Sophos UTM RBL Check broken today?

Same here, multiple Sophos UTMs in different Datacenters.

My Workaround:
Disable "Use recommended RBLs" (Email Protection -> SMTP -> Antispam)

Now those Mails are not rejected anymore.

But it might be a good idea to add a different blacklist there. We use "dnsbl-1.uceprotect.net".

Do not add "zen.spamhaus.org", that blacklist does not work either!

Hello Community

This is currently a known issue and is being investigated actively under NUTM-13047

The current Work Around is:

Hello Community,

An additional Work Around has been provided by GES.

Option 1:
Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.
Do not use cbl.abuseat.org as a custom RBL at present if you use public DNS.
www.anti-abuse.org/.../ Contains a listing of common RBLs

Option 2:
Under Network Services>DNS>Request Routing add cbl.abuseat.org to the domain field and then either directly add the Spamhaus IP or an alternate DNS server to not forward this domain via public DNS.

Regards,

Hello,

I am a little bit confused. We had the zen.spamhaus.org in our custom RBL not zen.spamHOUSE.org.

I think zen.spamhaus.org is the real problem with RBL because the rbl blockings are not only wiithspamhaus.org, also abuseat.org blocks the same ip addresses.

As you can read at abuseat.org

"IMPORTANT TO ALL CBL users: If you were using the CBL to filter access to your mail servers or anything else, you will need to take note of several changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure, the lookup pages and access methods have changed."

they changed their infrastructure to spamhaus.

Because of the fact that abuseat.org is in the recommended RBLs of sophos all utm customers run into the same problem.

So we disabled the recommendes rbl and used two other rbl lists as workaround.

today one of our customers had to remove "spam.dnsbl.sorbs.net" from the RBL List, since it was dropping lots of valid mails. 

can anyone confirm that this is related to the bug NUTM-13047?

I do not know, but we do see some legit senders that are blocked by dnsbl.sorbs.net. We are currently working with exceptions for the sender domains in question, which is not optimal.

Is this problem solved? I dont find anything in the "known issue list" with NUTM-13047.

Hello Willi,

The RCA has been identified and a change is being discussed.

Regards,

Hi,

it seems, that cbl.abuseat.org don't like public dns resolvers. I got the problems yesterday, after i changed my dns resolver from my provider to Quad9. After i changed them back to my provider, everyhting works fine again. 
Because i want to use Quad9 as the regular resolver, i add a request routing like Emmosophos describe it as an alternative 2.

Regards