Yesterday our Sophos UTM version 9.508-10 started to reject a large number of emails from legitimate senders and various domains. Reason: Confirmed spam. Most of the affected domains are not listed on any blacklists and used to work just fine in the past.
Our Antispam settings are as follow:
Reject at SMTP time -> Confirmed Spam (now changed to Off)
Use RBL_s is active -> Barracuda, Spamhaus, Spamcop
Spam action -> Warn
Confirmed spam action -> Blackhole (now change to Quarantine)
Advanced anti-spam features enabled -> Reject invalid HELO / missing RDNS, Use BATV
Analyzing the SMTP log we see entries like:
2018:03:28-14:58:37 mail-1 exim-in[12790]: 2018-03-28 14:58:37 1f1Aey-0003KI-1r id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="10.10.10.10" from="extperson@extdomain.com" to="intperson@intdomain.com" subject="Test Subject" queueid="1f1Aey-0003KI-1r" size="106156" reason="as" extra="confirmed"
2018:03:28-14:58:37 mail-1 exim-in[12790]: [1\65] 2018-03-28 14:58:37 1f1Aey-0003KI-1r H=emeasmtp1.extdomain.com [10.10.10.10]:49049 F=<extperson@extdomain.com> rejected after DATA
We believe that the problem is with the "Reject at SMTP time" feature. Has anyone experienced similar behavior?
This thread was automatically locked due to age.
