Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 6659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM blocking 1 internal user outgoing

JasonIstre
Just started a couple hours ago.  Everything she sends from outlook our exchange servers sends to the UTM and they bounce back.  Other users arent having problems.  Here's one from the log....

1VA0dh-0003pL-38 DKIM: d=lifelock.com s=dkimrnt16925 c=simple/simple a=rsa-sha1 i=@lifelock.com t=1376584988 [invalid - syntax error in public key record]
1VA0di-0003pP-1N ctasd reports 'Confirmed' RefID:str=0001.0A020207.520D00B3.020F,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12
1VA0dh-0003pL-38 ctasd reports 'Suspect' RefID:str=0001.0A020207.520D051E.0118,ss=2,re=0.000,recu=0.000,reip=0.000,cl=2,cld=1,fgs=0
1VA0dh-0003pL-38 member.services@lifelock.com H=rntca67.rnmk.com [216.136.162.67]:20183 P=esmtp S=24513 id=RNTM.AvUE~wqVCv8S1GdlGvEe~yL~Jvsq~y7~Mv~3~zr~.0.1376584988.0CfMM9Qn2Dk!@websc18.int.rightnowtech.com
1VA0di-0003pP-1N id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="REMOVED-LOCALIP" from="REMOVED-USERNAME@REMOVED-DOMAIN.com" to="REMOVED" subject="test" queueid="1VA0di-0003pP-1N" size="2591" reason="as" extra="confirmed"
1VA0di-0003pP-1N H=REMOVED-SERVER-NAME (smtp01.REMOVED-DOMAIN.com) [REMOVED-LOCALIP]:11432 F= rejected after DATA

Ideas?


This thread was automatically locked due to age.
Parents
  • 0
    There are two messages in the logs above, 1VA0dh-0003pL-38 and 1VA0di-0003pP-1N.  The first one appears to be a message from LifeLock, and I don't think there's anything wrong there.  I've emailed their postmaster to inform them of the error in their public DNS DKIM TXT record.

    You could make the Exception more complex by also requiring that the email was sent from your Exchange server's IP.

    It would beinteresting to know if you created an Outlook Profile for your username on her machine if emails from you get bounced if sent from that machine.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I took the exception off for the original user and it's going through without a problem now, but...

    Suddenly today I have a different outlook user unable to send outgoing mail.

    log shows...
    1VEN6B-0001ur-1G ctasd reports 'Confirmed' RefID:str=0001.0A020207.521CE23B.0196,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12
    and...
    1VEN7I-0001zD-0a ctasd reports 'Confirmed' RefID:str=0001.0A020201.521CE280.006B,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12

    She is able to send emails from her iphone (activesync to exchange) without an issue.

    I did full malware and AV scans on the first users computer and it came back with nothing.  I'm just trying to understand what about the emails gets flagged as spam and how to prevent it.

    I cant seem to make an exception for the sender address and exchange ip, the rules are "OR".
  • 0 in reply to JasonIstre
    I wanted to try your experiment but by the time I got to her computer it was no longer rejecting.  

    See the attached image.  Only the "OR" option is available.  How would I do from this sender AND this host?
Reply Children
No Data
Unfiltered HTML