I get some mail from a customer. and the sophos rbl marked it as spam. This customer has the problem with every receiptment that have a sophos firewall. I think he is blacklistet by sophos. what can we do delete him from the blacklist
I found the RBL lists details, excuse my stupidity.
Go to PROTECT > Email > Address group:
If you click on a entry, you can see all the lists that are used by all XGs per default, e.g. for…
I read from your request that you want to remove the customer's IP from Sophos's RBL blacklist. I'm not 100% sure, but I believe that Sophos is using the RBL lists from Cyren. Check the reputation of the customers IP on their site. Your customer or you, if you are allowed to speak on behalf of your customer, can report the customer's IP address as false\positive here. Cyren needs about 24-72 hours to update the list.
You are also free to contact Sophos support if you are a Sophos customer and if the first step haven't brought you further or if you need further assistance.
Good luck to you, stay healthy!
IntrususSophos Certified Engineer | Sophos Certified Technician
private lab: XG firewall with SFOS 18.0.3 MR-3Intercept X Advanced (for Server) with EDR EAP latest If a post solves your question use the 'Verify Answer' link
Hello Intrusus. thanks for your answer. Yes you understand it right. I have checked the IPs on the cyren website and all blacklists from mxtoolbox. But the IP is not listed on any blacklist. Is there a possibility to find the reason in any log file. Or is this a closed system from sophos ?
I wish you the best and stay healty too.
If you click on a entry, you can see all the lists that are used by all XGs per default, e.g. for the Standard RBL list:
Try to do some research on the Databases of these vendors:
Check the smtpd_main.log
tail -f /log/smtpd_main.log | grep <something you wanna search for, e.g. RBL or the mail address>
You should see something like this:
If this does not work / does not provide details try it in debug mode:
service smtpd:debug -ds nosync
tail -f /log/smtpd_main.log | grep <search string>
Hope this helps!