This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Emails from Hotmail being dropped

I have just install UTM (SG115w) at work.  We are running SBS 2011 with UTM as the only firewall.  Our Exchange version is therefore 2010.

 

Normal email proxy setup, but when I test with emails from my Hotmail account they do not arrive.  It is not that they are caught by the spam filter, but it appears that the hotmail server drops the connection (Connection reset by peer).  Log for a failed email below:

 

2017:12:13-18:23:00 utm exim-out[6113]: 2017-12-13 18:23:00 Start queue run: pid=6113
2017:12:13-18:23:00 utm exim-out[6113]: 2017-12-13 18:23:00 End queue run: pid=6113
2017:12:13-18:23:50 utm exim-in[5116]: 2017-12-13 18:23:50 SMTP connection from [185.109.169.71]:54092 (TCP/IP connection count = 1)
2017:12:13-18:23:51 utm exim-in[6149]: 2017-12-13 18:23:51 SMTP connection from (utm.mydomain.co.uk) [185.109.169.71]:54092 closed by QUIT
2017:12:13-18:23:53 utm smtpd[5030]: MASTER[5030]: (Re-)loading configuration from Confd
2017:12:13-18:23:53 utm smtpd[5030]: MASTER[5030]: Past 07:00:00, QR status one set to 'sent'
2017:12:13-18:23:53 utm smtpd[5030]: MASTER[5030]: Past 16:00:00, QR status two set to 'sent'
2017:12:13-18:23:53 utm exim-in[5116]: 2017-12-13 18:23:53 pid 5116: SIGHUP received: re-exec daemon
2017:12:13-18:23:54 utm exim-in[5116]: 2017-12-13 18:23:54 exim 4.82_1-5b7a7c0-XX daemon started: pid=5116, no queue runs, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4)
2017:12:13-18:23:59 utm exim-in[5116]: 2017-12-13 18:23:59 SMTP connection from [112.23.31.174]:33091 (TCP/IP connection count = 1)
2017:12:13-18:24:00 utm exim-out[6172]: 2017-12-13 18:24:00 Start queue run: pid=6172
2017:12:13-18:24:00 utm exim-out[6172]: 2017-12-13 18:24:00 End queue run: pid=6172
2017:12:13-18:24:14 utm exim-in[5116]: 2017-12-13 18:24:14 SMTP connection from [40.92.69.75]:9167 (TCP/IP connection count = 2)
2017:12:13-18:24:14 utm exim-in[6346]: 2017-12-13 18:24:14 H=mail-oln040092069075.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com) [40.92.69.75]:9167 Warning: mydomain.co.uk profile excludes SANDBOX scan
2017:12:13-18:24:14 utm exim-in[6346]: 2017-12-13 18:24:14 DNS list lookup defer (probably timeout) for 75.69.92.40.black.rbl.ctipd.astaro.local: assumed not in list
2017:12:13-18:24:14 utm exim-in[6346]: 2017-12-13 18:24:14 [40.92.69.75] F=<myemail@hotmail.com> R=<my.email@mydomain.co.uk> Verifying recipient address with callout
2017:12:13-18:24:15 utm exim-in[6346]: 2017-12-13 18:24:15 1ePBhX-0001eM-0E DKIM: d=hotmail.com s=selector1 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2017:12:13-18:24:15 utm exim-in[6346]: 2017-12-13 18:24:15 1ePBhX-0001eM-0E ctasd reports 'Unknown' RefID:str=0001.0A0B0202.5A31704F.0080,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:12:13-18:24:15 utm exim-in[6346]: 2017-12-13 18:24:15 1ePBhX-0001eM-0E Greylisting: Greylisted 40.92.69.75
2017:12:13-18:24:15 utm exim-in[6346]: [1\64] 2017-12-13 18:24:15 1ePBhX-0001eM-0E H=mail-oln040092069075.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com) [40.92.69.75]:9167 F=<myemail@hotmail.com> temporarily rejected after DATA: Temporary local problem, please try again!
2017:12:13-18:24:15 utm exim-in[6346]: [2\64] Envelope-from: <myemail@hotmail.com>
2017:12:13-18:24:15 utm exim-in[6346]: [3\64] Envelope-to: <my.email@mydomain.co.uk>
2017:12:13-18:24:15 utm exim-in[6346]: [4\64] P Received: from mail-oln040092069075.outbound.protection.outlook.com ([40.92.69.75]:9167 helo=EUR02-VE1-obe.outbound.protection.outlook.com)
2017:12:13-18:24:15 utm exim-in[6346]: [5\64] by utm.mydomain.co.uk with esmtps (TLSv1.2:AES256-SHA256:256)
2017:12:13-18:24:15 utm exim-in[6346]: [6\64] (Exim 4.82_1-5b7a7c0-XX)
