Sophos UTM 9.510-4 released - let's share experiences!

Released yesterday:

https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-510-released

 

Found out so far, that mailmanager is broken:

Others? :-)

  • Hi,

     

    same issue here. I installed 9.510 on my SG 105W at home. I´m not using mail protection, but I checked the mail manager before and after the installation.

    After the installation i get the same error message "invalid request".

     

    Maybe mail manager is no longer necessary... Sophos fixed the quarantine report release option for end users (NUTM-9836) instead ;)

     

    Kind regards

    Daniel

  • In reply to daniel_werner:

    Same error here! Luckily only on my test UTM

  • when its broken on UTM they won't need to implement it on XG and still be on feature parity ;-) 

  • In reply to daniel_werner:

    Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

  • In reply to Raven:

    Marco Quattrocchi

    Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

     

    I too can confirm this!

     

    2018:07:20-12:11:10 mail exim-in[18132]: 2018-07-20 12:11:10 [xxx.xxx.xxx.xxx] F=<sender> R=<receiver> Verifying recipient address with callout
    2018:07:20-12:11:10 mail exim-in[18132]: 2018-07-20 12:11:10 TLS error on connection from mail.domain.com [xxx.xxx.xxx.xxx]:60542 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)
     
    Did not see it in the beginning as I validate though Active Directory normally, which works.
     
     
  • In reply to twister5800:

    New update on Mailmanager bug:

     

    Firefox: "Invalid request"

    Chrome on SAME UTM: ALL GOOD!

    Firefox as before, but cleared cookies and website data: ALL GOOD!

    :-)

  • In reply to twister5800:

    Well done :)

     

    Worked for me too. Cleared all data in Firefox and the mail manager works like a charm.

     

    Kind regards

    Daniel

  • In reply to Raven:

    Marco Quattrocchi

    Hello,

     

    I got the same error, in Edge, but in Chrome, Firefox and IE Mailmanager works perfectly.

    Then i went to another PC and from there Mailmanager opened in EDGE without problems.

     

    But i got an other serious error in this Release: RCPT Verification with callout doesnt work. Mails are not processed. Example of my logfile:

     

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 [46.254.125.74] F=<sender Address> R=<recipient Address> Verifying recipient address with callout

    2018:07:20-09:25:01 sophos-2 exim-in[32250]: 2018-07-20 09:25:01 TLS error on connection from <Senders Mail Server>:34983 (renegotiation not allowed): error:00000000:lib(0):func(0):reason(0)

    The connection  closed and the mail would not be processed.

    As a workaround, RCPT Verification in AD works as expected.

     

    As another workaround i had added <any> under SMTP/Advanced in the Box 'Skip TLS Negotiation Hosts/Networks' and now Callout is working as before...

     

    But i think its not a good way to disable TLS...

     

    Marco

     

    I had these issues before in 9.509 and haven't yet upgraded to 9.510. Skipping TLS negotiation is not wise, there are some hosts that simply won't communicate without it so you'll loose mails (try to send from Gmail and you will likely get a delivery message from Gmail hours later than you sent the mail and your mail most likely will not be delivered to your mailbox).

  • In reply to apijnappels:

    It was just a Test. But in 9.509 TLS Negotiation worked fine without Problems. Have changed it to verification in AD but would like to use callout.

  • In reply to Raven:

    Marco Quattrocchi

    It was just a Test. But in 9.509 TLS Negotiation worked fine without Problems. Have changed it to verification in AD but would like to use callout.

     

    Check this post I posted a week ago, that's when I noticed things had changed regarding recipient verification:

    https://community.sophos.com/products/unified-threat-management/f/mail-protection-smtp-pop3-antispam-and-antivirus/103994/recipient-verification-failing

  • I had my AP55 at home drop all connections, rebooted it to get devices connected again.  Took a look in the wireless log, and it's full of this:

    2018:07:22-01:19:32 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:32 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:32 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:32 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:32 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:32 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:35 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:35 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:35 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:35 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:35 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:35 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:38 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:38 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:38 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:38 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:38 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:38 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:41 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:41 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:41 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:41 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:41 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:41 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:44 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:44 firewall awed[4678]: Use of uninitialized value in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:44 firewall awed[4678]: 1 main::updateActiveAweLocalChannels
    2018:07:22-01:19:44 firewall awed[4678]: WARN -------------------------------------------------------
    2018:07:22-01:19:44 firewall awed[4678]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:22-01:19:44 firewall awed[4678]: 1 main::updateActiveAweLocalChannels

  • In reply to SteveU:

    does the ap55 still work?

  • In reply to ThorstenSult:

    AP55 is working after reboot.

    Here's something strange.  I modified /etc/hostapd/hostapd.conf-default to get the internal WiFi NIC working in case the AP55 wasn't going to by changing:

    #ht_capab=[<HT_CAPAB>]
    ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
     
    After reboot, I'm not seeing the flood of messages anymore.
  • In reply to twister5800:

    Hello Marco,

     

    i think it is the TLS Renegotation protection.

    show there https://wiki.mozilla.org/Security:Renegotiation

    i have TLS1.2 activate and it running.

    br Christian

  • In reply to SteveU:

    I removed the internal wifi (LocalWifi0) from the SSID, and the log flood returned, this time a little different:

    2018:07:23-17:01:02 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:02 crawl awed[4729]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:23-17:01:02 crawl awed[4729]: 1 main::updateActiveAweLocalChannels
    2018:07:23-17:01:02 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:02 crawl awed[4729]: Use of uninitialized value $phyNumber in string eq at awed_ng.pl line 2526.
    2018:07:23-17:01:02 crawl awed[4729]: 1 main::updateActiveAweLocalChannels
    2018:07:23-17:01:05 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:05 crawl awed[4729]: Use of uninitialized value $local_ActiveChannel in string ne at awed_ng.pl line 2515.
    2018:07:23-17:01:05 crawl awed[4729]: 1 main::updateActiveAweLocalChannels
    2018:07:23-17:01:05 crawl awed[4729]: WARN -------------------------------------------------------
    2018:07:23-17:01:05 crawl awed[4729]: Use of uninitialized value $phyNumber in string eq at awed_ng.pl line 2526.
    2018:07:23-17:01:05 crawl awed[4729]: 1 main::updateActiveAweLocalChannels