This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No more Notification Mails after update from 9.503-4 9.504-1

Just upgrade firmware from 9.503-4 9.504-1

then the notifications mails not working anymore

this is the log from archive log, with working Notification Mails

2017:10:01-01:04:01 abc notifier[3812]: loading config version 5053
2017:10:01-01:05:21 abc notifier[25606]: processing notification request for INFO-720
2017:10:01-01:05:23 abc notifier[25606]: successfully processed request for htmlreport
2017:10:01-01:05:24 abc postfix/pickup[22265]: 8442F45AD: uid=0 from=<do-not-reply@Sophos-fw-notify.net>
2017:10:01-01:05:25 abc postfix/cleanup[25615]: 8442F45AD: message-id=<0378-25606-1506791121@domain>
2017:10:01-01:05:25 abc postfix/qmgr[9632]: 8442F45AD: from=<do-not-reply@Sophos-fw-notify.net>, size=331613, nrcpt=1 (queue active)
2017:10:01-01:05:26 abc postfix/smtp[25617]: 8442F45AD: to=<someone@abc.com>, relay=localhost[127.0.0.1]:25, delay=2.4, delays=1.6/0.71/0.04/0.06, dsn=2.0.0, status=sent (250 OK id=1dyLCg-0006fC-0P)
2017:10:01-01:05:26 abc postfix/qmgr[9632]: 8442F45AD: removed
2017:10:01-01:08:27 abc notifier[3812]: loading config version 5054
2017:10:01-01:08:32 abc notifier[3812]: loading config version 5055
2017:10:01-01:21:38 abc notifier[3812]: loading config version 5056

 

is it UTM 9 has a built-in smtp server to send notification emails? and i know i can Enable External SMTP server,  on the Management > Notifications >
Advanced tab. but i am using office365, office365 not accept send as sender<do-not-reply@Sophos-fw-notify.net>, so i want to use sophos built-in smtp server to send out notification.

anyone help?



This thread was automatically locked due to age.
Parents
  • Hi, Billy, and welcome to the UTM Community!

    Do we understand correctly that notifications were working before the Up2Date, but you stopped getting them immediately after updating?  That you were using Office365 before?  Are Configuration Backups and Executive Reports still being sent?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • now the situation is we have two recipient, let say someonea@domaina.com, someoneb@domainb.com, i want to update someoneb@domainb.com to someonec@domainb.com

    currently someonea@domaina.com is no problem, but someonec@domainb.com can't receive anything. as i examine the log file as below, 

    2017:11:18-01:15:12 domaina notifier[15364]: processing notification request for INFO-010
    2017:11:18-01:15:14 domaina notifier[15364]: successfully processed request for notification
    2017:11:18-01:15:14 domaina postfix/pickup[15210]: B4CB83064: uid=0 from=<do-not-reply@Sophos-fw-notify.net>
    2017:11:18-01:15:15 domaina postfix/cleanup[15373]: B4CB83064: message-id=<4512-15364-1510938912@domaina>
    2017:11:18-01:15:15 domaina postfix/qmgr[15211]: B4CB83064: from=<do-not-reply@Sophos-fw-notify.net>, size=1527946, nrcpt=3 (queue active)
    2017:11:18-01:15:16 domaina postfix/smtp[15378]: B4CB83064: to=<someonea@domaina.com>, relay=localhost[127.0.0.1]:25, delay=2.5, delays=1.6/0.68/0.01/0.18, dsn=2.0.0, status=sent (250 OK id=1eFkEW-000403-0o)
    2017:11:18-01:15:16 domaina postfix/smtp[15378]: B4CB83064: to=<someonec@domainb.com>, relay=localhost[127.0.0.1]:25, delay=2.5, delays=1.6/0.68/0.01/0.18, dsn=2.0.0, status=sent (250 OK id=1eFkEW-000403-0o)
    2017:11:18-01:15:16 domaina  postfix/qmgr[15211]: B4CB83064: removed
    2017:11:18-01:16:00 domaina notifier[3803]: loading config version 14679
    2017:11:18-01:19:16 domaina notifier[3803]: loading config version 14680

    but someonec@domainb.com did not receive any mails.

    i already change the config in Management > Notifications > Global >  Notification Recipients > someonea@domaina.com, someonec@domainb.com

    and do not want to use External SMTP server as office365 do not allow send out mail as <do-not-reply@Sophos-fw-notify.net>

    also, i already set new email address someonec@domainb.com in Logging & Reporting > Executive Report > Daily Executive Report

