SPX

Hallo,
ich habe ein Problem mit den intern von der UTM versendeten Emails mit den Passworten bei den Optionen ‚generated und stored for recipient‘ und ‚generated one-time….‘. Ich sehe im SMTP Log, das entsprechende Email erzeugt werden, es kommt aber keine bei mir an. Der Empfäger erhält eine verschlüsselte Email. Das gleiche Problem tritt auf, wenn bei der Verschlüsselung Fehler auftreten. Auch die dann erzeugte Email kommt nicht bei mir an.
Hat vielleicht jemand einen Tipp für mich?
Danke.

  • Hallo,

    Erstmal herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Sad)

    I don't understand what email you expect to receive with either of those two settings.

    What selection do you have for 'SPX Notification Settings'?

    MfG - Bob (Bitte auf Deutsch weiterhin.)

  • In reply to BAlfson:

    Hi Bob,

    when I use the option 'Generated one-time password for every email' or 'Generated and stored for recipient' I expect an email with the generated password to communicate it to the recipient. These emails are missing or lost. The same problem occurs, when I do a mistake (e.g password to short). In this case the email will not be sent to the recipient and I don't get any information (email) about that. The SPX Notification is set to 'sender'.

    MFG Fritz

  • In reply to F K:

    Thanks Fritz,

    I had understood your German post, but I was mistaken about the functionality.  I looked at both selections as ones where the recipient received a separate email containing the password directly from the UTM - not having clients that use the UTM's SPX encryption, I had forgotten that it was supposed to send the password to the sender.

    Do you receive notifications, backups and or Executive Reports at the address from which you are sending?  Have you looked in Mail Manager to see if these password emails are in the SMTP Spool?  On the 'SMTP Log' tab, what do you see when you filter on 'IP/Net/Address/Subj. substring' for the sender's address?

    MfG - Bob (Bitte auf Deutsch weiterhin.)

  • In reply to BAlfson:

    Hi Bob,

    ich bekomme keine notifications, backups or executive reports.

    Unter Management -> Notifications ist ein externer Empfänger eingetragen

    Die Mails hängen nicht im SMTP Spool.

    Im SMTP Live log sehe ich die Meldung, dass eine Email 'spx notificatin' an micht gesndet wird.

    Im SMTP Log sehe ich, dass die ORiginal Email an den Empfänger gesendet wird, die Benachrichtigungs Email sehe ich nicht.

    Gruß aus Köln

    Fritz

  • In reply to F K:

    (Danke für das Schreiben auf Deutsch !)

    Im SMTP Live log sehe ich die Meldung, dass eine Email 'spx notificatin' an micht gesndet wird.

    Paste here the section of the log that includes that and shows what the SMTP Proxy did with the email to you.  My guess is that it's in the spam folder of your email account and that the logs will show that it was delivered to your mail server.

    MfG - Bob (Bitte auf Deutsch weiterhin.) 

  • In reply to BAlfson:

    2018:08:02-18:51:39 srv-k-fw-01 smtpd[2037]: SCANNER[2037]: Nothing to do, exiting.
    2018:08:02-18:51:59 srv-k-fw-01 exim-in[6513]: 2018-08-02 18:51:59 SMTP connection from [103.218.2.239]:55708 (TCP/IP connection count = 1)
    2018:08:02-18:52:00 srv-k-fw-01 exim-in[2309]: 2018-08-02 18:52:00 SMTP connection from (mail.wp-kroeger.de) [103.218.2.239]:55708 closed by QUIT
    2018:08:02-18:52:00 srv-k-fw-01 exim-out[2313]: 2018-08-02 18:52:00 Start queue run: pid=2313
    2018:08:02-18:52:00 srv-k-fw-01 exim-out[2313]: 2018-08-02 18:52:00 End queue run: pid=2313
    2018:08:02-18:52:53 srv-k-fw-01 exim-in[6513]: 2018-08-02 18:52:53 SMTP connection from [192.168.5.11]:46656 (TCP/IP connection count = 1)
    2018:08:02-18:52:53 srv-k-fw-01 exim-in[2521]: 2018-08-02 18:52:53 [192.168.5.11] F=<fritz.kroeger@kroesys.de> R=<fk@mungen.de> Accepted: from relay
    2018:08:02-18:52:53 srv-k-fw-01 exim-in[2521]: 2018-08-02 18:52:53 1flGqL-0000ef-0m <= fritz.kroeger@kroesys.de H=(SRV-K-DC-01.kroeger.local) [192.168.5.11]:46656 P=esmtps X=TLSv1.2:AES256-SHA:256 S=3409 id=00bb1ab7cdda488fa686590aa4799883@SRV-K-DC-01.kroeger.local
    2018:08:02-18:52:53 srv-k-fw-01 exim-in[2521]: 2018-08-02 18:52:53 SMTP connection from (SRV-K-DC-01.kroeger.local) [192.168.5.11]:46656 closed by QUIT
    2018:08:02-18:52:54 srv-k-fw-01 smtpd[6275]: QMGR[6275]: 1flGqL-0000ef-0m moved to work queue
    2018:08:02-18:53:00 srv-k-fw-01 smtpd[2551]: SCANNER[2551]: 1flGqS-0000f9-Cr <= fritz.kroeger@kroesys.de R=1flGqL-0000ef-0m P=INPUT S=2103
    2018:08:02-18:53:00 srv-k-fw-01 smtpd[2551]: SCANNER[2551]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.5.11" from="fritz.kroeger@kroesys.de" to="fk@mungen.de" subject="TEst" queueid="1flGqS-0000f9-Cr" size="2103" reason="spx" extra=""
    2018:08:02-18:53:00 srv-k-fw-01 smtpd[2551]: SCANNER[2551]: 1flGqS-0000f9-Cr [SPX] SPX Encryption starts with profile: REF_SpxTemKrfTemplStore and password type: stored
    2018:08:02-18:53:00 srv-k-fw-01 exim-out[2558]: 2018-08-02 18:53:00 Start queue run: pid=2558
    2018:08:02-18:53:00 srv-k-fw-01 exim-out[2558]: 2018-08-02 18:53:00 End queue run: pid=2558
    2018:08:02-18:53:00 srv-k-fw-01 smtpd[2551]: SCANNER[2551]: 1flGqS-0000f9-Cr [SPX] SPX encryption was successfull
    2018:08:02-18:53:01 srv-k-fw-01 smtpd[2551]: SCANNER[2551]: 1flGqT-0000f9-2d <= do-not-reply@fw-notify.net name="spx notification" to="fritz.kroeger@kroesys.de" R=1flGqS-0000f9-Cr
    2018:08:02-18:53:01 srv-k-fw-01 smtpd[2551]: SCANNER[2551]: 1flGqL-0000ef-0m => work R=SCANNER T=SCANNER
    2018:08:02-18:53:01 srv-k-fw-01 smtpd[2551]: SCANNER[2551]: 1flGqL-0000ef-0m Completed
    2018:08:02-18:53:01 srv-k-fw-01 exim-out[2562]: 2018-08-02 18:53:01 1flGqT-0000f9-2d => fritz.kroeger@kroesys.de P=<do-not-reply@fw-notify.net> R=static_route_hostlist T=static_smtp H=192.168.5.11 [192.168.5.11]:25 X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 C="250 2.6.0 <3e1e4c11fbcf4f70835ba1aa961dfc30@SRV-K-DC-01.kroeger.local> [InternalId=150401164771387, "
    2018:08:02-18:53:01 srv-k-fw-01 exim-out[2562]: 2018-08-02 18:53:01 1flGqT-0000f9-2d Completed
    2018:08:02-18:53:02 srv-k-fw-01 exim-out[2561]: 2018-08-02 18:53:02 1flGqS-0000f9-Cr => fk@mungen.de P=<prvs=0752ba4aed=fritz.kroeger@kroesys.de> R=dnslookup T=remote_smtp H=mx1.agenturserver.de [185.15.192.56]:25 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 C="250 2.0.0 from MTA(smtp:[172.16.51.50]:10025): 250 2.0.0 Ok: queued as DDAC57FAEE"
    2018:08:02-18:53:02 srv-k-fw-01 exim-out[2561]: 2018-08-02 18:53:02 1flGqS-0000f9-Cr Completed
     
    This is the copy of the SMTP LOG. The corresponding lines are marked.
    The system works pretty good. THe password ist stored for the recipient.
    But i can't see it.
    If I don't reset the password and send another email to the same recipient, the marked information does not appear.
  • In reply to F K:

    2018:08:02-18:53:02 srv-k-fw-01 exim-out[2561]: 2018-08-02 18:53:02 1flGqS-0000f9-Cr Completed

    So, it looks like the Proxy delivered the email to R=static_route_hostlist T=static_smtp H=192.168.5.11.  What's that at .11?

    Cheers - Bob

  • In reply to BAlfson:

    192.168.5.11 is the domain controller server and exchange server

    regards Fritz

  • In reply to F K:

    I'd check the Exchange logs, Fritz.  According to the UTM's SMTP logs, it accepted the message.

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob,

    the problem is solved.

    UTM was ok, Exchange was ok.

    The problem was withoin Outlook. I've specified a rule to store Sophos Quarantine mails in a specific folder.

    All messages from the UTM were stored there, also the 'missing' password mails.

    After changing the rule everything is ok.

    Sorry for the confusion.

    Another small thing. where I don't know wether it's missing functionality or wrong handling:

    When I open 'New Mail' I get the encryption button to encrypt this mail. => correct

    When I want to answer to a received mail, the button is not in place. => ???

    Thanks for your help

    Fritz