Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +7 person also asked this people also asked this
  • Locked Locked
  • Replies 59 replies
  • Answers 3 answers
  • Subscribers 18 subscribers
  • Views 27614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail Being blocked as SPAM

cmyk_asim

Hi,

We run a UTM9 (virtual appliance) and have many customers using hardware SG appliances.  This afternoon we have have many reports of email issues, with sending and receiving from a variety of company addresses and gmail.com / hotmail.com domains.

According to the mail manager all of the emails are being dropped as confirmed spam.  Is this a dodgy pattern update?

Internally we are currently on FW 9.601-5 and pattern 161467.

I have switched reject at smtp time to off and emails are now getting quarantined.  Have logged a support call with Sophos via email and am in the phone support queue.

Any one else experiencing this?

Rgds

Asim



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    yesterday i had the same Problem

     

    Mails from co.uk are marked as SPAM (confirmed)

    I created an exception rule for *@*.co.uk. So we can recieve the Mails from our businesspartner.

     

    I also talked with the german Sophos Support and telled that mails are blocked and that my suggestion is that this might come from a bad Pattern.

    Firmware : 9.601-5

    Pattern: 161489

     

    Greetings

     

  • 0 in reply to ChristianEichin

    I can confirm this behaviour, most of emails blocked/classified as spam are coming from .co.uk domains

    ---

  • 0 in reply to GL@MO

    Appreciated that "most" emails are coming from .co.uk domains, but 

     

    but i feel that's a bit like "...most of the icebergs are not in our path captain !!"  :-) 

    Lets hope we get some sort of response soon, does Sophos actually monitor these community messages ... ?

  • 0 in reply to Colin Coleman

    https://community.sophos.com/kb/en-us/134082

     

    says to restart the cyrens service or reboot to clear the cache...

    no improvement here when doing

  • +4 in reply to GL@MO

    Guys I think I've worked out a fix for the issue.

    ssh onto the appliance - and then stop both the ctasd services:

    /var/mdw/scripts/ctasd_outbound stop

    /var/mdw/scripts/ctasd_inbound stop

    then before they restart themselves rename the ctasd cache directory:

    mv /var/cache/ctasd  /var/cache/ctasd.old

    Once the services restart emails seem to be coming through fine.

  • 0 in reply to Martin Hepworth

    Hi all,

    We have a pair of SG450 UTM Appliances (Firmware Version 9.601-5; Pattern Version 161489) running in Hot Standby Mode.

    A reboot of both appliances has had no effect whatsoever on this issue.

    I have also attempted to manually update the Pattern Version to the latest one available (apparently that is version 161493) and the appliances are failing to do this as well.

    Now having to go manually through lots of e-mails wrongly quarantined to release them.

    I'M A HAPPY CAMPER...........NOT :)

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

Reply
  • 0 in reply to Martin Hepworth

    Hi all,

    We have a pair of SG450 UTM Appliances (Firmware Version 9.601-5; Pattern Version 161489) running in Hot Standby Mode.

    A reboot of both appliances has had no effect whatsoever on this issue.

    I have also attempted to manually update the Pattern Version to the latest one available (apparently that is version 161493) and the appliances are failing to do this as well.

    Now having to go manually through lots of e-mails wrongly quarantined to release them.

    I'M A HAPPY CAMPER...........NOT :)

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

Children
No Data
Unfiltered HTML