Sophos UTM RBL Check broken today?

They will not solve the problem, because they dont have the problem ;-)

I opend a support case, the answer is, that the problem is at the spamhaus side and not at the UTM side. As i asked them, but that is your recommended option and spamhaus will deactived this RBL in future, so what should i do? They said, that is not a technical probelm with UTM, it is a third party problem, i should talk to my account manager. Very nice support by Sophos. A "paid" feature that is not suppported.

Yes, this is not good - had to turn off RBL checking to get all customers' mail (including purchase orders!) through.

this not work

Hello

When will sophos solve this problem?

Wouldn't it be maybe also a (better) solution to use the "Request Routing" function of the UTM? Under "Network Services" -> "Request Routing" specific routes for zen.spamhaus.org could be added to have their NS servers be queried when the resolution is being tried. I think such an entry would be a beginning (there are waay more NS servers from spamhaus):

It's clear if you read the usage terms (https://www.spamhaus.org/organization/dnsblusage/)
Look at 1.1.3

• The network originating the DNS Query must be identifiable. This means you must query the Spamhaus DNSBL Public Mirrors from a recursive resolver run on your own network or from a public resolver which supports ECS.

I think forwarders like Quad9 produce excessive load to Spamhaus so they are rate-limited or even blocked because the original source of a query can't be identified. So Spamhaus can't differentiate if the queries came from 1 or from 100000 diffrent users.

It's possible to get a subscription. With a subscription you get a key to query the Spamhaus servers and they can clearly identify the query source.

Looks to me like Sophos is using the free Spamhaus DNSBLs but the customer pays Sophos for E-Mail security??

It's ok. I disable the Recommended RBL option and the mailflow continues. Don't know which bug it's this time.

Than the IP is not longer blocked,

It isn't, since the IP isn't on any blacklists and an nslookup of the IP against fur.global.sophosxl.com gets an nxdomain back. The sophos online check also lists that ip green (ok).

Problem is not solved, Sophos has to honor new return Codes from spamhaus, and has to make sure limits are not exceeded and make sure public DNS is not used for cbl.abuseat.org.

fur.global.sophosxl.com should not be affected, cause it is sophos rbl.

A System on this list might be a spammer.

may