Problem with sending out Mails to specific receivers

Hi,

Which Sophos product is causing this, is it Sophos XG or Sophos UTM?

Thanks

Hi,

Which Sophos product is causing this, is it Sophos XG or Sophos UTM?

Thanks

Hi!

It's a Sophos XG105 with SFOS 15.01.0 MR-3 installed.

The customer sends out E-Mails via MS Exchange Server 2010.

Hi,

Thanks for confirming. What logs do you see in system>diagonostic>log viewer> Email when a mail is not passed through?

Hello!

That's the strange thing: Sophos doesn't log any error, but the error message with the Delivery Failure Notification comes from the UTM afterwards...

Problem has never occured before, when there was no UTM installed...

Here is an example of a log entry for a mail that didn't get delivered:

Hi,

The logs state that the mail is clean, so XG should not block it. Where is your mail server hosted? Please verify that all the configurations are proper on XG? 

Please refer:

https://community.sophos.com/kb/en-US/123663

https://community.sophos.com/kb/en-US/123273

Also, can you please post the output for awarrensmtp.log. You can capture logs while sending a mail. To do that take SSH to XG and go to Option 5.  Device Management > 3. advance shell. Execute tail -f awarrensmtp.log.

Thanks

Hi Sachin,

I am having this same issue. I confirmed that the settings are proper. But the user gets the bounce-back error from Sophos with no real indication why. Please help. Thanks

Kind regards,

Sheriff

Hi Sheriff,

Can you please post the relevant logs on this?

Thanks

FROM AWARRENSMTP.LOG

------------------ EMAIL ADDRESS AND IP HAS BEEN MASKED ----------------------------------

MESSAGE   Sep 07 14:13:19 [0x2000197e]: New SMTP Session Initialized 10.0.0.11:59204 ==> 65.55.92.136:25
MESSAGE   Sep 07 14:13:20 [0x2000197e]: [0x2000197e0] FROM: CLIENT-EMAIL , TO: RECIPIENT@hotmail.com
MESSAGE   Sep 07 14:13:20 [0x2000197e]: [0x2000197e1] FROM: CLIENT-EMAIL , TO: COPIED-RECIPIENT@hotmail.com
MESSAGE   Sep 07 14:13:20 [0x2000197e]: Mail Accepted by SF With ID=0x2000197e
MESSAGE   Sep 07 14:13:21 [0x2000197e]: [0x2000197e0](RECIPIENT@hotmail.com)SF Policy Action: ACCEPT
MESSAGE   Sep 07 14:13:21 [0x2000197e]: [0x2000197e1](COPIED-RECIPIENT@hotmail.com)SF Policy Action: ACCEPT
MESSAGE   Sep 07 14:13:21 [3740740416]: Notification generated for Mail sending failure: Recipient CLIENT-EMAIL, Mail server IP ADDRESS
MESSAGE   Sep 07 14:13:21 [3742612288]: forward_mail(): Sending Notification to 'CLIENT-EMAIL' on 'LOCAL-EXCHANGE-SERVER:25' (ipv6: '0')
MESSAGE   Sep 07 14:15:53 [0x20001980]: New SMTP Session Initialized LOCAL-EXCHANGE-SERVER:59233 ==> IP ADDRESS:25

-------------------

BOUNCE BACK ERROR:

--------------------

-----Original Message-----
From:
Sent: September-10-16 9:44 AM
To: CLIENT EMAIL
Subject: Delivery Failure Notification

Sophos UTM was unable to send the following mail:
----------------------
From: CLIENT EMAIL
MessageID: <E301AB1F837FCA4A91D6E12C3F597E0E1D88E5E5@EXCHANGE-SERVER.local>
Sent on: 2016-09-10 09:42:33

Mail delivery to following recipients failed:

RECIPEINT@hotmail.com - 554 Transaction failed com r OK
0.9) Hello [IP ADDRESS]
250-SIZE 36909875
250-8bitmime
250-AUTH LOGIN
250-AUTH=LOGIN
250 OK
OGIN
250 OK
OGIN
250 OK
=LOGIN
250 OK
=LOGIN
250 OK
pam.mspx. Sat, 10 Sep 2016 09:44:11 -0700

COPIED-RECIPIENT@hotmail.com - Internal Server Error

----------------------

Thanks

Sheriff

Hi Sheriff,

Thanks for the update, what do you see in the log viewer > Email logs, when the mail is bounced back?

Are you able to telnet mail server's public IP address from an external network? If not, please check the TCPDUMP and PACKETCAPTURE for the outside user’s public IP on port 25. 

If the telnet is successful, you can check the SMTP session from the Mail server telnet session and try to send an email from the telnet session itself.

Telnet to XG and go to option 4. Device console; and execute telnet <mail server IP> 25. 

If you receive "Trying <mail server IP address> message means XG is not able to communicate with Mail server through port 25. And if you receive a message like "Sender Unknown" or "Relaying Denied" means XG is not able to forward mail using the above configuration.

Thanks

HI,

Same problem

Sophos XG v16.01

We have the notification failure message with no détail :

Email Server: Exchange 2010

De : mailer-daemon@mailhost.toto.fr[mailto:mailer-daemon@mailhost.toto.fr]

Envoyé : jeudi 13 octobre 2016 11:17

À : TOTO

Objet : Delivery Failure Notification

Sophos Firewall was unable to send the following mail:

----------------------

From:toto@toto.fr

MessageID: <379524DD08B71846ADD87AF74CDF0C09029268B9@SRV-MAIL2010.toto.local>

Sent on: 2016-10-13 11:16:34

Mail delivery to following recipients failed: