We'd love to hear about it! Click here to go to the product suggestion community
Hello everyone, after updating to firmware SFOS 17.5.7 MR-7 I have received many alerts from network attacks:
'SERVER-MAIL Dovecot Submission-Login Service NULL Pointer Dereference"
can anybody help me?
thank you all
Hi, I am facing the same issue since 26th July. I contacted Sophos support and got a pathetic reply. All we need is an explanation why this is happening or an acknowledgement that Sophos is looking in to this.
Below is the reply I got to my inquiry from Sophos. I have removed my internal IP address and the name of the technical agent.
Hello Shenath,This is regarding the service request number 9037848.According to the logs, the attack is been detected and the source IP is ***.***.***.***.To drop the traffic for that signature under IPS settings.If you need immediate assistance on this case, you can contact Sophos Technical Support via phone.Telephone contact numbers can be found here:www.sophos.com/.../contact-support.aspxIN Support Lines: Toll Free: 000 800 100 8381 International: (+65) 6776 7467UK Support Lines: From UK: 0844 767 4670 (0844 SOPHOS-0) International: +44 (0)1235 465818US Support Lines: Toll Free: 1-888-SOPHOS-9 (1-888-767-4679) International: 1-781-494-5800AU Support Lines: Australia: 1300 041 895 New Zealand: 0800 884 012 International: +61 2 9409 9111Please contact us for any further assistance.Regards, ****** ************ Sophos Technical Supportwww.sophos.com/.../contact-support.aspx Get Product Notifications via SMS - Sophos Mobile Notification Service: https://sms.sophos.comSupport Knowledge Base: community.sophos.com/kbFollow us on Twitter @SophosSupportSophos Community (discussion forums): https://community.sophos.comSOPHOS - CyberSecurity made simple
Hi,description is here -> http://services.netscreen.com/documentation/signatures/SMTP%3ADOS%3ADOVECOT-NULL.html
I've got same messages when my fileserver sends me an email, and email was configured with no authentication,when i filled it up, there was no error messages at sophos side
In reply to Patryk Dobrowolski:
Seems like a false positive.
Can you give us the IPS ID?
In reply to LuCar Toni:
i've got the same issue.
The IPS ID is : 1190508052
It blocked access to the domain name of my mail server.I solved the problem by allowing the domain name in Web, Exception, add, URL : ^([A-Za-z0-9.-]*\.)?mydomainname\.fr/
I have access to my mail server again but the logs are still present...
In reply to Emmanuel Rebillard:
Would suggest two steps.
First report this issue to sophos support to get the false positive removed from IPS pattern.
Second, exclude this from your pattern: https://community.sophos.com/kb/en-us/132879