Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 29 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 18057 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why Sophos UTM not sending emails out

Mohamed Hassan

Hello Guys. Few days ago I had an issue with my internet resulted in changing my static IP. No since I've received a new IP I've updated my external DNS. 

However since my IP has changed I no longer able to send out emails from my UTM. I have mailenable which is relaying to UTM. From logs I can see UTM accepts relaying from my mailenable server but emails get spooled and see this in the logs:

 

2019:02:28-22:14:00 sukafun-utm smtpd[5343]: MASTER[5343]: Action: Forcing delivery process for 1gzMQI-000BCR-0t
2019:02:28-22:15:00 sukafun-utm exim-out[43216]: 2019-02-28 22:15:00 Start queue run: pid=43216
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SSL_write: (from [192.168.7.77]:999) syscall: Connection timed out
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SSL_write error 5
2019:02:28-22:16:19 sukafun-utm exim-out[41492]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl SMTP timeout while connected to mail-tester.com [94.23.206.89] after sending data block (25910 bytes written): Connection timed out
2019:02:28-22:16:19 sukafun-utm exim-out[41491]: 2019-02-28 22:16:19 1gzJxs-0007Mg-Dl == test-3tjbp@mail-tester.com R=dnslookup T=remote_smtp defer (110): Connection timed out: SMTP timeout while connected to mail-tester.com [94.23.206.89] after sending data block (25910 bytes written)
2019:02:28-22:16:20 sukafun-utm exim-out[43418]: 2019-02-28 22:16:20 1gzKXM-0008JN-HK == test-37cxi@mail-tester.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2019:02:28-22:16:20 sukafun-utm exim-out[43422]: 2019-02-28 22:16:20 1gzKP8-00083Z-Gr == test-37cxi@mail-tester.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host
2019:02:28-22:16:20 sukafun-utm exim-out[40075]: 2019-02-28 22:16:20 End queue run: pid=40075
 
 
It lets me send emails out to some domains like gmail but most of other domains not. I confirm that my ISP not blocking port 25. My UTM is connected to internet. My external DNS is correct. Tried enabling smarthost from UTM but same issue. What else should I look for? 
I receive emails fine.
 
 
Cheers
Mo


This thread was automatically locked due to age.
  • 0 in reply to DouglasFoster

    No router or firewall before UTM other than a modem which is on bridged mode. Firewall is disabled on it though. Modem firmware is on latest. UTM is on latest firmware. UTM is virtualized on Hyper-V. 

     

    I've couple of DNAT rules for my plex and my RDS portal. 

    In my firewall currently I'm allowing any to any and putting rule in top. Country filtering isn't configured.

     

     

    What UTM logs to check other than mail logs? As you can see I've done two tests, one is sending to my work email and one to my personal email.

     

    To my work email which went through:

    2019:03:03-13:43:17 sukafun-utm exim-in[5505]: 2019-03-03 13:43:17 SMTP connection from [192.168.7.77]:56087 (TCP/IP connection count = 1)
    2019:03:03-13:43:17 sukafun-utm exim-in[12644]: 2019-03-03 13:43:17 [192.168.7.77] F=<mo@sukafun.com> R=<mhassan@ahg.com.au> Accepted: from relay
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B spam acl condition: cannot parse spamd output
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B H=mail.sukafun.com [192.168.7.77]:56087 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 1h0Ju9-0003Hw-0B <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56087 P=esmtp S=25438 id=001e01d4d1c6$f71ade50$e5509af0$@sukafun.com
    2019:03:03-13:43:28 sukafun-utm exim-in[12644]: 2019-03-03 13:43:28 SMTP connection from mail.sukafun.com [192.168.7.77]:56087 closed by QUIT
    2019:03:03-13:43:29 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Ju9-0003Hw-0B moved to work queue
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0JuM-0003I5-CI <= mo@sukafun.com R=1h0Ju9-0003Hw-0B P=INPUT S=24705
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="mhassan@ahg.com.au" subject="to my work email" queueid="1h0JuM-0003I5-CI" size="24705"
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B => work R=SCANNER T=SCANNER
    2019:03:03-13:43:30 sukafun-utm smtpd[12653]: SCANNER[12653]: 1h0Ju9-0003Hw-0B Completed
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI => mhassan@ahg.com.au P=<prvs=096549b862=mo@sukafun.com> R=dnslookup T=remote_smtp H=mx1.ahg.com.au [103.44.101.111]:25 C="250 ok: Message 95638830 accepted"
    2019:03:03-13:43:32 sukafun-utm exim-out[12657]: 2019-03-03 13:43:32 1h0JuM-0003I5-CI Completed
     
