Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 6661 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM blocking 1 internal user outgoing

JasonIstre
Just started a couple hours ago.  Everything she sends from outlook our exchange servers sends to the UTM and they bounce back.  Other users arent having problems.  Here's one from the log....

1VA0dh-0003pL-38 DKIM: d=lifelock.com s=dkimrnt16925 c=simple/simple a=rsa-sha1 i=@lifelock.com t=1376584988 [invalid - syntax error in public key record]
1VA0di-0003pP-1N ctasd reports 'Confirmed' RefID:str=0001.0A020207.520D00B3.020F,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12
1VA0dh-0003pL-38 ctasd reports 'Suspect' RefID:str=0001.0A020207.520D051E.0118,ss=2,re=0.000,recu=0.000,reip=0.000,cl=2,cld=1,fgs=0
1VA0dh-0003pL-38 member.services@lifelock.com H=rntca67.rnmk.com [216.136.162.67]:20183 P=esmtp S=24513 id=RNTM.AvUE~wqVCv8S1GdlGvEe~yL~Jvsq~y7~Mv~3~zr~.0.1376584988.0CfMM9Qn2Dk!@websc18.int.rightnowtech.com
1VA0di-0003pP-1N id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="REMOVED-LOCALIP" from="REMOVED-USERNAME@REMOVED-DOMAIN.com" to="REMOVED" subject="test" queueid="1VA0di-0003pP-1N" size="2591" reason="as" extra="confirmed"
1VA0di-0003pP-1N H=REMOVED-SERVER-NAME (smtp01.REMOVED-DOMAIN.com) [REMOVED-LOCALIP]:11432 F= rejected after DATA

Ideas?


This thread was automatically locked due to age.
Parents
  • 0
    Only the "OR" option is available.

    You're right - I was thinking about Exceptions in Web Filtering.

    I don't know of any way to report a false-positive to CommTouch except from the SMTP Quarantine in Mail Manager.  

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    This happened again to another user who was using guest wifi from a hospital with Outlook on her notebook.  Everything she sent was blocked as confirmed spam, though send could send emails from her phone (4g, not guest wifi).  When she got home her outlook was sending unblocked.

    Her outlook is cache mode HTTPS MAPI, it doesn't use SMTP to send email.  The exchange server does that.  Is there something that gets put in the email about the clients public internet IP or location?
Reply
  • 0 in reply to BAlfson
    This happened again to another user who was using guest wifi from a hospital with Outlook on her notebook.  Everything she sent was blocked as confirmed spam, though send could send emails from her phone (4g, not guest wifi).  When she got home her outlook was sending unblocked.

    Her outlook is cache mode HTTPS MAPI, it doesn't use SMTP to send email.  The exchange server does that.  Is there something that gets put in the email about the clients public internet IP or location?
Children
No Data
Unfiltered HTML