Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 1 subscriber
  • Views 14702 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM100 w. Basic Guard / AntiSpam

GuardianFan
Hi all,

I just installed the UTM100 with Basic Guard Subscription and almost everything works fine. But there's still one problem left: When we send mails to a non existent mail adress, the non-delivery report is blocked by the antispam module of the UTM (reason: BATV), because there's no "From"-mail adress. Here's the log:
2014:07:21-11:20:16 SophosUTM exim-in[4660]: 2014-07-21 11:20:16 SMTP connection from [IronPort/Smarthost]:43305 (TCP/IP connection count = 1)
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 H=MailServiceProvider (H=MailServiceProvider) [IronPort/Smarthost]:43305 Warning: F=<> R= Missing BATV signature
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 [IronPort/Smarthost] F=<> R= Verifying recipient address with callout
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 [IronPort/Smarthost] F=<> R= Accepted: is a bounce
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="IronPort/Smarthost" from="" to="my@mailadress.de" subject="" queueid="" size="13225" reason="batv" extra=""

Is there any chance to disable the BATV-check (though it's not shown on the webinterface as we use the basic guard subscription) or to create a reasonable exception?

Best regards
Thilo


This thread was automatically locked due to age.
Parents
  • 0
    In any case, BATV isn't applied to regular emails, only ones sent from your system and bounced by the remote server.  Of course, it could be an email with an address from your domain spoofed as the sender.  Please show us the lines from the SMTP log file that relate to one of these emails that's being incorrectly blocked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    In any case, BATV isn't applied to regular emails, only ones sent from your system and bounced by the remote server.  Of course, it could be an email with an address from your domain spoofed as the sender.  Please show us the lines from the SMTP log file that relate to one of these emails that's being incorrectly blocked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hi Bob,

    see my first post for the log file of the SMTP Proxy. I didn't delete the entry right behind the sender email adress, it is just empty (F=<>). All the other "personal" informations have been anonymized.
    Or is there another log file you want to see? If so, please tell me where I can find it.
Unfiltered HTML