Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 9836 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V 9.353-4 Quarantine Report not sending

EwanParish

Hi All,

I've been having a problem for a while now with my UTM, the Quarantine report used to send twice, once at 10:00am and another at 3:00pm. It used to send fine, but we've obviously made some changes that it doesn't like. There are emails in the Quarantine that should be showing on the report to users, but nothing comes through.

I've tried to highlight some of the settings below:

Status - On

Send Additional Report - On

Exceptions - Nothing set in there

Advanced - Hostname - My UTM

Allowed Networks - Any & Internal

Release options - Span, Expression, Unscannable & Other.

There doesn't seem to be as much mail going into the Quarantine, certainly not as much as there was. Which makes me think its something we've changed in the mail settings. The only things I can think of is that we do SPF checking and Greylist checking now.

Any help would be much appreciated, even if you've had the same issue before!

Regards

Ewan



This thread was automatically locked due to age.
Parents
  • 0
    Hi Bob,

    Thanks!

    Advanced - Hostname - My UTM - No, the hostname is the same as it always has been.

    Allowed Networks -That makes sense, I take it this is a list of the networks that are able to connect to the Quarantine report and release items?

    I've been into the Mail Manager and it doesn't look like they're being held in the SMTP Spool either.

    Will the Quarantines show in a system log somewhere when they're trying to send? Maybe I could monitor that if they did?

    Cheers

    Ewan
  • 0 in reply to EwanParish
    Yes, the list of networks that can access the Quarantine via the Quarantine Report.

    Open the SMTP log file and search for: Sending QR one

    After that, for every report sent, you should see a line with: SMTP connection from MailerDaemon

    Following that should be a line for each report sent with: Queued mail for delivery

    If you see that there were reports sent then check the spool from the command line in:

    cd /var/storage/chroot-smtp/spool/output/1/input
    or
    cd /var/storage/chroot-smtp/spool/output/0/input

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to EwanParish
    Yes, the list of networks that can access the Quarantine via the Quarantine Report.

    Open the SMTP log file and search for: Sending QR one

    After that, for every report sent, you should see a line with: SMTP connection from MailerDaemon

    Following that should be a line for each report sent with: Queued mail for delivery

    If you see that there were reports sent then check the spool from the command line in:

    cd /var/storage/chroot-smtp/spool/output/1/input
    or
    cd /var/storage/chroot-smtp/spool/output/0/input

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Thanks for the info Bob. I've checked that all out and I can see the QR kicking off at two points during the day, and then emails following it. There doesn't look to be anything in the Spool.

    Because I'm working off old data its quite hard to work out what should have sent. Now I know how to look at the logs I'm going to monitor it everyday and try to work it out from there.
Unfiltered HTML