I am trying to find any log information as a result of "The Sophos Anti Spam Engine has blocked this Email because the sender IP Address is blacklisted" pop-over message that I see in the GUI when I hover over a REJECTED status in the mail logs. I tried the ctasd.log file as described on https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogFileDetails/index.html but nothing useful in there and certainly not a log of the anti-spam processes as they are whacking email from important contacts. I used WinSCP to access the log files directly and I have been going through them and haven't found anything that helps me. I need to know the failed sender ip address, the sender fqdn, and the blacklist that generated the failure. When important contacts start getting this error I need to be able to let them know why their messages are failing to get through so their network admins can fix the problem. I know I can whitelist around the rbl checks but I prefer to be a good citizen and let people know they have an issue that needs to be addressed. It also helps when explaining to my users what is happening.
I started using WinSCP to access the logs because the tools at the command line on my box don't work as described in https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/index.html or https://support.sophos.com/support/s/article/KB-000035834?language=en_US. I am running XG210 (SFOS 18.5.2 MR-2-Build380). I also can't stand vi as a file editor/viewer. I just don't all moist and throbbing when firing up vi like true geeks do. I would much prefer to have nano as an option.
This thread was automatically locked due to age.
