https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr4-is-now-available
Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_185_rn.html
Old V18.5 MR3 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/133547/sophos-firewall-v18-5-mr3-feedback-and-experiences
Hello,
LuCar Toni
I find your answer incredible. you criticize us for using technology provided by Sophos (Antispam Engine). This worked for years. Suddenly, Sophos decides to change the way it works,…
Since I can't wait for Sophos to release v19 MR1 and v18.5 MR4 won't fix the SASI hassle that's going on, I decided to downgrade to 18.5 MR2. However, this seems to be a problem sometimes.
I have a XGS126 that was upgraded from 18.5 MR2 to 19 GA. I could downgrade it back to 18.5 MR2 without any problem.
After that I tried to downgrade a XG210 that was upgraded from 18.5 MR3 to 19 GA. When uploading 18.5 MR2 or MR4 to the firewall it said "The firmware will boot the device with factory default configuration. Are you sure you want to continue?". Since I can't stand all the spam, I did it anyway and booted the uploaded 18.5 MR2. It indeed came up with factory defaults loaded. I tried to restore the latest config backup from 19 GA, but it just said that the firmware is not matching, so I restored an old backup from a time the firewall had installed 18.5 MR2, which worked. After that I just booted up the still present 19 GA firmware and the firewall came up with the restored MR2 config. I restored the latest 19 GA backup and booted the 18.5 MR2 firmware. I expected the firewall to come up with factory defaults again, but it still has the latest config running.
So thats the processes that work:18.5 MR2 > 19 GA > 18.5 MR2/MR4 without factory reset18.5 MR3 > 19 GA > 18.5 MR2/MR4 with factory reset > 19 GA > restore latest config from 19 GA > 18.5 MR2/MR4 without factory reset
Why do I need a factory reset if 18.5 MR3 was previously installed, but not if I skipped it? In both scenarios I go 19 GA > 18.5 MR2 in the end.
I do not have the answer to this point but MR2 will go End of Life soon. Per definition of the lifecycle policy: https://support.sophos.com/support/s/article/KB-000035279?language=en_US#xgfirewallsoftware
https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-lifecycle-policy-changes-end-of-life-announcement-for-older-sfos-versions
So i assume, it is not smart to go back in time to MR2.
__________________________________________________________________________________________________________________
That's not correct, I indeed can compare both engines for the very same email. I just send one of the two mails I posted above to an exchange server behind a XGS I downgraded to MR2, guess what the result was?
MSG Jun 21 09:15:06Z [1o3ZyT-0006wW-Mn]: spam scanning result: 'Confirmed spam'
Could you provide this particular Email as a Lab Request to get this sorted out?
Sure, I submitted a few samples to is-spam@labs.sophos.com that passed the SASI engine with ease.
Why is the detection rate of the SASI engine that poor? We're talking about the usual "buy cheap viagra here!!!!"-mails I haven't received in years, just until you guys decided it would be a good idea to switch the spam engine. Since that day me and our customers a pleased with the most obvious spam mails that we all thought were dead.
It looks to me like Sophos doesn't see this for what it is: a serious problem that needs a fast solution. Our customers were willing to wait for a patch, but now it seems like the engine is just bad and a fix will, as always with Sophos, take ages to get released. I simply can't expect our customers to wait for that long, so if you guys don't surprise us, then we will look for another product from another company, at least for mail protection. Not just because we're disappointed with Sophos, but also because our customers would not be willing to buy another solution from the very same company that broke the one they already bought. I'm still having trouble explaining why a company like Sophos would replace a reasonably functional antispam engine without thoroughly testing the replacement.
Hi,
I can confirm that at 18.5 MR4 Anti-Spam is still not working!
Today's log logs, marked in red, are spam messages. I have created a list of black domains that are rejected.
So do you use the reputation filter in MTA or not? You did not answer this question.
And also which kind of RBL do you use?
The filter works in legacy mode.
RBL:dnsbl-1.uceprotect.netpbl.spamhaus.orgsbl-xbl.spamhaus.org
I don't see how this is even relevant, since the settings have not changed but the Spam Engine has. Anyway, reputation filter is enabled and I use all RBLs provided by Sophos + zen.spamhaus.org
Hi Kajetan Dudczak,
Do you still have an open support ticket?
Yes of course.
I'll send you the number in a private message.