2017:12:13-18:24:15 utm exim-in[6346]: [7\64] (envelope-from <myemail@hotmail.com>)
2017:12:13-18:24:15 utm exim-in[6346]: [8\64] id 1ePBhX-0001eM-0E
2017:12:13-18:24:15 utm exim-in[6346]: [9\64] for my.email@mydomain.co.uk; Wed, 13 Dec 2017 18:24:15 +0000
2017:12:13-18:24:15 utm exim-in[6346]: [10\64] X-CTCH-RefID: str=0001.0A0B0202.5A31704F.0080,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:12:13-18:24:15 utm exim-in[6346]: [11\64] DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
2017:12:13-18:24:15 utm exim-in[6346]: [12\64] s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
2017:12:13-18:24:15 utm exim-in[6346]: [13\64] bh=FP8S96/q3P3K8bXNBIndOXWKKEMY9yd0hKtHysUG1zU=;
2017:12:13-18:24:15 utm exim-in[6346]: [14\64] b=s5Z6Lm1CE9VryQivc3Vd6oKNWC23masf/+oEP4XFfPQjbHtTCSKOJ5g8slnG+GazURAUuTp/aqscbpKZbk3TzmIhrPQsopEm5xsyXd/ifWHNWPZ0RC1MjSNy8nnINgPfQC2o6EVQpjp5NrmeWLeNLShw+cQeiKKowIBUFhJg+xL3slb2Gc0WyJYkxBYL5ErN8P0gtbGLkhGoSzVvYC1UHZcxoThiupPIZwUyeOk1IZcxionA2NtyXDszQo0tFTlPS+smUXMcshEITJFVkxMPZN+p7m2C/GKB05Pr9duFO0oVw+rS4IAOoYRyEZjUVIsyZuKiXbJ+mLyjh5OGIi2OBg==
2017:12:13-18:24:15 utm exim-in[6346]: [15\64] P Received: from VE1EUR02FT004.eop-EUR02.prod.protection.outlook.com
2017:12:13-18:24:15 utm exim-in[6346]: [16\64] (10.152.12.58) by VE1EUR02HT063.eop-EUR02.prod.protection.outlook.com
2017:12:13-18:24:15 utm exim-in[6346]: [17\64] (10.152.13.114) with Microsoft SMTP Server (version=TLS1_2,
2017:12:13-18:24:15 utm exim-in[6346]: [18\64] cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.302.6; Wed, 13
2017:12:13-18:24:15 utm exim-in[6346]: [19\64] Dec 2017 18:24:13 +0000
2017:12:13-18:24:15 utm exim-in[6346]: [20\64] P Received: from AM6PR0402MB3813.eurprd04.prod.outlook.com (10.152.12.54) by
2017:12:13-18:24:15 utm exim-in[6346]: [21\64] VE1EUR02FT004.mail.protection.outlook.com (10.152.12.217) with Microsoft SMTP
2017:12:13-18:24:15 utm exim-in[6346]: [22\64] Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
2017:12:13-18:24:15 utm exim-in[6346]: [23\64] 15.20.302.6 via Frontend Transport; Wed, 13 Dec 2017 18:24:13 +0000
2017:12:13-18:24:15 utm exim-in[6346]: [24\64] P Received: from AM6PR0402MB3813.eurprd04.prod.outlook.com
2017:12:13-18:24:15 utm exim-in[6346]: [25\64] ([fe80::a981:546:8e01:b5c0]) by AM6PR0402MB3813.eurprd04.prod.outlook.com
2017:12:13-18:24:15 utm exim-in[6346]: [26\64] ([fe80::a981:546:8e01:b5c0%13]) with mapi id 15.20.0302.014; Wed, 13 Dec 2017
2017:12:13-18:24:15 utm exim-in[6346]: [27\64] 18:24:13 +0000
2017:12:13-18:24:15 utm exim-in[6346]: [28\64] F From: Rick Alderson <myemail@hotmail.com>
2017:12:13-18:24:15 utm exim-in[6346]: [29\64] T To: "my.email@mydomain.co.uk"
2017:12:13-18:24:15 utm exim-in[6346]: [30\64] <my.email@mydomain.co.uk>
2017:12:13-18:24:15 utm exim-in[6346]: [31\64] Subject: UTM SPF on test
2017:12:13-18:24:15 utm exim-in[6346]: [32\64] Thread-Topic: UTM SPF on test
2017:12:13-18:24:15 utm exim-in[6346]: [33\64] Thread-Index: AQHTdD+EdKhyKOtr30OsdOSZYIvjQw==
2017:12:13-18:24:15 utm exim-in[6346]: [34\64] Date: Wed, 13 Dec 2017 18:24:13 +0000
2017:12:13-18:24:15 utm exim-in[6346]: [35\64] I Message-ID: <AM6PR0402MB3813BC7784DAAC4F4241C918D0350@AM6PR0402MB3813.eurprd04.prod.outlook.com>
2017:12:13-18:24:15 utm exim-in[6346]: [36\64] Accept-Language: en-GB, en-US
2017:12:13-18:24:15 utm exim-in[6346]: [37\64] Content-Language: en-GB
2017:12:13-18:24:15 utm exim-in[6346]: [38\64] X-MS-Has-Attach:
2017:12:13-18:24:15 utm exim-in[6346]: [39\64] X-MS-TNEF-Correlator:
2017:12:13-18:24:15 utm exim-in[6346]: [40\64] x-incomingtopheadermarker: OriginalChecksum:860F835136B6B945A320BD886D2452C51724398E835EE5599B2AA67D8802BD11;UpperCasedChecksum:96158527DAECC4BA133A78DB6FBA89BB0C20AE844155FDA8FA94AA8C1139C335;SizeAsReceived:6877;Count:44
2017:12:13-18:24:15 utm exim-in[6346]: [41\64] x-ms-exchange-messagesentrepresentingtype: 1
