Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Answers 3 answers
  • Subscribers 42 subscribers
  • Views 4058 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cant change DKIM verification settings - XG v18.04 in MTA Mode

NH1

I am currently running XG v18.04 (MR4), with MTA mode protecting my mail server.

I turned on DKIM Verification some time back, and it appears to be working.

I tried this evening to change the settings for DKIM Verification related to Qarantine vs reject, but keep getting a red pop-up warning "Couldnt delete DKIM verification"

I subsequently tried turning it completely off, changing other settings and cycling mail through Legacy mode and back to MTA to see if it cleared an issue, but keep getting the same pop-up warning.

Do I need to stop the MTA service in the CLI first or is there some inter-dependency for DKIM that I need to resolve first before I can make a simple settings change?



This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    I was able to replicate this issue with SFOS v18 MR4. I also tried to replicate this issue on SFOS v18 MR3, but it works on MR3. 

    Could you please replicate the issue and collect the following logs from your firewall. 

    SSH into the XG firewall by following this KBA: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    • To connect using SSH, you may use any SSH client to connect to port 22 of the SFOS device.
    • Select option 5 Device Management.
    • Select option 3 Advanced Shell.

    Run the following command to collect applog: tail -f /log/applog.log 

    You also need to put the CSC service in debugging and collect csc logs. 

    Run the following command to put the csc service in debug: csc custom debug

    Note: Run the same command to remove the service from debugging. 

    Run the following command to collect csc logs: tail -f /log/csc.log 

    I would suggest you open a support case and PM me the support case so that I can help with the follow-up.

    Thanks,

  • 0 in reply to FormerMember

    Ok thanks, that was useful information.

    I dont have a support subscription so instead I have simply reverted my firmware to MR3, changed the DKIM setting there, and then re-uploaded and re-applied MR4 and now have the settings I want in MR4.

    Obviously this s a bug introduced into MR4 that can hopefully get fixed in a future MR, but useful information for others that may be looking to use DKIM.

    Have a great Christmas

  • 0 in reply to FormerMember

    I have the same issue. Recently did a clean install of v18 MR3. Did not enable DKIM verification, after updating to MR4 I cannot enable DKIM verification. When trying, a popup message appears stating: "Couldn't delete DKIM verification". I think this can easily be replicated in a lab environment.

  • FormerMember
    0 FormerMember in reply to Jorg Heijnis

    Hi ,

    Thank you for reaching out! 

    Please open a support case, including the logs described in my first response, and PM me the support case number. 

    Thanks,

  • 0 in reply to FormerMember

    I am also a community edition user and as such cannot file a support case. But it seems to be very easy to replicate, as I'm experiencing this issue after a new installation of MR3 after upgrading to MR4. I am more than happy to supply the requested logs to help out.

  • FormerMember
    0 FormerMember in reply to Jorg Heijnis

    Hi ,

    I have reported this to the internal team, and I will share the internal case id once it becomes available. 

    Thanks,

  • FormerMember
    0 FormerMember in reply to FormerMember

    Hi ,

    This issue is currently being investigated with an internal ID NC-67605. We will update the Community with more information when it becomes available. 

    Thanks,

  • 0 in reply to FormerMember

    No fix for this after 2 months? Just migrating from Sophos Email Appliance and it already looks like a big downgrade.

  • FormerMember
    0 FormerMember in reply to Christian Biere

    Hi ,

    Apologies for the delayed response. 

    The fix for this issue is tentatively planned to be included in the v18 MR5 release.

    Open a support case at support.sophos.com and mention the internal ID NC-67605 to get the patch for your firewall. Please PM me the support case number so that I can help with the follow-up.

    Thanks,

  • 0

    we have the same iusse! XG v18.04 (MR4) hand we can't turn off dkim qarantine, because the exclution for dkmi-verification ist not working! and many redirected-mails are in qarantine ...

    We need a update!

Unfiltered HTML