Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
I installed V18 yesterday on our xg 210v3 and now all outgoing email is in quarantaine because of the DKIM verification feature, the odd thing is that we never enabled that feature and turning it on or off, or making an exception for this mail server nothing works so i guess we have to roll back and wait till a proper release....
emails are quarantined by XG or by the target server?
In reply to lferrara:
the emails are quarantined by the XG it's our own (exchange) mail server that sends the mail through the Sophos XG (antispam module)
In reply to Pascal Groos:
Did you generate the public and private key via ssh commands?
Then, did you upload the private key and the key selector in the web UI?
DKIM signing and DKIM verification are not enabled (and never were) on the XG. so no i did not do that.
if the feature in UI is off, you should log a ticket with support. Once you created the ticket, update the thread.
I fully understand the issue and maybe rollback to 17.5.9 is the only option.
I am curious, will setting DKIM on, saving, turning it off, saving - Resolve this issue?
But DKIM should not be enabled by default (was not on any on my tests appliances).
In reply to LuCar Toni:
It isn't enabled (well apparently it is somehow but it doesn't say so in the UI) and i never enabled it! , turning it on and use the option to accept when DKIM fails even doesnt resolve it. even when i make an exception for this server (and check DKIM verification) it won't pass the mails through....
the only workaround for now is configuring DKIM signing for this domain on the XG so i did that (which offcourse isn't a bad thing but i like to have it as an option and now it is somewhat mandatory ;) )
the other strange thing is that this doesn't affect our other mail server which is also behind this XG... (different zone / vLAN)
Do you have a subscription on your Product? I would likely open a support case to get the Logs analyzed.
Or you try it at your own.
Yeah it's a 2 month old xg210 (v3) i've got an Fullguard subscription on it, the workaround (configuring DKIM) fixes our problem but i can imagine you guys wanna check our logs as it's likely more customers will run into this.
please open a ticket ASAP and let us know.
I have opened a ticket: #9722085
Hi Pascal Groos
Apologies for any inconvenience caused. Thank you for sharing your support case number, H_Patel will follow up with you to investigate further.
Hi Pascal Groos,
Thank you for providing the case number. This case is assigned to one of the senior engineer.
Could you also share SMTP deployment mode? Is it Legacy mode or MTA?
Could you please provide support access id on the ticket? If possible, could you provide smtpd_main.log?
KB Article for how to access XG CLI : Sophos Firewall: How to enable SSH connection
KB Article for logs : Sophos XG Firewall: Logfile guide
I have created FTP credential and command for you to upload logs to Sophos FTP server. I am going to send you PM.
In reply to H_Patel:
I've uploaded the logs and enabled remote access.
Hi Pascal Groos,
Thank you for the update. Could you please PM me or update the case with the support access id?