This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM100 w. Basic Guard / AntiSpam

Hi all,

I just installed the UTM100 with Basic Guard Subscription and almost everything works fine. But there's still one problem left: When we send mails to a non existent mail adress, the non-delivery report is blocked by the antispam module of the UTM (reason: BATV), because there's no "From"-mail adress. Here's the log:

2014:07:21-11:20:16 SophosUTM exim-in[4660]: 2014-07-21 11:20:16 SMTP connection from [IronPort/Smarthost]:43305 (TCP/IP connection count = 1)
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 H=MailServiceProvider (H=MailServiceProvider) [IronPort/Smarthost]:43305 Warning: F=<> R= Missing BATV signature
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 [IronPort/Smarthost] F=<> R= Verifying recipient address with callout
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 [IronPort/Smarthost] F=<> R= Accepted: is a bounce
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="IronPort/Smarthost" from="" to="my@mailadress.de" subject="" queueid="" size="13225" reason="batv" extra=""

Is there any chance to disable the BATV-check (though it's not shown on the webinterface as we use the basic guard subscription) or to create a reasonable exception?

Best regards
Thilo

This thread was automatically locked due to age.

Parents

0 GuardianFan over 10 years ago

It's a little bit frustrating...though I deactivated all checks for incoming emails by adding the IronPort (195.69.x.x) to the exception list, NDRs are still rejected. As you can see, the exception seems to work.
2014:07:25-11:24:15 SophosUTM exim-in[4708]: 2014-07-25 11:24:15 SMTP connection from [195.69.x.x]:35768 (TCP/IP connection count = 1)
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de  [195.69.x.x]:35768 Warning: Exception matched: Skipping AV for this message
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de [195.69.x.x]:35768 Warning: Exception matched: Skipping antispam for this message
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de  [195.69.x.x]:35768 Warning: F=<> R= Missing BATV signature
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 [195.69.x.x] F=<> R= Accepted: is a bounce
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="195.69.x.x" from="" to="my@email.de" subject="" queueid="" size="13243" reason="batv" extra=""
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de  [195.69.x.x]:35768 rejected DATA
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 SMTP connection from mail.server.de [195.69.x.x]:35768 closed by DROP in ACL
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 GuardianFan over 10 years ago

It's a little bit frustrating...though I deactivated all checks for incoming emails by adding the IronPort (195.69.x.x) to the exception list, NDRs are still rejected. As you can see, the exception seems to work.
2014:07:25-11:24:15 SophosUTM exim-in[4708]: 2014-07-25 11:24:15 SMTP connection from [195.69.x.x]:35768 (TCP/IP connection count = 1)
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de  [195.69.x.x]:35768 Warning: Exception matched: Skipping AV for this message
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de [195.69.x.x]:35768 Warning: Exception matched: Skipping antispam for this message
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de  [195.69.x.x]:35768 Warning: F=<> R= Missing BATV signature
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 [195.69.x.x] F=<> R= Accepted: is a bounce
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="195.69.x.x" from="" to="my@email.de" subject="" queueid="" size="13243" reason="batv" extra=""
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 H=mail.server.de  [195.69.x.x]:35768 rejected DATA
2014:07:25-11:24:15 SophosUTM exim-in[28160]: 2014-07-25 11:24:15 SMTP connection from mail.server.de [195.69.x.x]:35768 closed by DROP in ACL
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data