XG86 (SFOS 17.5.9) email system notifications issue

Hi,

what mode is your XG mail running, MTA or transparent?

Are you using the XG as the mail server or external mail server. A number of forum members gave up on using the XG as a mail server because we could get it to work.

Do you have outgoing mail scanning rule in place for SMTP/s?

Ian

Hi Ian,

That's the thing. I don't believe the XG86 has that kind of setting, as I cannot find it in the Protection -> Email menu as has been specified in other posts. Also, I believe I read in one post that it's a feature that only seems to exist in the XG105 onwards, so I don't believe it's a feature in the XG86. If it's tucked away somewhere that I'm too blind to see, I'm prepared to be educated!

I have the XG configured to use an external mail server of my choosing, not internal, as specified in my original post.

I don't have any business rules in place in my Firewall config to enforce SMTP scanning. The fact that my other devices (laptop, desktop, NAS, microserver running services which use msmtp) are able to successfully send emails on port 587 with SSL connection security tells me that the XG's notification system is what's broken here, not how it handles SMTP traffic in and of itself. Of course, I stand to be corrected on that too.

Hi,

the MTA thing is in EMAIL -> General settings and is usually on by default at installation time.

The email setting is in Administration - Notification settings where you choose built-in or external mail server. I have 587 set for my ISP with StartTLS, but the ISP doesn't appear to use TLS with 587.

Ian

I honestly don't see it there.

I have since tried port 465 again, in an act of bravery, and that's working for me but only if I leave my connection security off. I still cannot get through on port 587 and I definitely cannot use SSL/TLS on either port. That narrows the issue down to SSL, seemingly.

Hi,

I see you don't have a CA selected in your mail notification configuration.

A bit strange but going on problems I have had in the past with setup I am not surprised.

You could could try V18 EAP 3 to see if that makes any difference?

Ian

I can't select a CA when I have the Connection Security set to None. When I do set it to SSL/TLS, I select the default ApplianceCertificate but that still raises the SSL compatibility error at the top of my first post.

However, with a bit more experimentation, it now looks like port 587 is working for me (I added my local IP address to the SPF records, strangely).

I'll accept that for now and wait for SFOS 18 to go to general release, since I'm heading overseas soon and need my networking to remain reliable in my absence.

So the last thing to attack is my primary concern that I asked about - what's with that database error in the bulk of my first post? How can I prevent that from becoming a potential roadblock in future, in case if something goes wrong again with signing into the mail server and a long queue of messages piles up in the output folder? That's what killed my email alerts completely, even after reverting my email settings back to what worked before.

Hi,

sorry, I can't help with that issue, it is beyond my experience.

If you restart the XG does that same error occur?

Ian

Certainly does.

Seems like your Default Certificate has some issues.

Default Certificate uses your Appliance information, but can be edited, if needed. 

SSL Certificate has some pre installed informationen (Like Support@sophos.com). 

You can edit them in Certificate tab. Try to edit Default CA and remove invalid characters. 

The ApplianceCertificate can't be edited but I'll create a new self-signed one and see how that fares.

Hopefully the burning question now about the database errors will be resolved with SFOS 18 so that I don't get hit with roadblocks in future.