1m7wG5-0004lW-23 P=INPUT S=134891
    2021:07:26-11:12:30 fra-31-1 smtpd[19056]: SCANNER[19056]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="xxx.xxx.xxx.xxx" from="xxxx@gmx.de" to="xxxxxx@xxxxxx.de" subject=xxxxxxx" queueid="1m7wf0-0004xM-Bn" size="134891"
    2021:07:26-11:12:30 fra-31-1 exim-out[19067]: 2021-07-26 11:12:30 1m7wf0-0004xM-Bn => xxxxxx@xxxx.de P=<xxxxx@gmx.de> R=static_route_hostlist T=static_smtp H=xx.xx.xx.xx [xx.xx.xx.xx]:25 C="250 Ok"
    2021:07:26-11:12:30 fra-31-1 exim-out[19067]: 2021-07-26 11:12:30 1m7wf0-0004xM-Bn Completed

    all Mails are being delivered but with ~30 Minutes delay.

    Here is a Screenshot from the Mail Manager, the first Mail that is delivered, is the Log from above(26 Minutes delay). The UTM is only rejecting SPAM for half an hour and then sends all those Mails that are queued:

    Kind Regards,

    Ante

  • Hallo Ante,

    I'm going to guess that the issue is in the mail server - any luck with that?

    Cheers - Bob
    PS The only malware I've gotten in over 10+ years was from an external link to a picture in this forum over 5 years ago.  We can't know if that external site is properly protected (I opened your links in a sandbox).  In the future, please insert your images directly into the post.  Thanks in advance!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA