Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 1460 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Backup MX host blocked

cscheps

Hello,

We use a Sophos XG 210 with SFOS 18.5.1 MR1 Build 326

For a couple of days now, I have gotten complaints that emails are blocked from hosts we never had issues with.

So I dug around the extremely limited logs (it used to be much easier on the Astaro Systems) and found out that a certain DuoCircle Backup MX email server seems to be blocked.

All communication coming through inbound8.ore.mailhop.org is rejected by the XG mail gateway with

550 Sophos Anti Spam Engine has blocked this Email because the sender's IP Address is blacklisted.


Our backup MX have a relatively low priority so only the occasional email get's blocked (and only when handled by that specific server, others are just fine.)

I have tried to add that FQDN to an exception (RBL/BATV,IP reputation,SPF,RDNS) but emails still get blocked.

Any idea where I can whitelist this specific server?



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    Did you try creating an IP Host.

    The logs should tell you what Public IP is being used to send the emails, try adding these under "For these sources/hosts".

    If the issue persists we can open a Labs request to whitelist this record, let me know if adding the IP instead of the FQDN workds.

    regards,

Reply
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    Did you try creating an IP Host.

    The logs should tell you what Public IP is being used to send the emails, try adding these under "For these sources/hosts".

    If the issue persists we can open a Labs request to whitelist this record, let me know if adding the IP instead of the FQDN workds.

    regards,

Children
  • 0 in reply to emmosophos

    Hello Emmanuel,

    Sorry I should have mentioned that besides the FQDN, I also tried to enter the IP host into the sources/host field. But that also did not help.

  • +1 in reply to cscheps

    Hello there,

    Thank you for the follow-up.

    Would it be possible for you to share the log entry, (smtpd_main.log) where you get the:

    550 Sophos Anti Spam Engine has blocked this Email because the sender's IP Address is blacklisted.

    It should have a Public IP.

    Regards,

  • 0 in reply to emmosophos

    Hey Emmanuel,

    Thanks for the pointer on what log to check (I so far only checked the log viewer on the webgui)

    So I checked the log and found that there is yet another email server that is used by the backupMX provider

    inbound2a.ore.mailhop.org (54.186.172.23)

    I added that one as an IP host into the exception and upon replay of the message from the backup MX interface it came right though.

    Still frustrating that this happened, but now I can at least fix it myself.

    I will mark this as solved for now

    Thanks again

  • 0 in reply to cscheps

    Hello there,

    Thank you for taking the time to update the community on what solved your issue.

    I have also send a request to Labs team to double-check that IP/Domain since it doesn't show in any block list.

    Regards,