This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RBL blocking all mails

Hi everyone,

a customer told us today to add some custom RBLs at his UTM, because he is getting a lot of spam and the "recommended RBLs" are not enough for him.

So I added four RLBs today:

  • zen.spamhaus.org
  • psbl.surriel.com
  • sbl-xbl.spamhaus.org
  • blackholes.easynet.nl

As soon as I configured it like that, nearly all incoming mails are blackholed as spam, even if their IPs are NOT on any spamlist.

Does anybody know that problem with custom RBLs?

Best regards, Johnny



This thread was automatically locked due to age.
  • Hello Johnny,

    you should remove the two spamhaus.org entries. I don't remember exactly, but either there was a problem or they are not in business for Sophos UTM usage anymore.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • We use these and are happy with that configuration for a while now:

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you very much for your fast and very helpful reply. In the meantime I opened a ticket at Sophos, but it hasn't been helpful yet.

    I removed the two spamhaus RBLs and added yours so I have now:

    • ix.dnsbl.manitu.net
    • bl.spamcop.net
    • dnsbl-1.uceprotect.net
    • dnsbl-2.uceprotect.net
    • psbl.surriel.com
    • blackholes.easynet.nl
    • dnsbl.sorbs.net
    • blackholes.mail-abuse.org

    and there was not one false positive yet.

    Of course it would be nice to use spamhaus because I consider spamhaus as the biggest, safest and most spam defending RLB in Europe (hopefully I am not right with that, if we could not use them), so it would be nice if we could use them.

    If my Sophos support ticket leads anywhere, I will let anybody now.

    Thank you very much!

  • The final answer from the Sophos support is here. The RBLs abuseat and spamhaus changed something and they do not work, if you use public DNS servers, like we do with cloudflare. If you want those RBLs and use public DNS servers, you need to create a DNS request route for those specific domains, so that they will be resolved by your local ISP. I don't get it why/how DNS is involved in that, but I did it and now spamhaus is working without any problems.

    support.sophos.com/.../KB-000043004