    2017:11:19-01:05:21 domaina notifier[13401]: processing notification request for INFO-720
    2017:11:19-01:05:23 domaina notifier[13401]: successfully processed request for htmlreport
    2017:11:19-01:05:24 domaina postfix/pickup[13087]: 8FB2E36F4: uid=0 from=<do-not-reply@Sophos-fw-notify.net>
    2017:11:19-01:05:25 domaina postfix/cleanup[13410]: 8FB2E36F4: message-id=<4512-13401-1511024721@domaina>
    2017:11:19-01:05:25 domaina postfix/qmgr[13088]: 8FB2E36F4: from=<do-not-reply@Sophos-fw-notify.net>, size=323040, nrcpt=2 (queue active)
    2017:11:19-01:05:26 domaina postfix/smtp[13412]: 8FB2E36F4: to=<someonec@domainb.com>, relay=localhost[127.0.0.1]:25, delay=2.5, delays=1.7/0.69/0.08/0.05, dsn=2.0.0, status=sent (250 OK id=1eG6YY-0003UL-0T)
    2017:11:19-01:05:26 domaina postfix/qmgr[13088]: 8FB2E36F4: removed
    2017:11:19-01:06:49 domaina notifier[3803]: loading config version 15334

    but i did not receive any mails. seems i have to do some permission/definitions or domainb.com, am i right?

    i wonder UTM 9 have it smtp server built-in to send out mail, am i right?

    and is it something i miss, and i have to do config or definitions first?

    i am new to sophos UTM 9, thanks for your help.

  • 2017:11:18-01:15:16 domaina postfix/smtp[15378]: B4CB83064: to=<someonec@domainb.com>, relay=localhost[127.0.0.1]:25, delay=2.5, delays=1.6/0.68/0.01/0.18, dsn=2.0.0, status=sent (250 OK id=1eFkEW-000403-0o)

    The notification was sent by notifier to someonec@domainb.com, so the problem is with domainb.com.  It's probably too late now to find this particular email, but you can look for it in the SMTP log for it to see if the delivery attempt was abandoned after 3 days or if the mail server at domain.com rejected delivery:

    grep '1eFkEW-000403-0o' /var/log/smtp.log
    zgrep '1eFkEW-000403-0o' /var/log/smtp/2017/11/*

    What was the problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 2017:11:18-01:15:16 domaina postfix/smtp[15378]: B4CB83064: to=<someonec@domainb.com>, relay=localhost[127.0.0.1]:25, delay=2.5, delays=1.6/0.68/0.01/0.18, dsn=2.0.0, status=sent (250 OK id=1eFkEW-000403-0o)

    The notification was sent by notifier to someonec@domainb.com, so the problem is with domainb.com.  It's probably too late now to find this particular email, but you can look for it in the SMTP log for it to see if the delivery attempt was abandoned after 3 days or if the mail server at domain.com rejected delivery:

    grep '1eFkEW-000403-0o' /var/log/smtp.log
    zgrep '1eFkEW-000403-0o' /var/log/smtp/2017/11/*

    What was the problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • found in smtp log

