I'm having this issue with Exchange and the UTM.
My quarantine reports are not getting delivered either as they are getting bounced.
Any ideas?
This thread was automatically locked due to age.
Looking at it further, it only appears to happen with the quarantine report.
The UTM sends the spam quarantine report out to the user. The user has an automatic reply set (as they are away) which is then forwarded back to the UTM.
It then appears the UTM sends the quarantine report again (and then the auto reply) and so on until it bounces due to a mail loop.
Normal email to the user (from internal (doesn't hit UTM) & external) doesn't have this behavior and responds as it should.
Even with the above happening, the user only gets one quarantine report in their inbox so it's not flooding it.
It's almost like the UTM gets an auto reply and doesn't know what to do with it and then tries to forward it back to the user who then auto replies and so on until exchange cuts the loop.
Log below:
2016:05:03-07:00:24 UTM01-1 exim-out[9258]: 2016-05-03 07:00:24 1axTNJ-0002Jv-0l => joe.bloggs@mydomain.uk P=<UTM01@mydomain.uk> R=static_route_hostlist T=static_smtp H=10.1.2.100 [10.1.2.100]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0 <E1axTNJ-0002Jv-0l@UTM01.mydomain.uk> [InternalId=227116] Queued mail for delivery"
2016:05:03-07:00:30 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNm-0002Q6-G5" size="2727"
2016:05:03-07:00:33 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNp-0002Q6-7L" size="2727"
2016:05:03-07:00:36 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNs-0002Q6-0j" size="2727"
2016:05:03-07:00:38 UTM01-1 smtpd[9306]: SCANNER[9306]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTNu-0002Q6-TZ" size="2727"
2016:05:03-07:01:20 UTM01-1 smtpd[9759]: SCANNER[9759]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTOa-0002XP-Ak" size="2727"
2016:05:03-07:02:00 UTM01-1 smtpd[9958]: SCANNER[9958]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTPE-0002ac-8b" size="2727"
2016:05:03-07:17:10 UTM01-1 smtpd[14886]: SCANNER[14886]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTdu-0003s6-Fd" size="2727"
2016:05:03-07:32:20 UTM01-1 smtpd[19101]: SCANNER[19101]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axTsa-0004y5-Fb" size="2727"
2016:05:03-07:47:26 UTM01-1 smtpd[21568]: SCANNER[21568]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axU7C-0005bs-1k" size="2727"
2016:05:03-08:02:40 UTM01-1 smtpd[24605]: SCANNER[24605]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axULw-0006Or-9b" size="2727"
2016:05:03-08:17:46 UTM01-1 smtpd[27509]: SCANNER[27509]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axUaY-00079h-Jc" size="2727"
2016:05:03-08:32:53 UTM01-1 smtpd[30313]: SCANNER[30313]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axUpB-0007sv-AZ" size="2727"
2016:05:03-08:48:00 UTM01-1 smtpd[1224]: SCANNER[1224]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.1.2.3" from="" to="UTM01@mydomain.uk" subject="Automatic reply: Quarantine Report for joe.bloggs@mydomain.uk" queueid="1axV3o-0000Jk-0b" size="2727"
Those are the only lines in your SMTP log?
Is Exchange configured to send out-of-office replies as SMTP bounces? If so, I would have expected to see a problem with BATV.
Cheers - Bob
Those are the only lines in your SMTP log?
Is Exchange configured to send out-of-office replies as SMTP bounces? If so, I would have expected to see a problem with BATV.
Cheers - Bob
hi Louis I have the same problem.
How did you solve it?
To me it happens when I send an email to: name@subdomain.mydomain.it from: name@mydomain.it .
subdomain.mydomain.it has an external exchange
mydomain.it has an internal exchange with sophos email appliance
I read the guides sophos but the exchange configuration seems ok, with the old anti-spam and the same echange configuration there wasn't this problem.
thank for the support
