we have a case here where the mails from a particular server are blocked with the log entry "Rejected: RBL (fur.global.sophosxl.com)". However, a check of the IP address via https://www.sophos.com/en-us/labs shows that the IP is "OK". What is the source of the RBL "fur.global.sophosxl.com" and how can someone get their IP address removed from this list?Best regardsJens Lange
Hey Jens, Thanks for tagging me in the previous post :) If the Sophos Labs page is showing that the IP address is OK then it may be a false positive. Raise a case with our Support team and provide them with…
Hallo Jens and welcome to the UTM Community!
Apparently, you're running 9.706 or later. That's when the UTM switched from using CommTouch to SASI, Sophos' own anti-spam tool. If you check, I bet you'll find that every email rejected for RBL had an IP in fur.global.sophosxl.com.
This is the first time anyone has asked this question here. Please let us know what Sophos Support says about this.
Cheers - Bob
Okay, @DeveshM is replying here, in a case that also relates to RBL fur.global.sophosxl.com, that that someone can contact Sophos with a complaint, logs and an example of the blocked email. If that is indeed the only option, the question remains how and where to contact. Does anyone have any ideas on this?
Hey Jens, Thanks for tagging me in the previous post :) If the Sophos Labs page is showing that the IP address is OK then it may be a false positive. Raise a case with our Support team and provide them with the mail that was blocked on UTM and they'll be able to follow up with the Labs team to get it removed from the RBLAlternatively, You can also follow this KB article to directly submit this to Sophos Labs by forwarding that blocked mail as an attachment to "firstname.lastname@example.org". While doing this, Make sure you follow the steps exactly as they're mentioned in the KB article.To export the mail from UTM, Keep the spam action as quarantined, Initiate a mail to your domain, and once it is quarantined, Download it from the Mail Manager > SMTP Quarantine. If its set to quarantine already, then you can simply download any one of those email.