Thread Info
  • State Suggested Answer
  • +6 person also asked this people also asked this
  • Locked Locked
  • Replies 36 replies
  • Answers 3 answers
  • Subscribers 13 subscribers
  • Views 298064 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantine Report uses HTTP links instead of HTTPS

Costas

Hello everyone,

We are using UTM version 9.510-5 on hardware appliances.

After updating to version 9.510-5 on Aug 16, 2018, all users started complaining about not being able to release their rejected emails from the quarantine. When clicking on the Release link within Quarantine Report, the browsers (Chrome and Mozilla) display this page:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Additionally, a 400 Bad Request error was encountered while trying to use an ErrorDocument to handle the request.

The IE11 simply displays a Web page not found (404) message.

I figured out, the Release and Whitelist links within Quarantine Report point to a URL similar to this:

http://firewall:3840/release.plc?proto=pop3&id=233473&secure=39bf55d252ef2ca8e9be4fc5bfa75140

Then, I pasted this link into my browser and changed http to https. It worked just fine, and I got back a normal message from UTM.

Can anybody suggest where in UTM there is a setting to configure the Release and Whitelist links within Quarantine Report sent by email (see image below) to be https instead of http? I seem to have checked everything: Management, Email Protection, and all other sections...

Will appreciate any advice!



This thread was automatically locked due to age.
Parents
  • 0

    To clarify...

    I'm not seeing this.  Quarantine reports use https in 9.510-5.  That's why I suspect that you have a unique situation that Support should look at.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you Bob,

    I will contact support on Monday and post back the results.

  • 0 in reply to BAlfson

    Bob,

    Unfortunately, I am not feeling too comfortable with Linux to do your proposed version change trick. The load on the system is significant and the company operates 18 hours a day...

    I know, I can always roll it back to the previous release, but I am very curious to get a solution from Sophos. If it is going to take another week, I will be ready to roll back.

    Thank you!

  • 0 in reply to Costas

    Yes, you can roll  back to the prior version, but that requires you to re-image from ISO, thus losing logs and reporting.  My suggestion has worked for others in the past when there was a hiccup with an Up2Date like you've apparently had.

    The reason for the version change trick is that the 9.509-to-9.510 Up2Date won't install if the version is already 9.510.  The wget line downloads the 9.509-to-9.510 Up2Date package into the /var/up2date/sys directory.  The final line unpacks and prepares the Up2Date package so that you can [Apply] it in WebAdmin.

    I wouldn't be hesitant to ask Sophos Support to run these commands if you're not comfortable doing this yourself.

    Also, if my company were your reseller (not possible since you're not in the USA), I'd be all over Support to tell us where the template is for the release URL.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    This sounds very promising actually.

    Can you give more details as how to start?

    1. Connect a monitor and keyboard to UTM

    2. Login as root?

    3. ...

  • 0 in reply to Costas

    I prefer to use PuTTy to work at the command line as it will allow you to copy the block of commands above, left-click in the terminal screen and right-click to paste and execute the commands.  Download PuTTy from the author's site: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

    You will need to allow SSH on the 'Shell Access' tab of 'System Settings' and to put "Internal (Network)" or your IP into 'Allowed Networks'.

    1. Start PuTTy, put the LAN IP of the UTM into the 'Host Name' field and click [Open].
    2. Accept the servers host key.
    3. Login as loginuser.
    4. su -
    5. Enter the password for root.
    6. Copy the block of commands above and paste them into the terminal screen.
    7. When finished, enter exit to log out.
    8. Install the Up2Date in WebAdmin.

    Let us know how it goes!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to siggi_r

    OK, I have the same problem and maybe an important hint.

    I just found out the following:

    If I receive SPAM in a POP3-Quarantine, the link is wrong (http)

    If I receive SPAM via SMTP, the link works correctly (https)

    Maybe that's why SOPHOS can't find the problem, because they test SMTP and not POP3?

  • 0 in reply to Michael Lupp

    Thank you Michael,

    This is very interesting comment. I just forwarded it to Sophos. Will post their feedback if any.

  • 0 in reply to BAlfson

    Bob,

    Thank you for very detailed instructions!

    BAlfson said:
    1. Start PuTTy, put the LAN IP of the UTM into the 'Host Name' field and click [Open].
    2. Accept the servers host key.
    3. Login as loginuser.
    4. su -
    5. Enter the password for root.
    6. Copy the block of commands above and paste them into the terminal screen.
    7. When finished, enter exit to log out.
    8. Install the Up2Date in WebAdmin.

