This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM RBL Check broken today?

Hello,

today it seems like the RBL Pattern is broken, some E-Mails are getting blocked who are not on the Blacklist.

Anyone else

Greetings Felix



This thread was automatically locked due to age.
Parents
  • Hello Community,

    The team is working on a permanent fix for v9.7MR9, likely to be released towards the end of the year.

    There are a number of ways to avoid the issue in the meantime:

    - switching to a different DNS provider. We have mainly seen this with customers using Quad9.

    - alternatively, you can set a DNS forwarding rule that would pass DNS requests for cbl.abuseat.org to a different DNS resolver

    - Disabling recommended RBL checks will guarantee mail doesn't get unnecessarily rejected but may allow more spam through

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello Community,

    The team is working on a permanent fix for v9.7MR9, likely to be released towards the end of the year.

    There are a number of ways to avoid the issue in the meantime:

    - switching to a different DNS provider. We have mainly seen this with customers using Quad9.

    - alternatively, you can set a DNS forwarding rule that would pass DNS requests for cbl.abuseat.org to a different DNS resolver

    - Disabling recommended RBL checks will guarantee mail doesn't get unnecessarily rejected but may allow more spam through

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
  • Regarding your fixes:
    - disabling RBL means waay more spam reaching users. So, a not preferable solution.

    - switching to another dns provider might not work, you say yourself that "We have mainly seen this with customers using Quad9.". But what if it also happens with the alternate dns provider? Legitimate mail get's blocked but since this is on a smtp connect level the recipient get's no notification. We rely on the sender to notify of the sending failure by other means! So potentially important mail get's lost. VERY not preferable solution!

    - " DNS forwarding rule that would pass DNS requests for cbl.abuseat.org to a different DNS resolver"
    If my understanding of the underlying problem is correct then adding the own spamhaus dns servers via that way would be the ideal solution. All normal dns queries go whatever way and only the queries regarding spam or not go directly from my utm (with my IP - so no big quad9/google/whatever dns IP) to spamhaus. Spamhaus is happy that they can count how many requersts come from my IP, I am happy because spam query via dns works reliably and UTM/Sophos is out of the doghouse.

    I detailed my resolution attempt a little above.

    MAYBE Sophos can give precise and tested instructions on how to implement the DNS forwarding rules so we all in this thread can implement it accordingly!

    Thanks

  • So is this fixed in 9.709-3?

  • It works :)

    by default we have quad9 dns