This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM100 w. Basic Guard / AntiSpam

Hi all,

I just installed the UTM100 with Basic Guard Subscription and almost everything works fine. But there's still one problem left: When we send mails to a non existent mail adress, the non-delivery report is blocked by the antispam module of the UTM (reason: BATV), because there's no "From"-mail adress. Here's the log:

2014:07:21-11:20:16 SophosUTM exim-in[4660]: 2014-07-21 11:20:16 SMTP connection from [IronPort/Smarthost]:43305 (TCP/IP connection count = 1)
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 H=MailServiceProvider (H=MailServiceProvider) [IronPort/Smarthost]:43305 Warning: F=<> R= Missing BATV signature
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 [IronPort/Smarthost] F=<> R= Verifying recipient address with callout
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 [IronPort/Smarthost] F=<> R= Accepted: is a bounce
2014:07:21-11:20:16 SophosUTM exim-in[25009]: 2014-07-21 11:20:16 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="IronPort/Smarthost" from="" to="my@mailadress.de" subject="" queueid="" size="13225" reason="batv" extra=""

Is there any chance to disable the BATV-check (though it's not shown on the webinterface as we use the basic guard subscription) or to create a reasonable exception?

Best regards
Thilo

This thread was automatically locked due to age.

Parents

0 vilic over 10 years ago

I've done a quick test in my virtual lab environment putting another UTM in front of the first as the smart host, and received the same BATV errors like you. It looks like that BATV doesn't work correctly in Smart Hosts configurations.

Lab setup was:
[FONT="Courier New"]Exchange -> UTM (10.0.0.234) BATV enabled -> Test UTM (10.0.0.240) BATV disabled[/FONT]

Log from Back-End UTM (error same as yours):

2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 H=(test) [10.0.0.240]:44013 Warning: F=<> R= Missing BATV signature
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 [10.0.0.240] F=<> R= Verifying recipient address with callout
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 [10.0.0.240] F=<> R= Accepted: is a bounce
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="10.0.0.240" from="" to="vilic@mydomain.com" subject="" queueid="" size="13894" reason="batv" extra=""
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 H=(test) [10.0.0.240]:44013 rejected DATA
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 SMTP connection from (test) [10.0.0.240]:44013 closed by DROP in ACL

Log from Front-End UTM (everything OK, message delivered to Back-End, but look at the last few lines):

2014:07:28-13:05:32 test exim-in[4711]: 2014-07-28 13:05:32 SMTP connection from [195.178.x.y]:38028 (TCP/IP connection count = 1)
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 H=mail.anotherdomain.com [195.178.x.y]:38028 Warning: mydomain.com profile excludes greylisting: Skipping greylisting for this message
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 [195.178.x.y] F=<> R= Verifying recipient address with callout
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 [195.178.x.y] F=<> R= Accepted: is a bounce
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 1XBikH-0001vg-1k ctasd reports 'Unknown' RefID:str=0001.0A0C0201.53D62E7E.017D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=256
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 1XBikH-0001vg-1k <> H=mail.mail.anotherdomain.com [195.178.x.y]:38028 P=esmtps X=UNKNOWN:AES256-SHA:256 S=12847 id=59304beb-48a3-48d1-86b7-488c3be6f3dd@anotherdomain.com
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 SMTP connection from mail.antoherdomain.com [195.178.x.y]:38028 closed by QUIT
2014:07:28-13:05:35 test smtpd[4693]: QMGR[4693]: 1XBikH-0001vg-1k moved to work queue
2014:07:28-13:05:35 test smtpd[7370]: SCANNER[7370]: 1XBikJ-0001us-Rz  work R=SCANNER T=SCANNER
2014:07:28-13:05:35 test smtpd[7370]: SCANNER[7370]: 1XBikH-0001vg-1k Completed
2014:07:28-13:05:36 test exim-out[7423]: 2014-07-28 13:05:36 1XBikJ-0001us-Rz ** vilic@mydomain.com  P=<> R=static_route_hostlist T=static_smtp: SMTP error from remote mail server after pipelined DATA: host 10.0.0.234 [10.0.0.234]: 550 Administrative prohibition
2014:07:28-13:05:36 test exim-out[7423]: 2014-07-28 13:05:36 1XBikJ-0001us-Rz vilic@mydomain.com : error ignored
2014:07:28-13:05:36 test exim-out[7423]: 2014-07-28 13:05:36 1XBikJ-0001us-Rz Completed
2014:07:28-13:06:00 test exim-out[7455]: 2014-07-28 13:06:00 Start queue run: pid=7455

Reply

0 vilic over 10 years ago

2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 H=(test) [10.0.0.240]:44013 Warning: F=<> R= Missing BATV signature
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 [10.0.0.240] F=<> R= Verifying recipient address with callout
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 [10.0.0.240] F=<> R= Accepted: is a bounce
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="10.0.0.240" from="" to="vilic@mydomain.com" subject="" queueid="" size="13894" reason="batv" extra=""
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 H=(test) [10.0.0.240]:44013 rejected DATA
2014:07:28-13:05:36 utm exim-in[24291]: 2014-07-28 13:05:36 SMTP connection from (test) [10.0.0.240]:44013 closed by DROP in ACL

Log from Front-End UTM (everything OK, message delivered to Back-End, but look at the last few lines):

2014:07:28-13:05:32 test exim-in[4711]: 2014-07-28 13:05:32 SMTP connection from [195.178.x.y]:38028 (TCP/IP connection count = 1)
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 H=mail.anotherdomain.com [195.178.x.y]:38028 Warning: mydomain.com profile excludes greylisting: Skipping greylisting for this message
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 [195.178.x.y] F=<> R= Verifying recipient address with callout
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 [195.178.x.y] F=<> R= Accepted: is a bounce
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 1XBikH-0001vg-1k ctasd reports 'Unknown' RefID:str=0001.0A0C0201.53D62E7E.017D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=256
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 1XBikH-0001vg-1k <> H=mail.mail.anotherdomain.com [195.178.x.y]:38028 P=esmtps X=UNKNOWN:AES256-SHA:256 S=12847 id=59304beb-48a3-48d1-86b7-488c3be6f3dd@anotherdomain.com
2014:07:28-13:05:33 test exim-in[7420]: 2014-07-28 13:05:33 SMTP connection from mail.antoherdomain.com [195.178.x.y]:38028 closed by QUIT
2014:07:28-13:05:35 test smtpd[4693]: QMGR[4693]: 1XBikH-0001vg-1k moved to work queue
2014:07:28-13:05:35 test smtpd[7370]: SCANNER[7370]: 1XBikJ-0001us-Rz  work R=SCANNER T=SCANNER
2014:07:28-13:05:35 test smtpd[7370]: SCANNER[7370]: 1XBikH-0001vg-1k Completed
2014:07:28-13:05:36 test exim-out[7423]: 2014-07-28 13:05:36 1XBikJ-0001us-Rz ** vilic@mydomain.com  P=<> R=static_route_hostlist T=static_smtp: SMTP error from remote mail server after pipelined DATA: host 10.0.0.234 [10.0.0.234]: 550 Administrative prohibition
2014:07:28-13:05:36 test exim-out[7423]: 2014-07-28 13:05:36 1XBikJ-0001us-Rz vilic@mydomain.com : error ignored
2014:07:28-13:05:36 test exim-out[7423]: 2014-07-28 13:05:36 1XBikJ-0001us-Rz Completed
2014:07:28-13:06:00 test exim-out[7455]: 2014-07-28 13:06:00 Start queue run: pid=7455

Children

No Data