Need help - API CODE 599 Email Config

hello
every wenn i access via api the "EmailConfiguration" then this come "You do not have permission for the requested entity"
my account is the main admin account.
 
wenn i make this that is fine:
INPUT:
<Request>
<Login>
<Username>xxxxxx</Username>
<Password>xxxxx</Password>
</Login>
<get>
<SystemServices>
</SystemServices>
</get>

</Request>
 
 
OUTPUT:
<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1702.1" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<SystemServices transactionid="">
<AntiSpam>
<Action>Start</Action>
<Status>RUNNING</Status>
</AntiSpam>
<AntiVirus>
<Action>Start</Action>
<Status>RUNNING</Status>
</AntiVirus>
<Authentication>
<Action>Restart</Action>
<Status>RUNNING</Status>
</Authentication>
<DHCPServer>
<Action>Stop</Action>
<Status>UNREGISTERED</Status>
</DHCPServer>
<DNSServer>
<Action>Start</Action>
<Status>RUNNING</Status>
</DNSServer>
<IPS>
<Action>Start</Action>
<Status>RUNNING</Status>
</IPS>
<WebProxy>
<Action>Restart</Action>
<Status>RUNNING</Status>
</WebProxy>
<WAF>
<Action>Start</Action>
<Status>RUNNING</Status>
</WAF>
<DHCPv6Server>
<Action>Stop</Action>
<Status>UNREGISTERED</Status>
</DHCPv6Server>
<RouterAdvertisementService>
<Action>Stop</Action>
<Status>UNREGISTERED</Status>
</RouterAdvertisementService>
</SystemServices>
</Response>
 
 
but wenn i try this:
INPUT:
<Request>
<Login>
<Username>xxxxxx</Username>
<Password>xxxxxxx</Password>
</Login>
<get>
<EmailConfiguration>
<GeneralSettings>
<EmailSignature></EmailSignature>
<EmailBannerMode></EmailBannerMode>
</GeneralSettings>
<SMTPSSettings>
<DontScanEmailsGreaterThan></DontScanEmailsGreaterThan>
<ActionForOversizeEmails></ActionForOversizeEmails>
<BypassSpamCheck></BypassSpamCheck>
<VerifySendersIPReputation></VerifySendersIPReputation>
<SMTPSDosSettings></SMTPSDosSettings>
<ConfirmSpamAction></ConfirmSpamAction>
<ProbableSpamAction></ProbableSpamAction>
<MaximumConnections></MaximumConnections>
<MaximumConnectionsHost></MaximumConnectionsHost>
<MaximumEmailsConnection></MaximumEmailsConnection>
<MaximumRecepientsEmail></MaximumRecepientsEmail>
<EmailsRate></EmailsRate>
<ConnectionsRate></ConnectionsRate>
</SMTPSSettings>
<POPIMAPSettings>
<DontScanEmailsGreaterThan></DontScanEmailsGreaterThan>
<RecipientHeaders>
<Header></Header>
<Header></Header>
<Header></Header>
</RecipientHeaders>
</POPIMAPSettings>
<SMTPTLSConfiguration>
<TLSCertificate></TLSCertificate>
<AllowInvalidCertificate></AllowInvalidCertificate>
<RequireTLSWithHost></RequireTLSWithHost>
<RequireTLSWithSenderDomain></RequireTLSWithSenderDomain>
<SkipTLSHosts></SkipTLSHosts>
<SkipTLSHosts></SkipTLSHosts>
<DisableTLS1></DisableTLS1>
</SMTPTLSConfiguration>
<POPSIMAPTLSConfiguration>
<TLSCertificate></TLSCertificate>
<AllowInvalidCertificate></AllowInvalidCertificate>
<DisableTLS1></DisableTLS1>
</POPSIMAPTLSConfiguration>
</EmailConfiguration>
</get>

</Request>
 
 
then every output this:
OUTPUT:
<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1702.1" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<EmailConfiguration transactionid="">
<Status code="599">You do not have permission for the requested entity</Status>
</EmailConfiguration>
</Response>
 
 
any ideas?
  • Hi  

    Please refer the article, it would help you to understand the API usage and configuration- https://community.sophos.com/kb/en-us/132560

  • In reply to Keyur:

    i want Change the tls certificate

    the  "update" script works only wenn set it to "SecurityAppliance_SSL_CA"

    when i Change the cer "let" , via script then ERROR 500

    when i Change with gui then ok too.

     

     

    <?xml version="1.0" encoding="UTF-8"?>
    <Request>
      <Login>
        <Username>xxxx</Username>
        <Password>xxxxx</Password>
      </Login>
     
    <Set operation="update">
     <EmailConfiguration>
        <GeneralSettings>
          <EmailSignature/>
        </GeneralSettings>
        <SMTPSSettings>
          <smtphostname>xxxxxx</smtphostname>
          <DontScanEmailsGreaterThan>1024</DontScanEmailsGreaterThan>
          <ActionForOversizeEmails>Accept</ActionForOversizeEmails>
          <BypassSpamCheck>Disable</BypassSpamCheck>
          <VerifySendersIPReputation>Disable</VerifySendersIPReputation>
          <SMTPSDosSettings>Enable</SMTPSDosSettings>
          <MaximumConnections>42</MaximumConnections>
          <MaximumConnectionsHost>10</MaximumConnectionsHost>
          <MaximumEmailsConnection>1000</MaximumEmailsConnection>
          <MaximumRecepientsEmail>100</MaximumRecepientsEmail>
          <EmailsRate>1000</EmailsRate>
          <ConnectionsRate>100</ConnectionsRate>
        </SMTPSSettings>
        <POPIMAPSettings>
          <DontScanEmailsGreaterThan>1024</DontScanEmailsGreaterThan>
          <RecipientHeaders>
            <Header>Delivered-To</Header>
            <Header>Received</Header>
            <Header>X-RCPT-TO</Header>
          </RecipientHeaders>
        </POPIMAPSettings>
        <SMTPTLSConfiguration>
          <TLSCertificate>SecurityAppliance_SSL_CA</TLSCertificate>
          <AllowInvalidCertificate>Enable</AllowInvalidCertificate>
          <DisableTLS1>Disable</DisableTLS1>
        </SMTPTLSConfiguration>
        <POPSIMAPTLSConfiguration>
          <TLSCertificate>SecurityAppliance_SSL_CA</TLSCertificate>
          <AllowInvalidCertificate>Enable</AllowInvalidCertificate>
          <DisableTLS1>Disable</DisableTLS1>
        </POPSIMAPTLSConfiguration>
      </EmailConfiguration>
    </Set>
    </Request>

     

  • In reply to homerjs:

    Hi  

    Do you want to use a third-party certificate in the TLS certificate?

    Did you upload the certificate in the device?

    You might get some help from this article- https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/102208/upload-certificate-using-api

  • In reply to Keyur:

    hello

    yes this is a letsencyrt certificate.

    is upload.

    i can select and assign via gui. and it works.

    but with api no.

  • In reply to homerjs:

    Hi  

    Did you check the thread responses I have shared in the previous post?

    I would request you to contact technical support and open a service request, please PM us the service request number to track the details further.