Sophos UTM RBL Check broken today?

Resolution

Issue is not due to Sophos UTM, rather due to Spamhaus' policy regarding lookups from Public DNS providers.

Option 1:
Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.

Do not use cbl.abuseat.org as a custom RBL at present if you use public DNS.

http://www.anti-abuse.org/multi-rbl-check/ Contains a listing of common RBLs

Option 2:
Under Network Services>DNS>Request Routing add cbl.abuseat.org to the domain field and then either directly add  the Spamhaus IP or an alternate DNS server to not forward this domain via public DNS.

I think you're making it a little too easy for yourselves... .Anyone who relies on the default setting does not initially know why it suddenly becomes a problem. After all, it worked for years and it's not funny if you don't know why emails are suddenly rejected.

Could you please explain why this is a problem with public dns ? 

I thought all RBLs would be contacted directly for RBL checks and not via dns forwarder configured in the utm.

We have big problems with our customers because of this problem to explain the root cause.

I completely agree to Christoph!

We had this situation at several customers yesterday and had to help them changing the default settings to a working solution.

This should be clearly communicated to all customers together with a recommendation how to overcome this situation.

Nobody is interested in accusing Sophos wether it's their "fault" or not.

I don't know the technical details, why SPAMHAUS don't like Public DNS Resolver. I believe, that the public Resolver don't deliver the same Information and they are not able to control the use.

However, topic 1.1.3 from the terms of use say:

The network originating the DNS Query must be identifiable. This means you must query the Spamhaus DNSBL Public Mirrors from a recursive resolver run on your own network or from a public resolver which supports ECS.

Source: https://www.spamhaus.org/organization/dnsblusage/

So i set the default DNS resolver to something like Google oder Quad9 and made an additional requesting route only for "cbl.abuseat.org" to the DNS resolver from the "Deutsche Telekom". That's already my Internet provider.

So I believe, if your provider is someone like for example "1 & 1", you have to take their DNS resolvver.

My solutions works for me without any problems.

Hi,

this might work some time I think. The major Problem is, large customer must register with spamhaus. (https://www.spamhaus.com/faqs/) The Barracuda entry.

This seems not to be done by UTM automatically. Using Spamhaus RBL might end in false positives.

UTM seems not to check against the return codes:

may

Hello

Is the problem "Rejected: RBL (cbl.abuseat.org)" solved? 

When can activate the RBL

Hi,

it isn't. Had the problem with a host in germany. The rbl list was fur.global.sophosxl.com. After disabling the Recommended RBLs Option mails from this host went in quarantine, but we were able to receive mails.

Best regards

Problem is not solved, Sophos has to honor new return Codes from spamhaus, and has to make sure limits are not exceeded and make sure public DNS is not used for cbl.abuseat.org.

fur.global.sophosxl.com should not be affected, cause it is sophos rbl.

A System on this list might be a spammer.

may

It isn't, since the IP isn't on any blacklists and an nslookup of the IP against fur.global.sophosxl.com gets an nxdomain back. The sophos online check also lists that ip green (ok).