Sophos UTM RBL Check broken today?

Question

Hello, 
 today it seems like the RBL Pattern is broken, some E-Mails are getting blocked who are not on the Blacklist. 
 
 Anyone else 
 
 Greetings Felix

emmosophos · Answer

Hello Community 
 This is currently a known issue and is being investigated actively under NUTM-13047 
 The current Work Around is: 
 
 Uncheck "Use recommended RBL" and enter in a custom RBL if necessary. 
 Do not use cbl.abuseat.org as a custom RBL at present. 
 Regards,

emmosophos · Answer

Hello Community, 
 An additional Work Around has been provided by GES. 
 Option 1: Uncheck "Use recommended RBL" and enter in a custom RBL if necessary. Do not use cbl.abuseat.org as a custom RBL at present if you use public DNS. www.anti-abuse.org/.../ Contains a listing of common RBLs 
 Option 2: Under Network Services>DNS>Request Routing add cbl.abuseat.org to the domain field and then either directly add the Spamhaus IP or an alternate DNS server to not forward this domain via public DNS. 
 Regards,

Christoph · Answer

Hi, 
 it seems, that cbl.abuseat.org don't like public dns resolvers. I got the problems yesterday, after i changed my dns resolver from my provider to Quad9. After i changed them back to my provider, everyhting works fine again. Because i want to use Quad9 as the regular resolver, i add a request routing like Emmosophos describe it as an alternative 2. 
 Regards

emmosophos · Answer

Resolution 
 Issue is not due to Sophos UTM, rather due to Spamhaus' policy regarding lookups from Public DNS providers. 
 Option 1: Uncheck "Use recommended RBL" and enter in a custom RBL if necessary. 
 Do not use cbl.abuseat.org as a custom RBL at present if you use public DNS. 
 http://www.anti-abuse.org/multi-rbl-check/ Contains a listing of common RBLs Option 2: Under Network Services>DNS>Request Routing add cbl.abuseat.org to the domain field and then either directly add the Spamhaus IP or an alternate DNS server to not forward this domain via public DNS.

emmosophos · Answer

Hello Community, 
 The team is working on a permanent fix for v9.7MR9, likely to be released towards the end of the year. 
 There are a number of ways to avoid the issue in the meantime: 
 - switching to a different DNS provider. We have mainly seen this with customers using Quad9. 
 - alternatively, you can set a DNS forwarding rule that would pass DNS requests for cbl.abuseat.org to a different DNS resolver 
 - Disabling recommended RBL checks will guarantee mail doesn't get unnecessarily rejected but may allow more spam through 
 Regards,

Sophos UTM RBL Check broken today?

Top Replies