Thread Info
  • State Suggested Answer
  • +6 person also asked this people also asked this
  • Locked Locked
  • Replies 48 replies
  • Answers 5 answers
  • Subscribers 27 subscribers
  • Views 14828 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM RBL Check broken today?

Felix Buch

Hello,

today it seems like the RBL Pattern is broken, some E-Mails are getting blocked who are not on the Blacklist.

Anyone else

Greetings Felix



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to emmosophos

    Hello Community,

    An additional Work Around has been provided by GES.

    Option 1:
    Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.
    Do not use cbl.abuseat.org as a custom RBL at present if you use public DNS.
    www.anti-abuse.org/.../ Contains a listing of common RBLs

    Option 2:
    Under Network Services>DNS>Request Routing add cbl.abuseat.org to the domain field and then either directly add the Spamhaus IP or an alternate DNS server to not forward this domain via public DNS.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hello,

    I am a little bit confused. We had the zen.spamhaus.org in our custom RBL not zen.spamHOUSE.org.

    I think zen.spamhaus.org is the real problem with RBL because the rbl blockings are not only wiithspamhaus.org, also abuseat.org blocks the same ip addresses.

    As you can read at abuseat.org

    "IMPORTANT TO ALL CBL users: If you were using the CBL to filter access to your mail servers or anything else, you will need to take note of several changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure, the lookup pages and access methods have changed."

    they changed their infrastructure to spamhaus.

    Because of the fact that abuseat.org is in the recommended RBLs of sophos all utm customers run into the same problem.

    So we disabled the recommendes rbl and used two other rbl lists as workaround.

  • 0 in reply to emmosophos

    today one of our customers had to remove "spam.dnsbl.sorbs.net" from the RBL List, since it was dropping lots of valid mails. 

    can anyone confirm that this is related to the bug NUTM-13047?

  • 0 in reply to Samuel Heinrich

    I do not know, but we do see some legit senders that are blocked by dnsbl.sorbs.net. We are currently working with exceptions for the sender domains in question, which is not optimal.

  • 0 in reply to Samuel Heinrich

    We had the same problem with all our customers. The reason is that servers of many of the big mailproviders like Gmail, Apple, Microsoft are listed at Sorbs. So mails from these servers are rejected.

    It would be nice to have global whitlisting (like dnswl.org) implemented. This would help not to block the big players.

Unfiltered HTML