This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatd backup not getting emailed

Dear All,

We had been using Sophos UTL 9.4 and it had been working fine till recent.

On daily basis, it had been sending email of the configuration backup.

Suddenly it has stopped sending these emails.

In the logs, we do not see any error that can help us understand this sudden failure.

 

### SMTP LOG

2017:02:07-09:10:00 MY-ID exim-out[5545]: 2017-02-07 09:10:00 End queue run: pid=5545
2017:02:07-09:10:01 MY-ID exim-in[5031]: 2017-02-07 09:10:01 SMTP connection from [127.0.0.1]:46022 (TCP/IP connection count = 1)
2017:02:07-09:10:01 MY-ID exim-in[5606]: 2017-02-07 09:10:01 [127.0.0.1] F=<MY-ID@fw-notify.net> R=<MY-ID@MY-domain> Accepted: from relay
2017:02:07-09:10:02 MY-ID exim-in[5606]: 2017-02-07 09:10:02 1cb6T3-0001SQ-3D <= MY-ID@fw-notify.net H=localhost [127.0.0.1]:46022 P=esmtp S=1548818 id=0467-05548-1486476601@MY-ID
2017:02:07-09:10:02 MY-ID exim-in[5606]: 2017-02-07 09:10:02 SMTP connection from localhost [127.0.0.1]:46022 closed by QUIT
2017:02:07-09:10:03 MY-ID smtpd[4871]: QMGR[4871]: 1cb6T3-0001SQ-3D moved to work queue
2017:02:07-09:10:10 MY-ID smtpd[5670]: SCANNER[5670]: 1cb6TC-0001TS-Fc <= MY-ID@fw-notify.net R=1cb6T3-0001SQ-3D P=INPUT S=1548031
2017:02:07-09:10:10 MY-ID smtpd[5670]: SCANNER[5670]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="127.0.0.1" from="MY-ID@fw-notify.net" to="MY-ID@MY-domain" subject="[MY-ID][INFO-011] Configuration Backup File" queueid="1cb6TC-0001TS-Fc" size="1548031"
2017:02:07-09:10:10 MY-ID smtpd[5670]: SCANNER[5670]: 1cb6T3-0001SQ-3D => work R=SCANNER T=SCANNER
2017:02:07-09:10:10 MY-ID smtpd[5670]: SCANNER[5670]: 1cb6T3-0001SQ-3D Completed
2017:02:07-09:10:11 MY-ID exim-out[5672]: 2017-02-07 09:10:11 1cb6TC-0001TS-Fc => MY-ID@MY-domain P=<MY-ID@fw-notify.net> R=dnslookup T=remote_smtp H=ASPMX.L.GOOGLE.com [209.85.202.27]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 C="250 2.0.0 OK 1486476611 i17si5187251wrb.90 - gsmtp"
2017:02:07-09:10:11 MY-ID exim-out[5672]: 2017-02-07 09:10:11 1cb6TC-0001TS-Fc Completed
2017:02:07-09:10:39 MY-ID smtpd[5670]: SCANNER[5670]: Nothing to do, exiting.
2017:02:07-09:11:00 MY-ID exim-out[5748]: 2017-02-07 09:11:00 Start queue run: pid=5748
2017:02:07-09:11:00 MY-ID exim-out[5748]: 2017-02-07 09:11:00 End queue run: pid=5748

###

Any pointer to overcome this issue?

 

regards



This thread was automatically locked due to age.
Parents Reply
  • Thank you for your pointer. I think this is more to do with the AV and Outbound SMTP which we are not using since the usage of the deployment is mainly for IDS/IPS and WAF.

    This issue has been seen even before the upgrade was applied.

    Not sure if the "fw-notify.net" is considering the email coming from a BLOCKED public IP address.

     

     

Children
  • Hi, and welcome to the UTM Community!

    According to your log, the email was sent:

    2017:02:07-09:10:10 MY-ID smtpd[5670]: SCANNER[5670]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="127.0.0.1" from="MY-ID@fw-notify.net" to="MY-ID@MY-domain" subject="[MY-ID][INFO-011] Configuration Backup File" queueid="1cb6TC-0001TS-Fc" size="1548031"
    2017:02:07-09:10:10 MY-ID smtpd[5670]: SCANNER[5670]: 1cb6T3-0001SQ-3D => work R=SCANNER T=SCANNER
    2017:02:07-09:10:10 MY-ID smtpd[5670]: SCANNER[5670]: 1cb6T3-0001SQ-3D Completed

    You might open the Mail Manager and check to see if the email is stuck in the SMTP Queue.   If so, then there's a later section of the log that might help to understand why.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA