Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 621 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

outbound Email qurantined for one of three domains

Madni Malik

hi,

i have XG430 XG430 (SFOS 17.5.14 MR-14-1), it is MTA mode. i am scanning three domains from it. email server is placed in DMZ.
today all of sudden one domain users trying to send email to anyone outside domain then email is quratined. when i relase from quarantine
then email is sent.

email header showing following:

X-Sophos-OBS: success
X-CTCH-PVer: 0000001
X-CTCH-Spam: Confirmed
X-CTCH-VOD: Unknown
X-CTCH-Flags: 8
X-CTCH-RefID: str=0001.0A673444.6112AB36.001A,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-CTCH-Score: 0.000
X-CTCH-ScoreCust: 0.000
X-CTCH-Rules:


ip of domain is not blacklisted. how can i figure out that why email is qurantined??

please advise how to dig it out.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    You can filter out smtpd_main.log events with sender/recipient address.

    or you can also filter out quarantined logs under 'Mail logs' and hover the mouse on Status to get the reason.

  • 0 in reply to FormerMember

    hello Yash,

    i have created an email policy and add my 4 domain in it, having only issue with 1 domain. firewall is configured in MTA mode.

    i have checked that policy is marking outbound email for that domain as spam, what might be the reason of that.  as users were facing issue so i created a ticket and support guy told me that due to bulk email from that domain might be this is maked as spam, for outbound email he created a by pass antispam policy for that domain , by doing this now outbound emails are getting though, 

    can i verify that my bypass policy is wokring??? can i cross check from logs???

    now facing issue with few inbound emails, due to spam reason they are qurantined, what i m doing, from qurantine email i donwload that email and submit sample to not-spam@labs.sophos.com

    is this the right way i am doing. 

Reply
  • 0 in reply to FormerMember

    hello Yash,

    i have created an email policy and add my 4 domain in it, having only issue with 1 domain. firewall is configured in MTA mode.

    i have checked that policy is marking outbound email for that domain as spam, what might be the reason of that.  as users were facing issue so i created a ticket and support guy told me that due to bulk email from that domain might be this is maked as spam, for outbound email he created a by pass antispam policy for that domain , by doing this now outbound emails are getting though, 

    can i verify that my bypass policy is wokring??? can i cross check from logs???

    now facing issue with few inbound emails, due to spam reason they are qurantined, what i m doing, from qurantine email i donwload that email and submit sample to not-spam@labs.sophos.com

    is this the right way i am doing. 

Children