2017:12:13-18:24:15 utm exim-in[6346]: [42\64] x-tmn: [/CQ/w2W3mcSdfmqt0AZRSag4H3X2HpBY]
2017:12:13-18:24:15 utm exim-in[6346]: [43\64] x-ms-publictraffictype: Email
2017:12:13-18:24:15 utm exim-in[6346]: [44\64] x-microsoft-exchange-diagnostics: 1;VE1EUR02HT063;6:vOmbhTosZ8LwOC5FqcJSXpLOwDUYLPycCiqODwM+mG67ByX7vJWlVwtiD7bb4/5MXZf9FwIAEOvx/IEnJnyMQLQUDIG9PQmKygEBcSy0JghCbhWf0G51LuKb044CJlpOJtmttrA2L8F2tkZECLMzUMH7YcsFU4gvLBU/AzjvvWmrxcaSQ+9DyQG+wB0cRiZAsgBtElKoJx1/rwqYuk4zYTdbUM+NPyxu/ERHc5AaGIlLogSdrjgvzgwSmnbk47AXW9KsO3RyfP/hc/04jquzEoBU0FNLGbhqsHaHSX4RAhSoK+q3TbY1N0lvd3L9Z4Q5SGAwcA2AYXKumo1oWij+XS2ro7nlIGFwww8h5Zi0YC0=;5:keQAV5rszqN4Wpr78bnbN36XdyL5W/rhxXYiYbJ26ElIqI4yEVgbt/lyt0QmT9cvX55VVrjtWPcHjKUBn4t30OF5tG+gfW1jRL7Vz/fgHE7szCHxk8/G/p8uVcFaspXiFkwSQu5UnO9REsUCMwJytbIqWnB6YUqhecvMsWCjl5c=;24:elZI/SVldYJgICqOqrfah5UBIDDglQRRP6db4BO8fQGC/scCqHsCj3wVIaJPHbc4dGUDzPx6qlmyVOpANSodiG786Hb/fuolj/4D78t9znQ=;7:j+Vx7bj6kEWQewRehZ2xWyD1PztM3z6SGfcmtPskd5bQ4Gtjm52M/nF64DcWsdHj6BzBpfqrb9qWj5+2ypLpBDhk07vxZbqphCd/KVjSyWFERV2CtNFOk2imN3E5nusDyrcsvXsmZg9BwoPZFXNnMVf7qOP0UKGpR0VqHDPsPBpSG9kiT3V10F+2bbuTeZsWhSPH96VwPxrmwg2W6X4c2MGVkumyOAOm2NFXMt1e+dvxKSrLIEgFLColrGUt1FvJ
2017:12:13-18:24:15 utm exim-in[6346]: [45\64] x-incomingheadercount: 44
2017:12:13-18:24:15 utm exim-in[6346]: [46\64] x-eopattributedmessage: 0
2017:12:13-18:24:15 utm exim-in[6346]: [47\64] x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045);SRVR:VE1EUR02HT063;
2017:12:13-18:24:15 utm exim-in[6346]: [48\64] x-ms-traffictypediagnostic: VE1EUR02HT063:
2017:12:13-18:24:15 utm exim-in[6346]: [49\64] x-ms-office365-filtering-correlation-id: 0c43e177-5508-40a8-d36d-08d54256b652
2017:12:13-18:24:15 utm exim-in[6346]: [50\64] x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(444000031);SRVR:VE1EUR02HT063;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:VE1EUR02HT063;
2017:12:13-18:24:15 utm exim-in[6346]: [51\64] x-forefront-prvs: 052017CAF1
2017:12:13-18:24:15 utm exim-in[6346]: [52\64] x-forefront-antispam-report: SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:VE1EUR02HT063;H:AM6PR0402MB3813.eurprd04.prod.outlook.com;FPR:;SPF:None;LANG:;
2017:12:13-18:24:15 utm exim-in[6346]: [53\64] spamdiagnosticoutput: 1:99
2017:12:13-18:24:15 utm exim-in[6346]: [54\64] spamdiagnosticmetadata: NSPM
2017:12:13-18:24:15 utm exim-in[6346]: [55\64] Content-Type: multipart/alternative;
2017:12:13-18:24:15 utm exim-in[6346]: [56\64] boundary="_000_AM6PR0402MB3813BC7784DAAC4F4241C918D0350AM6PR0402MB3813_"
2017:12:13-18:24:15 utm exim-in[6346]: [57\64] MIME-Version: 1.0
2017:12:13-18:24:15 utm exim-in[6346]: [58\64] X-OriginatorOrg: hotmail.com
2017:12:13-18:24:15 utm exim-in[6346]: [59\64] X-MS-Exchange-CrossTenant-Network-Message-Id: 0c43e177-5508-40a8-d36d-08d54256b652
2017:12:13-18:24:15 utm exim-in[6346]: [60\64] X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2017 18:24:13.5826
2017:12:13-18:24:15 utm exim-in[6346]: [61\64] (UTC)
2017:12:13-18:24:15 utm exim-in[6346]: [62\64] X-MS-Exchange-CrossTenant-fromentityheader: Internet
2017:12:13-18:24:15 utm exim-in[6346]: [63\64] X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
2017:12:13-18:24:15 utm exim-in[6346]: [64/64] X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1EUR02HT063
2017:12:13-18:24:15 utm exim-in[6346]: 2017-12-13 18:24:15 SSL_write: (from mail-oln040092069075.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com) [40.92.69.75]:9167) syscall: Connection reset by peer
2017:12:13-18:24:15 utm exim-in[6346]: 2017-12-13 18:24:15 SSL_write error 5
2017:12:13-18:24:15 utm exim-in[6346]: 2017-12-13 18:24:15 SMTP connection from mail-oln040092069075.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com) [40.92.69.75]:9167 closed by QUIT

