Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 1532 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos FW blocking some appended signatures from Exclaimer Signature Manager V19.5.3

RegencyBlue

Hello All,

We have a situation where we have switched firewalls for incoming & outgoing mail from UTM to Sophos Firewall. We are using Exclaimer Signature Manager Exchange edition & are currently still in a Hybrid setup. 

For some reason, some outbound emails are not picking up the signatures but then some do. 

Inspecting the logs it seems that The Firewall is not applying signatures to emails that are marked as src_zone="WAN"

However, it does apply them to emails from src_zone"LAN" It is also completely random as to how it marks emails as such. 

Wondering if anyone has encountered a similar issue. 

Kind Regards,

KD



This thread was automatically locked due to age.
  • 0

    Hi  

    Can you confirm below information so I can better try to understand the situation:

    • What is the Email configuration Mode : MTA or Legacy?
    • How this Server "Exclaimer Signature Manager Exchange edition" is connected in your Network or how its associated with Email server ? 
    • Email server is hosted internally I assume but correct me If I am wrong.
    • Also please confirm which logs you investigated. Any log line or screenshot would be helpful to understand working and non working scenario.
  • 0 in reply to S_Monu

    Hi there,

    We are running MTA Mode, Exclaimer Signature Manager is installed on our on-prem Exchange Server (2010). Will be shortly upgrading to 2016 with a view to going full Exchange Online.

    Logs investigated were Email logs from the firewall.

    Any help appreciated

    WORKING LOG

    2023-12-21 08:33:25Emailusergpid="0" messageid="18035" log_type="Anti-Spam" log_component="SMTP" log_subtype="Allowed" status="" fw_rule_id="10" fw_rule_name="Auto added firewall policy for MTA" fw_rule_section="Local rule" user="" policy_name="None" sender="USER@CONTOSO.COM" recipient="externaluser@gmail.com" subject="test" message_id="1rGEUQ-0004Kh-20" email_size="338707" action="DELIVERED" reason="Email has been delivered to recipient(s)." host="contoso.com" domain="" src_ip="" src_country="" dst_ip="" dst_country="" protocol="TCP" src_port="0" dst_port="0" bytes_sent="0" bytes_received="0" quarantine_reason="Other" src_zone="LAN" dst_zone="" app_name=""

    NOT WORKING LOG

    2023-12-21 08:34:18Emailusergpid="0" messageid="18035" log_type="Anti-Spam" log_component="SMTP" log_subtype="Allowed" status="" fw_rule_id="10" fw_rule_name="Auto added firewall policy for MTA" fw_rule_section="Local rule" user="" policy_name="None" sender="USER@CONTOSO.COM.com" recipient="externaluser@gmail.com" subject="test" message_id="1rGEVQ-0004Qz-14" email_size="9796" action="DELIVERED" reason="Email has been delivered to recipient(s)." host="contoso.com" domain="" src_ip="" src_country="" dst_ip="" dst_country="" protocol="TCP" src_port="0" dst_port="0" bytes_sent="0" bytes_received="0" quarantine_reason="Other" src_zone="WAN" dst_zone="" app_name=""

Unfiltered HTML