Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.

Smarthost broken after upgrade to 17.5

Hello,

I upgraded my Virtual XG Firewall from 17.1.4 to 17.5. I use the E-Mail Protection on this Appliance and today I saw that outbound emails stucks in the Mail Spool. After some investigation, I found a problem with the Smarthost. I used IPv4 and IPv6 on the appliance and my Smarthost use also both protocols. Both IP Addresses are reachable from the Sophos ssh on port 587 via telnet but I saw that the IPv6 needs a long time to replay (I think it was 3 seconds). 

In the smptd_main.log a saw that the Appliance tried to connect to both IPs of the Smarthost and both are aborted with "connection timeout". 

 

28742 H=quarkmedia.de [2a01:488:66:1000:57e6:57d3:0:1]:587 Connection timed out
2018-12-14 18:04:18.529 [28742] rI1E1F-RAlTyC-6j H=quarkmedia.de [2a01:488:66:1000:57e6:57d3:0:1]:587 Connection timed out
28742 locking /sdisk/spool/output//db/retry.lockfile
28742 Relate with Firewall rule id: 3
28716 LOG: MAIN
28716 H=quarkmedia.de [87.230.87.211]:587 Connection timed out
2018-12-14 18:04:18.561 [28716] HLr3jf-SmNg2S-v3 H=quarkmedia.de [87.230.87.211]:587 Connection timed out
28716 locking /sdisk/spool/output//db/wait-smarthost_smtp.lockfile
28715 LOG: MAIN
28715 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (110): Connection timed out
2018-12-14 18:04:18.562 [28715] HLr3jf-SmNg2S-v3 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (110): Connection timed out

28824 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (-53): retry time not reached for any host for 'gmail.com'
2018-12-14 18:04:33.517 [28824] HLr3jf-SmNg2S-v3 == mail@tld.de R=smart_host_route T=smarthost_smtp defer (-53): retry time not reached for any host for 'gmail.com'

 

I think the timeout is too short but I found no settings where I can increase the timeout.