    This worked perfectly in one of my UTM (the other was under Sophos' support case with Support Access enabled). I was able to login, execute the commands.Then, in a few minutes after completing the download, without rebooting UTM, it offered me to install a "new" version, 9.510-5, which I scheduled for 4:30PM. UTM installed the update, and here are the logs:

    2018:09:12-16:30:02 firewall-1 auisys[17752]: Starting Up2Date Package Installer
2018:09:12-16:30:02 firewall-1 auisys[17752]: Install u2d packages <sys>
2018:09:12-16:30:02 firewall-1 auisys[17752]: Starting installing up2date packages for type 'sys'
2018:09:12-16:30:02 firewall-1 auisys[17752]: Installing up2date package: /var/up2date/sys/u2d-sys-9.509003-510005.tgz.gpg
2018:09:12-16:30:02 firewall-1 auisys[17752]: Verifying up2date package signature
2018:09:12-16:30:04 firewall-1 auisys[17752]: Unpacking installation instructions
2018:09:12-16:30:05 firewall-1 auisys[17752]: parsing installation instructions
2018:09:12-16:30:05 firewall-1 auisys[17752]: Unpacking up2date package container
2018:09:12-16:30:06 firewall-1 auisys[17752]: Running pre-installation checks
2018:09:12-16:30:07 firewall-1 auisys[17752]: Package libsaviglue-9.50-31.g5e3c21d.rb5.i686.rpm is already installed, skipping
2018:09:12-16:30:07 firewall-1 auisys[17752]: Package cm-nextgen-agent-9.50-16.gc08104a.rb5.i686.rpm is already installed, skipping
2018:09:12-16:30:07 firewall-1 auisys[17752]: Package firmwares-bamboo-9400-0.293035296.g3733ac8.rb2.i586.rpm is already installed, skipping
2018:09:12-16:30:07 firewall-1 auisys[17752]: Package hostapd-2.2-1.0.287145451.ga02be97.rb6.i686.rpm is already installed, skipping
2018:09:12-16:30:08 firewall-1 auisys[17752]: Package modurlhardening-9.50-222.g4fa60fe.rb6.i686.rpm is already installed, skipping
2018:09:12-16:30:08 firewall-1 auisys[17752]: Package perf-tools-3.12.74-0.292688430.ga5ef2ae.rb5.i686.rpm is already installed, skipping
2018:09:12-16:30:08 firewall-1 auisys[17752]: Package red-firmware2-5125-0.282730588.g354eda3d8.rb7.noarch.rpm is already installed, skipping
2018:09:12-16:30:08 firewall-1 auisys[17752]: Package red15-firmware-5125-0.282730547.g89c84b337.rb10.noarch.rpm is already installed, skipping
2018:09:12-16:30:08 firewall-1 auisys[17752]: Package samba-4.6.8-4.gae6a03c.rb2.i686.rpm is already installed, skipping
2018:09:12-16:30:08 firewall-1 auisys[17752]: Package ulogd-2.1.0-133.g0d89a85.rb5.i686.rpm is already installed, skipping
2018:09:12-16:30:08 firewall-1 auisys[17752]: Package ep-reporting-9.50-54.g9e81107.rb4.i686.rpm is already installed, skipping
2018:09:12-16:30:09 firewall-1 auisys[17752]: Package ep-reporting-c-9.50-151.g7de2457.rb3.i686.rpm is already installed, skipping
2018:09:12-16:30:09 firewall-1 auisys[17752]: Package ep-reporting-resources-9.50-54.g9e81107.rb4.i686.rpm is already installed, skipping
2018:09:12-16:30:09 firewall-1 auisys[17752]: Package ep-awed-9.50-58.g7de6526.rb5.i686.rpm is already installed, skipping
2018:09:12-16:30:09 firewall-1 auisys[17752]: Not installing optional ep-branding-ASG-afg
2018:09:12-16:30:09 firewall-1 auisys[17752]: Not installing optional ep-branding-ASG-ang
2018:09:12-16:30:09 firewall-1 auisys[17752]: Package ep-branding-ASG-asg-9.50-78.gabee2c3.noarch.rpm is already installed, skipping
2018:09:12-16:30:10 firewall-1 auisys[17752]: Not installing optional ep-branding-ASG-atg
2018:09:12-16:30:10 firewall-1 auisys[17752]: Not installing optional ep-branding-ASG-aug
2018:09:12-16:30:10 firewall-1 auisys[17752]: Package ep-confd-9.50-1822.g447351b3.i686.rpm is already installed, skipping
2018:09:12-16:30:10 firewall-1 auisys[17752]: Package ep-ha-daemon-9.50-5.g7d07dcc.rb5.i686.rpm is already installed, skipping
2018:09:12-16:30:10 firewall-1 auisys[17752]: Package ep-init-9.50-38.g352a07a.rb8.noarch.rpm is already installed, skipping
2018:09:12-16:30:10 firewall-1 auisys[17752]: Package ep-libs-9.50-33.g690bd32.rb9.i686.rpm is already installed, skipping
2018:09:12-16:30:10 firewall-1 auisys[17752]: Package ep-logging-9.50-18.g10653ef.rb3.i686.rpm is already installed, skipping
2018:09:12-16:30:10 firewall-1 auisys[17752]: Package ep-mdw-9.50-1060.gc9c553bb.rb9.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-postgresql92-9.50-109.g359d1c5.rb8.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-postgresql92-64-9.50-109.g359d1c5.rb7.x86_64.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-screenmgr-9.50-3.g07035cc.rb46.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-utm-watchdog-9.50-88.ge2d9ca8.rb2.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-webadmin-9.50-1416.gb92b94217.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-webadmin-contentmanager-9.50-84.g749571d.rb20.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-chroot-httpd-9.50-37.g1cad00c.rb4.noarch.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package ep-chroot-smtp-9.50-149.g1ad0a54.rb2.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package chroot-bind-9.10.7-0.292458892.g9711d3a.rb2.i686.rpm is already installed, skipping
2018:09:12-16:30:11 firewall-1 auisys[17752]: Package chroot-ntp-4.2.8p11-0.gc174a78.rb3.i686.rpm is already installed, skipping
2018:09:12-16:30:12 firewall-1 auisys[17752]: Package chroot-smtp-9.50-24.gb41bc0f8.rb3.i686.rpm is already installed, skipping
2018:09:12-16:30:12 firewall-1 auisys[17752]: Package ep-httpproxy-9.50-547.g1f8aab75.rb3.i686.rpm is already installed, skipping
2018:09:12-16:30:12 firewall-1 auisys[17752]: Not installing optional kernel-smp
2018:09:12-16:30:12 firewall-1 auisys[17752]: Package kernel-smp64-3.12.74-0.292688430.ga5ef2ae.rb5.x86_64.rpm is already installed, skipping
2018:09:12-16:30:12 firewall-1 auisys[17752]: Package ep-release-9.510-5.noarch.rpm is already installed, skipping
2018:09:12-16:30:12 firewall-1 auisys[17752]: Creating automatic configuration backup
2018:09:12-16:30:13 firewall-1 auisys[17752]: Starting up2date package installation
2018:09:12-16:30:26 firewall-1 auisys[17752]: New system version: 9.510005
2018:09:12-16:30:26 firewall-1 auisys[17752]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.510005" package="sys"
2018:09:12-16:30:26 firewall-1 auisys[17752]: [INFO-302] New Firmware Up2Date installed
2018:09:12-16:30:47 firewall-1 auisys[17752]: Up2Date Package Installer finished, exiting
2018:09:12-16:30:47 firewall-1 auisys[17752]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
2018:09:12-16:30:47 firewall-1 auisys[17752]: Initiating reboot