 

If I uncheck "Perform SPF check" then the Hotmail emails are delivered correctly, but this is not how I understood SPF to work (for one the Hotmail SPF records appear correct on mxtoolbox, and if the SPF check failed then shouldn't it by our UTM that drops the connection, not Hotmail?).

Rick



This thread was automatically locked due to age.
Parents
  • I don't think it's pf, Rick.

    2017:12:13-18:24:15 utm exim-in[6346]: [1\64] 2017-12-13 18:24:15 1ePBhX-0001eM-0E H=mail-oln040092069075.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com) [40.92.69.75]:9167 F=<myemail@hotmail.com> temporarily rejected after DATA: Temporary local problem, please try again!

    Try disabling Greyisting - any better luck now?  It's not clear to me that greylisting prevents delivery of spam emails that wouldn't be otherwise blocked by the SMTP Proxy, nor that it saves bandwidth, so I never use it

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I don't think it's pf, Rick.

    2017:12:13-18:24:15 utm exim-in[6346]: [1\64] 2017-12-13 18:24:15 1ePBhX-0001eM-0E H=mail-oln040092069075.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com) [40.92.69.75]:9167 F=<myemail@hotmail.com> temporarily rejected after DATA: Temporary local problem, please try again!

    Try disabling Greyisting - any better luck now?  It's not clear to me that greylisting prevents delivery of spam emails that wouldn't be otherwise blocked by the SMTP Proxy, nor that it saves bandwidth, so I never use it

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data