    2017:11:21-01:05:01 domaina exim-out[11832]: 2017-11-21 01:05:01 End queue run: pid=11832
    2017:11:21-01:05:28 domaina exim-in[4714]: 2017-11-21 01:05:28 SMTP connection from [127.0.0.1]:47079 (TCP/IP connection count = 1)
    2017:11:21-01:05:29 domaina exim-in[12034]: 2017-11-21 01:05:29 [127.0.0.1] F=<do-not-reply@Sophos-fw-notify.net> R=<someonec@domainb.com> Accepted: from relay
    2017:11:21-01:05:29 domaina exim-in[12034]: 2017-11-21 01:05:29 [127.0.0.1] F=<do-not-reply@Sophos-fw-notify.net> R=<someonea@domaina.com> Accepted: from relay
    2017:11:21-01:05:29 domaina exim-in[12034]: 2017-11-21 01:05:29 1eGpVh-000386-03 <= do-not-reply@Sophos-fw-notify.net H=localhost [127.0.0.1]:47079 P=esmtp S=340192 id=4512-12021-1511197524@domaina
    2017:11:21-01:05:29 domaina exim-in[12034]: 2017-11-21 01:05:29 SMTP connection from localhost [127.0.0.1]:47079 closed by QUIT
    2017:11:21-01:05:31 domaina smtpd[4688]: QMGR[4688]: 1eGpVh-000386-03 moved to work queue
    2017:11:21-01:05:40 domaina smtpd[12036]: SCANNER[12036]: 1eGpVs-000388-K5 <= do-not-reply@sophos-fw-notify.net R=1eGpVh-000386-03 P=INPUT S=339436
    2017:11:21-01:05:40 domaina smtpd[12036]: SCANNER[12036]: 1eGpVs-000388-KB <= do-not-reply@sophos-fw-notify.net R=1eGpVh-000386-03 P=INPUT S=339436
    2017:11:21-01:05:40 domaina smtpd[12036]: SCANNER[12036]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="127.0.0.1" from="do-not-reply@sophos-fw-notify.net" to="someonea@domaina.com" subject="[domaina][INFO-720] Daily Executive Report" queueid="1eGpVs-000388-KB" size="339436"
    2017:11:21-01:05:40 domaina smtpd[12036]: SCANNER[12036]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="127.0.0.1" from="do-not-reply@sophos-fw-notify.net" to="someonec@domainb.com" subject="[domaina][INFO-720] Daily Executive Report" queueid="1eGpVs-000388-K5" size="339436"
    2017:11:21-01:05:40 domaina smtpd[12036]: SCANNER[12036]: 1eGpVh-000386-03 => work R=SCANNER T=SCANNER
    2017:11:21-01:05:40 domaina smtpd[12036]: SCANNER[12036]: 1eGpVh-000386-03 Completed
    2017:11:21-01:05:46 domaina exim-out[12039]: 2017-11-21 01:05:46 1eGpVs-000388-KB => someonea@domaina.com P=<do-not-reply@sophos-fw-notify.net> R=dnslookup T=remote_smtp H=cluster1.us.messagelabs.com [xxx.xx.xxx.xxx]:25 X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 C="250 ok 1511197546 qp 17013 server-14.tower-44.messagelabs.com!1511197542!206279908!1"
    2017:11:21-01:05:46 domaina exim-out[12039]: 2017-11-21 01:05:46 1eGpVs-000388-KB Completed
    2017:11:21-01:05:52 domaina exim-out[12040]: 2017-11-21 01:05:52 1eGpVs-000388-K5 ** someonec@domainb.com P=<do-not-reply@sophos-fw-notify.net> R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<someonec@domainb.com>: host domainb-com.mail.protection.outlook.com [xx.xx.xx.xxx]: 550 5.7.606 Access denied, banned sending IP [xx.xxx.xx.x]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to go.microsoft.com/.../ (AS16012609)
    2017:11:21-01:05:53 domaina exim-out[12049]: 2017-11-21 01:05:53 1eGpW5-00038L-0F <= <> R=1eGpVs-000388-K5 U=exim P=local S=108555
    2017:11:21-01:05:53 domaina exim-out[12040]: 2017-11-21 01:05:53 1eGpVs-000388-K5 Completed
    2017:11:21-01:06:01 domaina exim-out[12052]: 2017-11-21 01:06:01 Start queue run: pid=12052
    2017:11:21-01:06:01 domaina exim-out[12054]: 2017-11-21 01:06:01 1eGpW5-00038L-0F ** do-not-reply@sophos-fw-notify.net: Unrouteable address
    2017:11:21-01:06:01 domaina exim-out[12054]: 2017-11-21 01:06:01 1eGpW5-00038L-0F do-not-reply@sophos-fw-notify.net: error ignored
    2017:11:21-01:06:01 domaina exim-out[12054]: 2017-11-21 01:06:01 1eGpW5-00038L-0F Completed
    2017:11:21-01:06:01 domaina exim-out[12052]: 2017-11-21 01:06:01 End queue run: pid=12052
    2017:11:21-01:06:10 domaina smtpd[12036]: SCANNER[12036]: Nothing to do, exiting.

     

    seems Office365 banned my ip, i already go through http://go.microsoft.com/fwlink/?LinkID=526655, and finish step by step, delist my ip, let see someonec@domainb.com receive the daily report tonight or not, thanks

  • Finally, i can receive the notification now, thanks BAlfson