    It looks like it did no changes though, all skipped.
    Anyway, I did another test by sending a spam email, and checked the logs. It was still there: http, not https. :(
  • 0 in reply to Costas

    Eventually, this case came to its conclusion.

    About a week ago, Sophos requested my consent to install an RPM package on my UTM.

    Then in a few days, I received a request from Sophos to check if the issue was fixed, which I did and it was fixed.

    Then I ask them to do the same update on the other site's UTM we have, and now both UTMs send quarantine reports with correct links: HTTPS!

    I appreciate everyone's input, and hope Sophos will release the next update for UTM with this bug fixed.

  • 0 in reply to Costas

    It's 2019 and firmware 9.510-5 still has the same problem - and no updates available!

    Tried reentering everything (host, port, network). Tried disabling and reenabling quarantine reports. Tried reboot...

    Still http:// release links to a https port...

     

    Any further suggestions ?

  • 0 in reply to Marcel Mommsen

    Marcel,

    This problem was resolved for me by Sophos, after I called them for support.

    Apparently, this is not very common, and solution will be included in the next release. Version 9.510-5 is still the latest as of today.

    I can suggest you to call Sophos, they will fix it for you too.

Reply
  • 0 in reply to Marcel Mommsen

    Marcel,

    This problem was resolved for me by Sophos, after I called them for support.

    Apparently, this is not very common, and solution will be included in the next release. Version 9.510-5 is still the latest as of today.

    I can suggest you to call Sophos, they will fix it for you too.

Children
Unfiltered HTML