Unplanned Outage: Due to a technical glitch, customers might see higher wait times on Sophos Call Lines. We request for your kind cooperation. Please prefer logging a case via Sophos Support Portal, unless the situation is critical for you.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ToC - Some emails are translated incorrectly. The first word is translated in Http://firstword

Dear Community,

I have a customer who is running SEA Physical Appliance with 4.5.3 on it.

Toc is configured as shown below:

Here is the logs from SEA appliance:

Log Email - ToC url rewrite.txt
2020-01-28 12:27:29 sophosmail postfix/smtpd[37324]: 6CF656AB60E6_E301AA1F: client=o3.email.wetransfer.com[192.254.123.42]
2020-01-28 12:27:29 sophosmail postfix/cleanup[41120]: 6CF656AB60E6_E301AA1F: message-id=<wtm.6965a0c0-wsde-43a5-a28d-6c7d4edb195c@wetransfer.com>
2020-01-28 12:27:30 sophosmail postfix/qmgr[5709]: 6CF656AB60E6_E301AA1F: from=<bounces+922094-9e72-xxxxxxxxxx@em9713.email.wetransfer.com>, size=44774, nrcpt=1 (queue active)
2020-01-28 12:27:33 sophosmail postfix/smtp[43953]: 6CF656AB60E6_E301AA1F: to=<xxxxxxxxxx@xxxx.com>, relay=127.0.0.1[127.0.0.1]:10025, conn_use=2, delay=7.9, delays=5.3/0/0/2.6, dsn=2.0.0, status=sent (250 OK, sent 5E301AA2_91269_15229_2 558016AB7B19_E301AA5B)
2020-01-28 12:27:33 sophosmail postfix/qmgr[5709]: 6CF656AB60E6_E301AA1F: removed
2020-01-28 12:27:33 sophosmail postfix/backend/smtpd[42879]: 558016AB7B19_E301AA5B: client=localhost.localdomain[127.0.0.1]
2020-01-28 12:27:33 sophosmail postfix/backend/cleanup[44203]: 558016AB7B19_E301AA5B: message-id=<wtm.6965a0c0-wsde-43a5-a28d-6c7d4edb195c@wetransfer.com>
2020-01-28 12:27:33 sophosmail postfix/backend/qmgr[5796]: 558016AB7B19_E301AA5B: from=<bounces+922094-9e72-xxxxxxxxxxxxxx@em9713.email.wetransfer.com>, size=47160, nrcpt=1 (queue active)
2020-01-28 12:27:34 sophosmail postfix/backend/smtp[40697]: 558016AB7B19_E301AA5B: to=<xxxxxxxxxx@xxxx.com>, relay=10.0.0.173[10.0.0.173]:25, delay=1.2, delays=0/0/0/1.2, dsn=2.6.0, status=sent (250 2.6.0 <wtm.6965a0c0-9f5d-43a5-a28d-6c7d4edb195c@wetransfer.com> [InternalId=515396077516, Hostname=ex2016.xxxxxx.local] 48542 bytes in 1.131, 41,910 KB/sec Queued mail for delivery)
2020-01-28 12:27:34 sophosmail postfix/backend/qmgr[5796]: 558016AB7B19_E301AA5B: removed
2020-01-28 12:27:30 sophosmail milter[91269]: 5E301AA2_91269_15229_2: Sandstorm header not found.
2020-01-28 12:27:30 sophosmail milter[91269]: 5E301AA2_91269_15229_2: X-Sophos headers have been stripped.
2020-01-28 12:27:30 sophosmail milter[91269]: 5E301AA2_91269_15229_2: HISTORIAN: Query results: 'ip=192.254.123.42,fs=0,da=149865682,mc=1,sc=0,hc=1,sp=0,fso=149633333,re=626,sd=0,hd=0'
2020-01-28 12:27:33 sophosmail milter[91269]: 5E301AA2_91269_15229_2: accepted
2020-01-28 12:27:33 sophosmail milter[91269]: 5E301AA2_91269_15229_2: msg times: r=2.64s u=0.23s s=0.01s

and this is the email how it looks like

Anyone has this issue? I even opened a ticket with support but they need to have the email before traversing SEA.

Is that normal?

Thanks



This thread was automatically locked due to age.
  • Hi  

    Did the original email contain the formating details of the Email? What content of the original email was changed? Also, please DM me the case number, I'll have a look at it.

    Regards

    Jaydeep
    Ex-Sophos Member

  • Sure.

    I have sent you a PM.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • After several investigation, the history is:

    since there are images embedded in the body of the message (most of the time before the first work "Dear User bla bla bla" ToC traslates even the link embedded in the pictures.

    I asked an enhancement to let Admins decide if the url behind the message needs to be translated or not. This is risky but admins can decide if traslates all urls in the body or only urls not behind an image.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • If some ESA users can reproduce the behaviour, this could help the Sophos Team. Body of the message should remain as it is an never translated even if there is an image with an embedded link.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect