Sophos UTM 9.510-4 released - let's share experiences!

Released yesterday:

https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-510-released

 

Found out so far, that mailmanager is broken:

Others? :-)

  • In reply to twister5800:

    My name in the callout verification tls issue hat as well.  Hopefully a quick 9.510-5+ build with the appropriate fix.

    Anyone opened a ticket on this yet?

  • In reply to RodneyWilder:

    you can switch the TLS-Version to 1.2 in the advanced tab since 9.510. After that, callout verification works.

  • In reply to ThorstenSult:

    No luck. After switching to TLS 1.2 the same error occurs:

     

    2018-07-30 11:23:13 [46.254.125.74] F=<prvs=074914ada1=sender> R=<rcpt> Verifying recipient address with callout
    2018:07:30-11:23:13 sophos-2 exim-in[50277]: 2018-07-30 11:23:13 TLS error on connection from <mailserver> (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
     
  • In reply to Raven:

    My bad! This is incorrect information.

  • Seeing a ton of these messages every few seconds in the DNS proxy log.

    No idea where to even look to resolve this...?   Don't see these messages in the previous logs, only after updating to 9.510-4.

    UPDATE:

    This flood of messages occurs when dns forwarding is configured (network services/dns/forwarders). Doesn't matter what goes in there, google, cloudflare, opendns, etc.  All cause these messages to be generated multiple times a minute. Happens regardless if "Use forwarders assigned by ISP" is checked ornot.

    UPDATE 2:

    Set up a test utm installation. Using ssh to do nslookups directly from the utm.  Every time a dns lookup is initiated (ping, nslookup), the resolver priming query line below is generated in the log if a dns forwarder is configured.  This is reproducible on the main utm too.

    So to keep the flood of these from filling up the dns proxy log, nothing on the dns forwarding screen needs to be configured or checked.

    2018:07:30-18:38:58 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:38:59 utm named[5294]: resolver priming query complete
    2018:07:30-18:38:59 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:39:04 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:10 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:11 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:39:16 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:25 utm named[5294]: resolver priming query complete
    2018:07:30-18:39:48 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:06 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:10 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:16 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:18 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:24 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:24 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:30 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:30 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:35 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:38 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:41 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:41 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:42 utm named[5294]: resolver priming query complete
    2018:07:30-18:40:42 utm/utm named: Last message 'resolver priming que' repeated 1 times, suppressed by syslog-ng on utm.local.lan
    2018:07:30-18:40:51 utm named[5294]: resolver priming query complete

  • In reply to Jay Jay:

    Decided to role back to 9.509-3.  Read elsewhere on here that restoring a backup from a newer utm build is not recommended to an older utm.  Wasted 3 hours this morning redoing the changes I've made since (lots of webfiltering changes).  Lesson well learned.  In the future will only upgrade when there's no changes being made, at least for some period of time.  Otherwise, unless you like to do lots of testing, don't upgrade manually until the patch is officially pushed.  Even then, probably a good idea to wait some time for any unforeseen issues.

    And of course, backup backup backup before installing anything.  In the vm environment it's easy enough to make a snapshot of the system so there minimal log loss.  Otherwise at least you have your configuration backup, but no logs.

    FWIW, my latest backup was from 7/29 so loss wasn't too significant but still a hassle.

    Note, I did open a ticket with support but haven't received any response yet.

    Edit: Appears ticket was closed without any notification or reason.  Nice!

  • In reply to Jay Jay:

    Webmin an Userportal are not reachable via public address from internal lan. Has anyone the same issue? Problem with loopback?

     

  • In reply to RodneyWilder:

    Hi!,

    I upgraded to 9.510-4 and have Recipient Verification with callout problems.

    A few day's I opened a ticket regarding this issue.
    Anyone else having this same problem or ticket opened ? 

    Regards, Stephan

  • Hi, thanks for reporting this issue and sorry for the inconvenience.

    We replaced the update from 9.509 to 9.510 (http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.509003-510005.tgz.gpg) and also uploaded the update for all who have installed the previous one (ftp.astaro.de/.../u2d-sys-9.510004-510005.tgz.gpg).

    I updated the release notes at https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-510-released accordingly.

  • In reply to talex:

    Hi  

     

    Thanks for this, as this up2date only contains:

    Up2Date 9.510005 package description:
    
    Remark:
     System will be rebooted
    
    News:
     Hotfix Release
    
    RPM packages contained:
     ep-webadmin-9.50-1416.gb92b94217.i686.rpm         
     chroot-smtp-9.50-24.gb41bc0f8.rb3.i686.rpm        
     ep-release-9.510-5.noarch.rpm                   

    Is it only the "Mailmanager *bug*" that's fixed or have you fixed anything else?



  • In reply to twister5800:

    the release contains two additional changes:

    • NUTM-10124 [Email] TLS Errors - renegotiation not allowed
    • NUTM-10118 [Reporting] Authenticated Remote Code Execution in WebAdmin
  • In reply to talex:

    @Talex Does this hotfix address any of the dns forwarding logging issues described above?

  • In reply to talex:

    Hi!

     

    Yesterday I have installed the hotfix without any issues.

    Also the Verification with callout seems  to work fine now.
    Anyone else also installed the hotfix (9.510-5) with success?

     

    Thanks and regards!

  • In reply to talex:

    Hi,

    The TLS issue appears to be fixed.

    Though 'resolver priming query complete' still visible in the 'DNS proxy' logs on my test system.

  • In reply to Peter Hermsen:

    9.501-5 works fine! THX 4 the hotfix.