Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
Hi to all,I am working on a modification for the Quarantine Report of Sophos UTM Email Protection.I am modifying the file /var/storage/chroot-smtp/etc/digest/digest and so far it works like I expect it.My question is now ... there are some script parts within this file to control the dynamic content.These syntax is f.e. <? $MsgRelease ?>.To use this example in this variable $MsgRelease the release link for a quarantined mail is stored.What I now want to achive is to paste the content of this Variable into a mailto: line but this does not work correctly as this $MsgRelease contains special characters like & which are control characters for a mailto line.In other occasions I re-formatted variables like this with HEX or converted them to a URL string but I cannot figure out which kind of script language is used on the UTM.Can someone please tell me what script language is used so that I can have a look on what commands are available on this language to reformat the output of $MsgRelease ... Thanks a lot!And yes I know working on the CLI like this modifying files means no warranty ... Best regardsJupp
Hallo Jupp and welcome to the UTM Community!
Sounds like a fun project, but did you know that if you don't have a user in the UTM, it won't send a Quarantine Report for his email address - rather a single email for each email quarantined?
Likewise, if you disable the Quarantine Report for everyone, everyone will receive an email each time an email is quarantined. If users receive individual emails instead of a Quarantine Report, they can bulk manage their quarantine with the User Portal.
You might play with those things a bit to see if there's an easier way to accomplish your goal.
Cheers - Bob
In reply to BAlfson:
Hi Bob and thanks for the warm welcome!Maybe you are right but in this special case it would be easier if I could "just" modify the generated link.Maybe it helps understanding what I want to achive by sharing this example with you:the "default" release link that is stored in the variable <? $MsgRelease ?> looks like:https://FQDN-of-UTM:3840/release.plc?proto=smtp&cluster_ID=2&message_ID=randomstring&size=size&whitelist=0What I want to achive is to "reformat" the escape characters within this link to hex so that they can be used with Outlook in a mailto link like:mailto:to-addess?subject=<? $MsgRelease with hex encoded escape characters ?>&body=To release this message from quarantine, send this email and keep the subject unchanged! %0A%0AAlternatively use the following link:%0A <? $MsgRelease with hex encoded escape characters ?>On a different system which uses Smarty Template Engine I achieved it with <? $MsgRelease|escape:'hex' ?> but on UTM it is not Smarty they use and the |escape:'hex' seems to be unknown.That´s why I am asking if someone can help me figure out which script engine is used in UTM so that I can "reformat" the escape characters in <? $MsgRelease ?> ...ThanksJupp
In reply to Jupp Schmitz:
please ... every hint is helpful and urgently needed!Thanks again!Jupp
what you describe is exactly what I would like to implement (email notification each time an email is quarantined). I have configured users (AD authentication for recipient validation). If I disable the quarantine report on global settings completely each user should receive an email each time an email is quarantined?
Using UTM 9.701-6 it does not work for me, any hints?
In reply to georg g:
Hallo Georg and welcome to the UTM Community!
This is about the SMTP Proxy - is that what you're using? If you are and it's not working as described, you might consider getting a ticket open with Sophos Support.
yes this is about the SMPT proxy. If I understand correctly you said that if Quarantine Report is generally disabled, then the UTM should send an e-mail to the recipient that the e-mail has been quarantined (e.g. because of a blocked file exension). I would love for that to work because the quarantine report twice a day is just not enough. I know there are ssh scripts out there and stuff but I am looking for an easier way.
If you're not uncomfortable at the command line, Georg, a better solution, sending a report every two hours, was proposed by someone here several years ago.
The /etc/crontab-static file is not modified by WebAdmin, so use it to permanently add cron jobs. As root at the command line, copy and paste the entire block below:
echo "30 09 * * * root /usr/local/bin/confd-client.plx set digest send_time_one 11:00:00">>/etc/crontab-staticecho "30 09 * * * root /usr/local/bin/confd-client.plx set digest send_time_two 13:00:00">>/etc/crontab-staticecho "30 13 * * * root /usr/local/bin/confd-client.plx set digest send_time_one 15:00:00">>/etc/crontab-staticecho "30 13 * * * root /usr/local/bin/confd-client.plx set digest send_time_two 17:00:00">>/etc/crontab-static
Now, to force /etc/crontab-static to be integrated into /etc/crontab, activate the Quarantine Report to be sent at 7:00 and 9:00.