3CX DLL-Sideloading attack: What you need to know

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mails blocked with the log entry "Rejected: RBL (fur.global.sophosxl.com)"?


we have a case here where the mails from a particular server are blocked with the log entry "Rejected: RBL (fur.global.sophosxl.com)". However, a check of the IP address via https://www.sophos.com/en-us/labs shows that the IP is "OK". What is the source of the RBL "fur.global.sophosxl.com" and how can someone get their IP address removed from this list?

Best regards
Jens Lange

This thread was automatically locked due to age.
  • Hallo Jens and welcome to the UTM Community!

    Apparently, you're running 9.706 or later.  That's when the UTM switched from using CommTouch to SASI, Sophos' own anti-spam tool.  If you check, I bet you'll find that every email rejected for RBL had an IP  in fur.global.sophosxl.com.

    This is the first time anyone has asked this question here.  Please let us know what Sophos Support says about this.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Okay, @DeveshM is replying here, in a case that also relates to RBL fur.global.sophosxl.com, that that someone can contact Sophos with a complaint, logs and an example of the blocked email. If that is indeed the only option, the question remains how and where to contact. Does anyone have any ideas on this?

  • FormerMember
    0 FormerMember in reply to JensLange

    Hey Jens, Thanks for tagging me in the previous post :) 

    If the Sophos Labs page is showing that the IP address is OK then it may be a false positive. Raise a case with our Support team and provide them with the mail that was blocked on UTM and they'll be able to follow up with the Labs team to get it removed from the RBL

    Alternatively, You can also follow this KB article to directly submit this to Sophos Labs by forwarding that blocked mail as an attachment to "not-spam@labs.sophos.com". While doing this, Make sure you follow the steps exactly as they're mentioned in the KB article.

    To export the mail from UTM, Keep the spam action as quarantined, Initiate a mail to your domain, and once it is quarantined, Download it from the Mail Manager > SMTP Quarantine. If its set to quarantine already, then you can simply download any one of those email.