Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 11398 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exceptions for 'Reject invalid HELO or missing RDNS'?

svk253

Hello,
We just switched from the UTM 9 to the XG firewall, and so far I don't really understand why the email protection isn't doing what I expect it to...

We are set up in MTA mode, and I have created email policies to allow 1 specific address to skip spam checking, malware checking, etc etc. On the UTM we had this in the Exceptions section.

For some reason this particular email address gets rejected because we have the Reject invalid HELO or missing RDNS set up, which we want to keep. I don't know why this email address does this. The vendor didn't respond to my attempts to contact them about it.

Anyway
Setting up email policies and making an exception that way doesn't work for the invalid HELO / RDNS, because that email is still getting rejected. Do I have to turn the whole feature off? I would rather not...



This thread was automatically locked due to age.
  • 0

    I ran into the same issue. Outlook.com emails were bouncing back with exceptions added. I had to turn the whole feature off.

  • 0 in reply to Gary K

    Hi Gary,

    Darn. Did that increase the amount of spam or malicious emails you got, by turning that feature off?

    The Sophos tech that helped with the install said we could switch to Legacy mode to create whitelists, but I don't know if that even allows me to exclude it from the invalid HELO / missing RDNS checks...

    Anyone know?

    Thanks
    Sandra

  • 0 in reply to svk253

    Sandra,

      It did increase quite a bit but I need to be able to receive from that sender. I tried legacy mode and the spam was out of control so I switched back to MTA. Invalid HELO etc is not available in legacy mode on the XG. That would need to be configured at the mail server level.

     

    Gary 

  • 0

     The latest 17.5.4 MR4 RDNS has a problem, I have been forced to shut down the function for several times, the XG Firewall has too many key problems, it is very slow to solve and it breaks down

  • 0 in reply to Gary K

    Lets wrap up a little bit.

     

    Would highly recommend to run in MTA mode.

    XG V17.5 switched the Daemon to Exim. 

     

    Maybe there are some issues right now (i saw other threads about the MTA daemon, as far as i know, MR4 had some fixes for Email and MR5 will come with other fixes aswell). 

     

    The next point is: If you are running V17.5 MR4 - Which issues can you observe in which email? 

    Can you verify the issue in the Log files? https://community.sophos.com/kb/en-us/132211

    Maybe can you reproduce the Issue?