System Version until 2016/06/29: Sophos UTM 9.403-4
Malware scanning: Enable Sandstorm
One of our bosses sent out an email about a meeting to around 130 recipients on 20th of June. Attached was a PDF.
A lot if not most of these emails have been received by the recipients days later and some even over a week later!
This is an example:
2016:06:20-10:58:46 mail-1 smtpd[19139]: SCANNER[19139]: 1bEv2c-0004yh-NP <= XXX@YYY.ZZZ R=1bEv2Z-00052F-2Q P=INPUT S=65815
2016:06:20-10:58:48 mail-1 smtpd[19139]: SCANNER[19139]: id="1004" severity="info" sys="SecureMail" sub="smtp" name="email pending" srcip="XXX.XX.XX.XX" from="XXX@YYY.ZZZ" to="AAA@BBB.CCC" subject="XXXXXXXX" queueid="1bEv2c-0004yh-NP" size="65815" reason="sandbox" extra="Analyzing message content"
/var/log/smtp/2016/06/smtp-2016-06-29.log.gz:2016:06:29-07:39:43 mail-1 smtpd[6796]: SANDSTORM[6796]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="XXX.XX.XX.XX" from="XXX@YYY.ZZZ" to="AAA@BBB.CCC" subject="XXXXXXXX" queueid="1bEv2c-0004yh-NP" size="65815"
/var/log/smtp/2016/06/smtp-2016-06-29.log.gz:2016:06:29-07:39:44 mail-1 exim-out[7933]: 2016-06-29 07:39:44 1bEv2c-0004yh-NP => AAA@BBB.CCC P=<XXX@YYY.ZZZ> R=dnslookup T=remote_smtp H=smtp.YYY.ZZZ [XXX.XXX.XXX.XXX]:25 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 C="250 2.1.5 OK mail delivered with id V04da5s5T5dhR3I"
For me it looks like sandstorm was the cause for this delay. Is this true? And how can we avoid this problem in the future?
Thank you and Regards
Stefan
This thread was automatically locked due to age.
