Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 9 replies
  • Subscribers 0 subscribers
  • Views 2879 views
  • Users 0 members are here
Options
Suggested

[9.092][BUG] Spam scan of outgoing messages

YasunoriMatsuo
Hi,

SophosUTM can't be detected when spam mail is sent from the client added to Host-based relay.
Of course, it will be quarantined if the same mail is sent from the client which is not in Host-based relay.
Parents
  • 0
    The Mantis ID #25367 is now under investigation. We are planning to release a fix for this issue in Version 9.100.
  • 0 in reply to Astaro Beta Bot
    Hi,

    The smtp log is as follows. 
    The difference between incoming message and outgoing message is only Host-based relay configuration and recipient address. 


    2013:04:23-17:43:02 foo-1 exim-in[4564]: 2013-04-23 17:43:02 SMTP connection from [192.168.0.11]:2577 (TCP/IP connection count = 1)

    2013:04:23-17:43:33 foo-1 exim-in[8641]: 2013-04-23 17:43:33 [192.168.0.11] F= R= Accepted: from relay

    2013:04:23-17:43:49 foo-1 exim-in[8641]: 2013-04-23 17:43:49 1UUYp5-0002FN-0K  work R=SCANNER T=SCANNER

    2013:04:23-17:44:05 foo-1 smtpd[8733]: SCANNER[8733]: 1UUYp5-0002FN-0K Completed




    2013:04:23-17:45:39 foo-1 exim-in[4564]: 2013-04-23 17:45:39 SMTP connection from [192.168.0.11]:2617 (TCP/IP connection count = 1)

    2013:04:23-17:46:00 foo-1 exim-out[9524]: 2013-04-23 17:46:00 Start queue run: pid=9524

    2013:04:23-17:46:00 foo-1 exim-out[9524]: 2013-04-23 17:46:00 End queue run: pid=9524

    2013:04:23-17:46:23 foo-1 exim-in[9433]: 2013-04-23 17:46:23 H=(foo) [192.168.0.11]:2617 Warning: yyyyyy.yyy profile excludes greylisting: Skipping greylisting for this message

    2013:04:23-17:46:23 foo-1 exim-in[9433]: 2013-04-23 17:46:23 H=(foo) [192.168.0.11]:2617 Warning: yyyyyy.yyy profile excludes AV scan: Skipping SMTP inline AV scan for this message

    2013:04:23-17:46:25 foo-1 exim-in[9433]: 2013-04-23 17:46:25 [192.168.0.11] F= R= Verifying recipient address with callout

    2013:04:23-17:46:31 foo-1 exim-in[9433]: 2013-04-23 17:46:31 1UUYrr-0002S9-1L ctasd reports 'Confirmed' RefID:str=0001.0A150209.51764A67.010F,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=0

    2013:04:23-17:46:31 foo-1 exim-in[9433]: 2013-04-23 17:46:31 1UUYrr-0002S9-1L  work R=SCANNER T=SCANNER

    2013:04:23-17:46:40 foo-1 smtpd[9603]: SCANNER[9603]: 1UUYrr-0002S9-1L Completed
Reply
  • 0 in reply to Astaro Beta Bot
    Hi,

    The smtp log is as follows. 
    The difference between incoming message and outgoing message is only Host-based relay configuration and recipient address. 


    2013:04:23-17:43:02 foo-1 exim-in[4564]: 2013-04-23 17:43:02 SMTP connection from [192.168.0.11]:2577 (TCP/IP connection count = 1)

    2013:04:23-17:43:33 foo-1 exim-in[8641]: 2013-04-23 17:43:33 [192.168.0.11] F= R= Accepted: from relay

    2013:04:23-17:43:49 foo-1 exim-in[8641]: 2013-04-23 17:43:49 1UUYp5-0002FN-0K  work R=SCANNER T=SCANNER

    2013:04:23-17:44:05 foo-1 smtpd[8733]: SCANNER[8733]: 1UUYp5-0002FN-0K Completed




    2013:04:23-17:45:39 foo-1 exim-in[4564]: 2013-04-23 17:45:39 SMTP connection from [192.168.0.11]:2617 (TCP/IP connection count = 1)

    2013:04:23-17:46:00 foo-1 exim-out[9524]: 2013-04-23 17:46:00 Start queue run: pid=9524

    2013:04:23-17:46:00 foo-1 exim-out[9524]: 2013-04-23 17:46:00 End queue run: pid=9524

    2013:04:23-17:46:23 foo-1 exim-in[9433]: 2013-04-23 17:46:23 H=(foo) [192.168.0.11]:2617 Warning: yyyyyy.yyy profile excludes greylisting: Skipping greylisting for this message

    2013:04:23-17:46:23 foo-1 exim-in[9433]: 2013-04-23 17:46:23 H=(foo) [192.168.0.11]:2617 Warning: yyyyyy.yyy profile excludes AV scan: Skipping SMTP inline AV scan for this message

    2013:04:23-17:46:25 foo-1 exim-in[9433]: 2013-04-23 17:46:25 [192.168.0.11] F= R= Verifying recipient address with callout

    2013:04:23-17:46:31 foo-1 exim-in[9433]: 2013-04-23 17:46:31 1UUYrr-0002S9-1L ctasd reports 'Confirmed' RefID:str=0001.0A150209.51764A67.010F,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=0

    2013:04:23-17:46:31 foo-1 exim-in[9433]: 2013-04-23 17:46:31 1UUYrr-0002S9-1L  work R=SCANNER T=SCANNER

    2013:04:23-17:46:40 foo-1 smtpd[9603]: SCANNER[9603]: 1UUYrr-0002S9-1L Completed
Children
No Data
Unfiltered HTML