Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 6659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM blocking 1 internal user outgoing

JasonIstre
Just started a couple hours ago.  Everything she sends from outlook our exchange servers sends to the UTM and they bounce back.  Other users arent having problems.  Here's one from the log....

1VA0dh-0003pL-38 DKIM: d=lifelock.com s=dkimrnt16925 c=simple/simple a=rsa-sha1 i=@lifelock.com t=1376584988 [invalid - syntax error in public key record]
1VA0di-0003pP-1N ctasd reports 'Confirmed' RefID:str=0001.0A020207.520D00B3.020F,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12
1VA0dh-0003pL-38 ctasd reports 'Suspect' RefID:str=0001.0A020207.520D051E.0118,ss=2,re=0.000,recu=0.000,reip=0.000,cl=2,cld=1,fgs=0
1VA0dh-0003pL-38 member.services@lifelock.com H=rntca67.rnmk.com [216.136.162.67]:20183 P=esmtp S=24513 id=RNTM.AvUE~wqVCv8S1GdlGvEe~yL~Jvsq~y7~Mv~3~zr~.0.1376584988.0CfMM9Qn2Dk!@websc18.int.rightnowtech.com
1VA0di-0003pP-1N id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="REMOVED-LOCALIP" from="REMOVED-USERNAME@REMOVED-DOMAIN.com" to="REMOVED" subject="test" queueid="1VA0di-0003pP-1N" size="2591" reason="as" extra="confirmed"
1VA0di-0003pP-1N H=REMOVED-SERVER-NAME (smtp01.REMOVED-DOMAIN.com) [REMOVED-LOCALIP]:11432 F= rejected after DATA

Ideas?


This thread was automatically locked due to age.
Parents
  • 0
     1VA0dh-0003pL-38 DKIM: d=lifelock.com s=dkimrnt16925 c=simple/simple a=rsa-sha1 i=@lifelock.com t=1376584988 [invalid - syntax error in public key record]
    ...
     1VA0dh-0003pL-38 ctasd reports 'Suspect' RefID:str=0001.0A020207.520D051E.0118,ss=2,re=0.00 0,recu=0.000,reip=0.000,cl=2,cld=1,fgs=0
     1VA0dh-0003pL-38 member.services@lifelock.com H=rntca67.rnmk.com [216.136.162.67]:20183 P=esmtp S=24513 id=RNTM.AvUE~wqVCv8S1GdlGvEe~yL~Jvsq~y7~Mv~3~zr~.0 .1376584988.0CfMM9Qn2Dk!@websc18.int.rightnowtech. com

    Apparently, that email was delivered or quarantined, depending on your settings.  LifeLock needs to fix their DKIM record.

     1VA0di-0003pP-1N ctasd reports 'Confirmed' RefID:str=0001.0A020207.520D00B3.020F,ss=4,sh,re=0 .000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12
    ...
     1VA0di-0003pP-1N id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="REMOVED-LOCALIP" from="REMOVED-USERNAME@REMOVED-DOMAIN.com" to="REMOVED" subject="test" queueid="1VA0di-0003pP-1N" size="2591" reason="as" extra="confirmed"
     1VA0di-0003pP-1N H=REMOVED-SERVER-NAME (smtp01.REMOVED-DOMAIN.com) [REMOVED-LOCALIP]:11432 F= rejected after DATA

    CommTouch thinks the email looks like a known spam.  Have you seen the email?  If it looks OK, then CommTouch likely will have their database adjusted automatically this afternoon.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
     1VA0dh-0003pL-38 DKIM: d=lifelock.com s=dkimrnt16925 c=simple/simple a=rsa-sha1 i=@lifelock.com t=1376584988 [invalid - syntax error in public key record]
    ...
     1VA0dh-0003pL-38 ctasd reports 'Suspect' RefID:str=0001.0A020207.520D051E.0118,ss=2,re=0.00 0,recu=0.000,reip=0.000,cl=2,cld=1,fgs=0
     1VA0dh-0003pL-38 member.services@lifelock.com H=rntca67.rnmk.com [216.136.162.67]:20183 P=esmtp S=24513 id=RNTM.AvUE~wqVCv8S1GdlGvEe~yL~Jvsq~y7~Mv~3~zr~.0 .1376584988.0CfMM9Qn2Dk!@websc18.int.rightnowtech. com

    Apparently, that email was delivered or quarantined, depending on your settings.  LifeLock needs to fix their DKIM record.

     1VA0di-0003pP-1N ctasd reports 'Confirmed' RefID:str=0001.0A020207.520D00B3.020F,ss=4,sh,re=0 .000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12
    ...
     1VA0di-0003pP-1N id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="REMOVED-LOCALIP" from="REMOVED-USERNAME@REMOVED-DOMAIN.com" to="REMOVED" subject="test" queueid="1VA0di-0003pP-1N" size="2591" reason="as" extra="confirmed"
     1VA0di-0003pP-1N H=REMOVED-SERVER-NAME (smtp01.REMOVED-DOMAIN.com) [REMOVED-LOCALIP]:11432 F= rejected after DATA

    CommTouch thinks the email looks like a known spam.  Have you seen the email?  If it looks OK, then CommTouch likely will have their database adjusted automatically this afternoon.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    It's outgoing and just one user here.  I sat down at her computer and used outlook to send a few emails to some different accounts and they immediately come back undeliverable as the UTM rejects them.  She has no addins in outlook and spyware and virus scan came back clean.  I don't see those lifelock messages in the log for any other users but her.

    the only thing I could do was create an antispam exception for anything where the sender was her email address.  but it seems like that would allow Internet smtp mail that says its from her to get through when it's obviously spam.
Unfiltered HTML