Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 2525 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue when receiving Mails from Company with more than 1 MX-record

DCOM-DW
hi everybody!

could someone confirm an issue on an utm9 virtual-appliance while receiving mails from a company with more than ONE mx-record defined (f.e.: bmwgroup.com)?

Model: ASG Software
Firmware version: 9.206-35
Pattern version: 66789

there are absolutely no log's about the mails found in the SMTP-protcoll in mailmanager.
whether they are junke'd or received or something else ...



thx!


This thread was automatically locked due to age.
  • 0
    Your receipt of mails from bmwgroup.com should not be affected by the fact that that domain has multiple MX records.  I suspect that you have a DNAT rule causing this.  Consider #2 in Rulz.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Make sure strict rdns (or add an exception) checks are turned off... also, try adding a greylisting exception if you are using greylisting.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    hi,

    well @ BAlfson - since we use the utm as mailsecurity only there ist no NAT configured!
    @ Brucek: of course, we do STRICT RDNS & GREYLISTIING but we wouldn't check these "filters" off!

    the isseus startet first with the last update of the utm.


    thx!
  • 0
    there are absolutely no log's about the mails found in the SMTP-protcoll in mailmanager.
    since we use the utm as mailsecurity only there ist no NAT configured!

    Then, if you've checked #1 in Rulz and the full SMTP log file (not Mail Manager), the problem is not inside the UTM.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to DCOM-DW
    hi,

    well @ BAlfson - since we use the utm as mailsecurity only there ist no NAT configured!
    @ Brucek: of course, we do STRICT RDNS & GREYLISTIING but we wouldn't check these "filters" off!

    the isseus startet first with the last update of the utm.


    thx!


    Configure an exception for that one email domain, no need to switch those features off wholesale.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    hello again!

    BAlfson, you're right ... in some way ... i've checked the log's (forget to mention, sry) and in there i see the (almost famous) error "failed to expand ACL string" which points me to a lot of postings here.
    of course i could disable "strict rDNS check" AND greylisting to "fix" this problem temporarly.
    but as i said in the first post - this only happens at senders which domain/mailservers do have one than more MX-record or more then one IP on an MX-record.

    also this issue is not about one utm - i've to check up 'bout 10 of them (almost daily & do almost daily exceptions).

    therefore is was just asking if this could be an bug/error within the last update of the UTM.



    so far, thx
  • 0
    hi again,

    only of interest: someone else noticed this behaviour with one then more MX-record?



    cheers,
    d
  • 0
    We don't use Strict RDNS checking, as there are too many misconfigured mail servers out there.

    If you can reproduce this problem why don't you raise a ticket with support?

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0
    I use the following on my utm smtp proxy:
    Reject invalid HELO / missing RDNS
    Do strict RDNS checks
    Use Greylisting
    Perform SPF check

    I have several mail servers with multiple MX records this client converses with....[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    well support told me to correct he settings on the mailservers ... not very helpfull 'cause these aren't my mailserver neither i'm responsable for the DNS-seetings of them.
    only thing support told me was to disable switch off every spam-check [:(]
Unfiltered HTML