Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 6463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

some IPs existing in RBL not REJECT and not marked in awarrensmtp.log and not marked in GUI logs

Maintennace365IT

Hi

 

We are implementing advanced antispam detection with sophos xg capabilities..

 

The SOPHOS is in frontal antispam with public ip addresses.

When it received connexion from outside IPs, it connect to RBL and if it's not listed, send the mail to destination VM ( that check RBL two ).

Lot's of time, the VM detect that the IPs source is listed on this same RBL list !!!

 

the IPs detected by Sophos are not listed on my VM ( normal, they are blocked by sopohs )

the IPs detected by my VM are not listed AT ALL by Sophos /!\

 

How can it be possible ? Just check all my rules, all is OK.



This thread was automatically locked due to age.
Parents
  • 0

    I'm able to see IPs blocked by the background VM in awarerensmtp.log

     

    MESSAGE   Oct 24 19:02:30 [0x2000dda8]: [0x2000dda80](vhiolle@hiolle-industries.fr)SF Policy Action: ACCEPT
    MESSAGE   Oct 24 19:02:30 [0x2000dda8]: [0x2000dda80] Mail sent successfully with 250 2.0.0 Ok: queued as 3yM01x2714z30bQ
    MESSAGE   Oct 24 19:02:32 [0x2000ddb3]: New SMTP Session Initialized 104.47.2.56:8096 ==> 46.29.127.137:25
    MESSAGE   Oct 24 19:02:34 [0x2000ddb4]: New SMTP Session Initialized 175.139.197.113:55317 ==> 46.29.127.137:25
    MESSAGE   Oct 24 19:02:34 [0x2000ddb5]: New SMTP Session Initialized 116.202.36.4:17432 ==> 46.29.127.137:25
    ERROR     Oct 24 19:02:42 [3942636352]: certificate is expired, marked invalid
    ERROR     Oct 24 19:02:42 [0x2000ddb3]: client read error: Connection reset by peer
    MESSAGE   Oct 24 19:02:42 [0x2000ddb6]: New SMTP Session Initialized 190.151.122.2:4583 ==> 46.29.127.141:25
    MESSAGE   Oct 24 19:02:45 [0x2000ddb7]: New SMTP Session Initialized 175.139.197.113:63712 ==> 46.29.127.137:25
    MESSAGE   Oct 24 19:02:45 [0x2000ddb8]: New SMTP Session Initialized 51.15.145.244:47823 ==> 46.29.127.137:25
    MESSAGE   Oct 24 19:02:45 [0x2000ddba]: New SMTP Session Initialized 51.15.145.244:39709 ==> 46.29.127.141:25
    MESSAGE   Oct 24 19:02:47 [0x2000ddbc]: New SMTP Session Initialized 217.108.31.33:45672 ==> 46.29.127.137:25
    ERROR     Oct 24 19:02:47 [3942636352]: certificate is expired, marked invalid
    MESSAGE   Oct 24 19:02:47 [0x2000ddbd]: New SMTP Session Initialized 185.189.236.28:46384 ==> 46.29.127.137:25
    ERROR     Oct 24 19:02:47 [3942636352]: certificate is expired, marked invalid
    MESSAGE   Oct 24 19:02:47 [0x2000ddbf]: New SMTP Session Initialized 185.189.236.28:47465 ==> 46.29.127.141:25
    MESSAGE   Oct 24 19:02:49 [0x2000ddc1]: New SMTP Session Initialized 199.59.150.85:23036 ==> 46.29.127.137:25
    ERROR     Oct 24 19:02:49 [3942636352]: certificate is expired, marked invalid
    MESSAGE   Oct 24 19:02:50 [0x2000ddc2]: New SMTP Session Initialized 190.150.195.252:51364 ==> 46.29.127.141:25
    MESSAGE   Oct 24 19:02:51 [0x2000ddc3]: New SMTP Session Initialized 222.154.238.151:39795 ==> 46.29.127.137:25
    MESSAGE   Oct 24 19:02:52 [0x2000ddc4]: New SMTP Session Initialized 212.23.194.108:36534 ==> 46.29.127.137:25

     

    Is the problem due to : "[3942636352]: certificate is expired, marked invalid" ?

Reply Children