     
     
    To my personal email which got spooled:
     
    2019:03:03-13:45:49 sukafun-utm exim-in[12799]: 2019-03-03 13:45:49 [192.168.7.77] F=<mo@sukafun.com> R=<sukafun@hotmail.com> Accepted: from relay
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 spam acl condition: cannot parse spamd output
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 H=mail.sukafun.com [192.168.7.77]:56204 Warning: ACL "warn" statement skipped: condition test deferred
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 1h0Jwb-0003KR-32 <= mo@sukafun.com H=mail.sukafun.com [192.168.7.77]:56204 P=esmtp S=25444 id=002d01d4d1c7$5216f3c0$f644db40$@sukafun.com
    2019:03:03-13:46:01 sukafun-utm exim-in[12799]: 2019-03-03 13:46:01 SMTP connection from mail.sukafun.com [192.168.7.77]:56204 closed by QUIT
    2019:03:03-13:46:02 sukafun-utm smtpd[5473]: QMGR[5473]: 1h0Jwb-0003KR-32 moved to work queue
    2019:03:03-13:46:10 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jww-0003L1-I7 <= mo@sukafun.com R=1h0Jwb-0003KR-32 P=INPUT S=24705
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.7.77" from="mo@sukafun.com" to="sukafun@hotmail.com" subject="to my personal email" queueid="1h0Jww-0003L1-I7" size="24705"
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 => work R=SCANNER T=SCANNER
    2019:03:03-13:46:11 sukafun-utm smtpd[12835]: SCANNER[12835]: 1h0Jwb-0003KR-32 Completed
    2019:03:03-13:46:41 sukafun-utm smtpd[12835]: SCANNER[12835]: Nothing to do, exiting.

     

    Then from mail manager I retried to send email then I get this:

    2019:03:03-13:48:40 sukafun-utm smtpd[5426]: MASTER[5426]: Action: Forcing delivery process for 1h0Jww-0003L1-I7
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write: (from [192.168.7.77]:999) syscall: Broken pipe
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 SSL_write error 5
    2019:03:03-13:49:14 sukafun-utm exim-out[12843]: 2019-03-03 13:49:14 1h0Jww-0003L1-I7 hotmail-com.olc.protection.outlook.com [104.47.34.33]: Broken pipe

     

  • 0 in reply to Mohamed Hassan

    I've rebooted UTM already multiply times. Even restored previous back of previous UTM version thinking it's something to do with latest firmware which got released few days ago.

    I de configured mail protection fully and reconfigured it.

     

    Nothing worked.

  • 0 in reply to Mohamed Hassan

    Ok,

    in the last 2 tabs of the mail setup - relaying & advanced, is there anything special in there?

    Under relaying - try turning off "scan outgoing messages" and see what happens.

    I'm still not convinced that the issue lies there though due to some mail getting through.

  • 0 in reply to Louis-M

    in the routing tab nothing configured other than allowed hosts relay which is my mail server.

    In advanced tab nothing configured and I'm using TLS v1 or higher

     

    Unticking scan outgoing emails did not make any difference.

    I'm on simple mode email protection.

  • 0 in reply to Mohamed Hassan

    I also wonder about an MTU problem, although I would expect it to cause slow performance rather than timeout.    See this issue and its responses:

    https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/80230/how-to-ignore-my-isps-dhcp-mtu-of-only-576

  • 0 in reply to DouglasFoster

    Interesting..

    But isn't the MTU size under the WAN interface overrides whatever value comes from the ISP? If I go interface advanced settings I see MTU set to 1492.

    But don't you think even if the MTU is not correct then I wouldn't be able to send emails out at all?

  • 0 in reply to Mohamed Hassan

    Finally I've figured out why my UTM is not working!

  • 0 in reply to Mohamed Hassan

    C'mon then.... spill the beans...

  • 0 in reply to Louis-M

    After thinking outside the box I fixed it!

    I plugged in a different modem which is on bridged mode my UTM sent out emails fine. Of course I factory reset the bad modem put it back into bridged mode and it started to work ^ ^

    Just another strange one.

Unfiltered HTML