Sophos UTM Blacklist Removal

You may have an issue for example where you have a website published on your Sophos UTM but certain users are unable to connect to it.  This maybe because the client IP address is on a Sophos UTM Blacklist.

If this is the case check the reverseproxy.log from the command line or the Web Application Firewall log direct from the UTM GUI.

If this is the case you will see authz_blacklist:warn in the log as well as the list that it is blocked on, for example DNSRBL black.rbl.ctipd.astaro.local 

Sophos UTM’s use Cyren as their blacklist provider.

If the client is blocked in the logs check on the Cyren website, as it will probably show as suspect on there :-

http://www.cyren.com/security-center/ip-reputation-check

If this is the case, there should be an option on that page to unblock your IP address, this usually takes a few hours to apply, once applied on the website it may take an hour or so to update on the UTM.



Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: